SSH Communications Security Oyj (SSH1V) Earnings Call Transcript & Summary

Good afternoon, and warm welcome to SSH Communications Security Corporation's Capital Markets Day 2023, riding cybersecurity technology waves. My name is Lauri Koponen. I'm communication leader here at SSH. And it's my pleasure to guide you through this insightful event. We are recording the event from Helsinki [indiscernible] Sanoma House, and we have guests actually here on site and also online. The event will last approximately 3 hours and we will end at 16:00 East European Summer Time. During the event, some of the discussions or statements can be forward-looking. So here is just as a reminder, safe harbor statement. Here, you can see our speakers over the day. We will have SSH leadership team as a whole, joining us and also SSH Board member; and OP Financial Group cybersecurity expert, Catharina Candolin; and also Juha Vartiainen, Co-Founder and International Affairs Officer of IQM Finland. Here is also agenda as follows. In the middle, we will have a coffee break for 15 minutes and continue with the program 14:55. Now, we will kick off the event with Henri Osterlund, Chairman of the Board of SSH. I would like to welcome Henri on the stage to give his opening remarks for the event.

Thank you, Lauri. Also a warm welcome on my behalf. It's a pleasure to have you here on site and online. I thought I say a couple of words about myself and Accendo. So Accendo is an investment firm which is investing in the free human mind. Free minds can only operate in free environments. For a better word, we call it capitalism. Because of this, we typically invest in technology companies and especially software companies. We have had SSH on our radar since the inception of the fund 2008, so 15 years ago. And then back in 2020, we had the possibility to acquire shares from the founder [indiscernible] and I've been Chairman since 2020. It's good to reflect some of the changes that have taken place during the first 3 years. And if we think of the strategic direction, I would say that there are 2 things you should take away: one is the change into a subscription model. The subscription model has clearly benefits for the customers because these are complex products. The environment is changing all the time. So customers need to have products that are living software products, not that you acquire a license and then 3 years down the road, you take it away, install a new improved software, but you need to have a product that is constantly updated and a live product. Then for us as a company, it also has the benefit that the revenue streams are more stable when SSH was making the living out of license sales in a quarter when you sell 2 licensees was a very good quarter and a quarter when you did not sell any licenses was a horrible quarter. So this is a big change, the company has undergone in the last few years. And then the other thing is that SSH has clearly been focusing on what we call lighthouse customers, customers within industries where other companies are following. And I do think that we have had pretty good success on that front. I mean, unfortunately, we can't talk that much about the individual clients. But the clients we have been able to attract are some of the very best in the whole world. Maybe 1 thing to make you aware of is that now when the management is talking, pay special attention to PrivX, that's very important. That's the engine for the company going forward. SSH was very dependent on Tectia software products. And then during the, say, past 5 years, SSH has developed the PrivX product line. It's a privileged access management solution, but it's not only that. It's also that all the Zero Trust editions of SSH products, they have as their engine PrivX. So it's enables much more than just 1 product line. And on that front, I'm happy to see the success we have had. Thank you, Lauri.

Thank you, Henri. And let's continue with the program. Through the event, you will have opportunity to ask questions in the chat. And we have also a moderator in the chat moderating the questions, and he'll try to answer your questions also during the chat. Dear guests here on site, you see QR codes on the table, you can join via QR codes the chat also, so you can engage with the remote participants also. Guests on site, you have also possibility to ask questions via microphone. We will have, in the end of the event, dedicated Q&A session, but we will also try to find a moment after each presentation if you have some very, very urgent questions, we can address them also. But please write them in chat or be ready to raise your hand. The event will be recorded, and the recording plus presentation will be available at our web page for investors after the event. So let's continue. Our next speaker is Michael Kommonen, our Chief Financial Officer; and he will be sharing the fresh financial results and key updates of the company. Please Michael, the floor is yours.

Thank you, Lauri. Good afternoon, and welcome also on my behalf to SSH Capital Markets Day 2023. If you look at the picture behind me, you'll notice fish on the slide. I'm not a big fisherman myself. So this presentation will focus most on the fish we already have in the boat, and then we will have Teemu and Rami later speaking about actually the process of catching the fish. So with that, we'll go into the financial results and the key updates of SSH. Overall, we can see that the strategy execution continues to progress well. If we look back from when this strategic journey started in 2020, we've experienced clear sales growth and positive EBITDA since. So starting from 2021, 40%; '22, 20%. And in the most recent 6 months, the first half of 2023, we had sales growth of 9% while maintaining positive EBITDA. Overall, from a financial perspective, we continue to invest in growth, meaning the sales growth we generate. We continue to invest in both our research and development capabilities as well as our go-to-market capabilities and organization. We're also continuing the transition to the recurring revenue model that Henri already alluded to. I will go into a bit more detail in that shortly. So if we look at the most recent quarter, the second quarter of this year, we had net sales of EUR 4.9 million, while EBITDA was positive EUR 0.1 million. Inside that sales, I would highlight particularly the subscription sales growth we had subscription sales growing 33% in the second quarter, and our deferred revenues grew to EUR 12.6 million, so significantly up from a year earlier of the EUR 7.4 million. EBITDA, as mentioned, was EUR 0.1 million and EBIT negative EUR 0.7 million. Overall, if you look at the numbers, the sales growth and the profitability, we can see some headwinds from the macroeconomic environment and the geopolitical situation in Europe. So we're seeing among our customers, some delays in decision-making and investments. Cash flow from operations was negative EUR 1.4 million driven by our continued investments in marketing and R&D, as mentioned. We ended the second quarter with EUR 2.6 million on hand in cash, this is a cash position that we expect to improve during the latter half of the year, reflecting the typical seasonality of SSH business. If we then go into the net sales in a bit more detail, starting from 2020, the first half as a comparison. At that period, we had net sales of EUR 5.7 million. And of that sales, 6% was subscription sales, so not a significant amount. In the first half of this year, our net sales have grown to nearly EUR 10 million, EUR 9.6 million but equally significant is a substantial increase in subscription sales. So over half of our sales now consists of subscription-based sales. If we look at the total recurring revenue as such, which, in our case, is subscription sales and maintenance sales, this number is above 90%. So a significant -- a very significant part of our sales is currently recurring revenue. And as Henri mentioned, there are several benefits with the sales model. So there's a couple of reasons why it's good for SSH. It's also something that our customers appreciate and are increasingly moving towards to, if you have a cybersecurity product that is 2, 3, 4 years' old, it will not protect against cybersecurity threats, hackers that are growing increasingly creative and sophisticated. Of course, for us as a company, the subscription sales model brings lot more stability and predictability to our business as our costs are mostly consist of personnel costs, recurring costs. The sales is now better matched with our costs and improves the predictability and forecasting of the business going forward. Then shortly about the cybersecurity market and SSH position in this market. So if we start by looking at information technology market, it's estimated to be somewhere close to $9 trillion annually with a growth rate of approximately 8% per year. Within that market, we have this total cybersecurity market that last year was estimated at EUR 180 billion with a clearly higher growth rate of around 13% to 14% annually. If we then go into the cybersecurity market. The top impact within the cybersecurity market. This is based on a study, a poll made by IBM to CISOs of corporations, Chief Information Security Officers asked on what they see as the most -- the major impacts and threats to their business. So the #1 impact is from ransomware with over 20% responding that. We have data theft almost at the same number, credential harvesting, data leak and brand reputation, the largest impact. Where SSH comes in with the Zero Trust Suite with PrivX at its core, with our other products, UKM, Tectia. Our communication suite 2024 and NQX, we are very well positioned to answer towards these threats that are in the market. As our name suggests, we provide communications security between people, systems, applications, networks and sites. The market where we operate, the market within the cybersecurity market, we estimate the total addressable market to be in excess of EUR 1 billion annually, growing also around 13%, 14%. So if you do a quick calculation, looking at the -- our revenue and looking at the market size, you can see there's a major opportunity, significant room to grow within this market. Finally, on the top threat mentioned in the previous slide, ransomware. CISO's listing their top threats in cybersecurity, their top risks, 90% put ransomware as their top risk, 35% placed it in the top 3 of the risks, 25% in top 5. So collectively, nearly 80% see ransomware at a minimum as their -- in their top 5 cybersecurity concerns. So with that, I'll hand over to Teemu, who will go into more detail on the direction of SSH.

Thank you, Michael. And yes, please submit your questions in the chat. If you have now some questions to Michael, straight ahead, especially people here on site, you can raise your hand or we address the questions during the Q&A session. Okay. Thank you very much, Michael. And next, following Michael's presentation, we have our CEO, Teemu Tunkelo, joining us and will take us beyond the boundaries and show direction for SSH. Please welcome Teemu.

Now you heard my name. I've been lately meeting a lot of customers and 2 things stayed in my mind: one European major bank said that every time a company user, power user touches our production system, it's like breaking the glass. It has to be controlled. An American credit card company said, we need to tighten the screws to our production systems. And I was thinking that how can I explain to you what we do because I can't talk about the customer names. And luckily, I was in an airplane and a Polish guy was sitting next to me, and I ended up chatting with him. And I said, me what do you do? He said, "Well, I have a factory that makes ballpoint bearings or the ballpoint balls. I'm the only company in Europe who does it. No signature would be done on any contract without my balls." I said, well, how do you make the ball? "I can't tell you that." So that kind of tries to explain how I try to take you with me for the next hour talking about cybersecurity, which I can't talk about. So without further ado, we are an amazing company. When I joined SSH 3.5 years ago, the founder [indiscernible] told me, "Teemu, you're not going to a company. You're going to a cult." What we can do with software. We have intelligent people, 150 of them. We have customers any other our size company would dream about. The only question is how do we get more money out of them. And I'll tell you about our operating environment, about our portfolio and the major problem. I only have 1 problem, get the go-to-market better. How can we compete in this market? In the realities, we have surrounded with? So the first choice we made is that we don't go everywhere. We go just to the countries who are leaders in technology. We luckily have a great customer base. We know, I think what we are doing, we have over 100 granted patents. The products have been used, oldest one is 10 years, youngest one 5 years, and they will be used another 20 years. And with the subscription model, the revenue recognition helps us a stable way to keep our people working on stuff. And what we have done and what we continue to do is to invest in the technology because the underlying technology is changing all the time that we have to keep our product future-proof. And that's one of the big things we have done in the last 3 years. So the fundamental change that we have communication security, try to explain is that it doesn't help to build walls. I know there's a guy in U.S. who is building walls. Didn't really. But actually closer to me, my wife got the new job, and she works for the Swiss government. And she has a desktop computer and she can't read her e-mail outside the office. Now that's kind of for me a little bit old fashioned because the world where I live, you can work anytime, anywhere. But when you do it, the communication security becomes the topic. It's not about blocking the roads, it's about maximizing the traffic, and that's what we do. So change is difficult because looking to change and predicting it, it's very difficult. I used to always say that I trust you like the Soviet Union. But then it collapsed. I never believed to have happened. Now this is since my graduation, the computers are used to program with. The time then was about CPUs, about operating systems. That's all gone. Now we are closer to customer. We talk about the cloud and edge and front end and back end, and we put everything in the cloud. And that's what SSH does. We help our customers on this journey. So if we take -- still sticking to the wall paradigm. This is the picture of my favorite city Munich. You can see on the bottom right corner, kind of a round thing, which is the outstart, which used to be surrounded by walls. What you can see is the subway under the city, but you also cannot see is the digital infrastructure. And we live in the digital infrastructure. Now if I take fast backwards to starting of 1800, that's how city of Munich used to look like. And what does that have to do with our business? I tried to explain. So the city wall is like firewall from [ CISO ] or others. It protects our people because good people are inside and the bad are people outside, right? And then you have the mouth, [indiscernible]. And then you have the bad world outside. For partners, we give a little place called extranet, so they can come and see some stuff. Outside the mouth, we have the demilitarized zone, which kind of sounds funny that IT talks with military terms. But that's a computer that is at risk because it's in Internet. Now we take you away from all that because if we go back to Munich, this is the traffic control, real-time situation, from some weeks back. And you can see, you can still see city walls, but they are irrelevant. There is now a road instead there and the dark red, the highest traffic is to the airport. So if you look at these 200 years, it has changed and the speed of change is only getting faster. And I'll come back to that later as well. Now some stuff is even slower. This is at the late medieval times, that's how Munich used to look like. And industrial automation, which is very close to my heart, every supplier has their own road to the city, which they control themselves if the customer wants. And that's why we have PrivX OT addition because we help customers to control the access. Don't lose your keys to the kingdom. You have to know who comes and does what to your production systems. And with that, we have had really great success lately. Now the other thing that impacts us a lot is like, Michael said, the geopolitical situation in Europe. It has risen a lot on the awareness that it's nice to have running water, that the wastewater goes away. You have heating, cooling, even electricity it's better world. So every country has their own plan to improve cybersecurity for critical infrastructure. Standards are also developing. ISO 9000 came way back. Everybody made a quality organization. Then you had sustainability, ESG with stock-listed companies. And now most of the companies we talk with are looking at how to implement the critical infrastructure, cybersecurity protection-based on the regulation from the government. And that's not the only change we need to deal with. The other thing is the user needs. They want to go to cloud because it's cheaper. I don't want to own a computer. And the underlying technology is also changing because clouds become serverless. The infrastructure has to be automated. The biggest customer we have has almost 1 million servers. You can't manage them one by one. You need to have automation, which we provide. And you want to get rid of passwords. You want to get rid of keys that you might lose. And these are the things that are driving our thinking moving forward. So the old world was to say Internet is bad. Intranet is good. Extranet is somewhere in between. Most of the data breaches happening are happening inside the organization or a third-party employee who comes and does something in your system, even with post-COVID world, even your own people work from home. So your security posture has completely changed. And that brings 1 thing on top. If you look at the word, cloud. This was done by a university and was world [indiscernible] leaders. When you hear cybersecurity, what is the thing that comes to your mind first? The bigger the word, the more important it is. And we are communication security. Now how do we go about it? We are communication security between human systems, networks, applications. And what we do is the same as the CCTV system in any public place or any hotel. We record the traffic. We know who did what. And we can provide access. And we are expanding that from our traditional environment of systems and applications and SSH, which means secure shell, a safe way to access a critical system. We also do human-to-human communications, and Rami will talk more about it later today. We see a huge opportunity in an untapped market of factories, harbors, airports, container terminals. And with NQX, connecting the factory to the cloud, the site of the cloud, connecting sites, with high-performance thing where you don't need to have a proprietary appliance, our product you can run on a PC. And all these can be secure for the long term with post-quantum cryptography, so software-based algorithms that keep the computer safe, even if the -- even if the quantum computers come and Juha will talk about it later today. They might come. And one of our customers when I was talking to him, what do you think about quantum computers. He said, "I don't know if they ever come but I need to be prepared for it." So what we do is like a keycard in a hotel. We take away the keys and you get the card, which the owner of the house can control when you can get in and he knows who did what and when. And with that data, you can also do behavioral analysis to say I can also predict possible data breaches. And all these with PrivX because that is the core platform of our technology today. We have 5 product lines, PrivX in the middle, and I will go through the product lines. After, I just want to take you again back to the history on what are the changes that have happened. And for me cybersecurity is like music. So I'm sure you all have seen [ LPs ], played with them, quite sensitive, difficult. These [ CD, cassettes ] had their own problems, but you could record yourself. And then you got the other technologies. Today, I don't pay for music. I just stream what I want. If it's not on the net for free, I don't listen to that music. That's how that world has changed. The theory behind it is the technology curve, which is actually irrelevant. What is relevant is the golden curve. So when the market gets mature, the next wave will come, and you still have the installed base to serve. And I was just in Davos, my hometown, my other hometown some weeks ago, and they still maintain -- who remembers Macintosh? They still serve them. We have customers who have product have -- actually, I was just talking with 1 European government institution and they said they are planning to get rid of Sun microcomputers in the next 2 years. Who remember Sun? They are still in production, and we support them, and that's one of our powers with Tectia. And with Tectia, with PrivX, we can help you to get passwords away from them without touching the old system because who would know how to touch on microsystems. So looking at it all, where are we on the technology curve? we are tracking, we are just about to climb the mountain. I think the opportunity is good. I think we have a good foundation to go further. And if you think the -- as I said about Sun Microsystems. Mainframes, I thought we did already 20 years back, but they are still there. We serve micro -- mainframes. We serve minicomputers. We serve tablets. We serve laptops. Nobody talks about the desktop anymore, I think. But the future, there are other waves coming. Cloudification, we all know. Cloud must be cheaper, so we should go there. And post-quantum will come longer term. So that's 1 level of change. And there, we have basically chosen in the IT world, the almost [ EUR 9 billion ] market, like Michael said, we've chosen 3 things: [indiscernible] OT and quantum-safe. Get rid of the passwords, get factories digitally safe and be prepared for the future. Now if we look at what we actually do? We do cryptography. And that's like the ballpoint pen ball. What's that? But without it, nothing works because you can't write. Have you ever had the feeling when you take your ballpoint pen and you don't get the ink out, not good. Can you do your own ballpoint pen ball? I can't. So that's the environment where we have lived this wave Tectia over 20 years ago, the current portfolio later. And we are always mentally in the forefront. As you can see from the picture, I believe we are ahead of the market, which is, of course, bad because if you want to sell potatoes, you have to sell potatoes where potatoes are sold. If you want to buy a used car, here, you would go to [indiscernible] because there you have 10 shops next to each other and you can compare and look at them. But if you don't know what you are buying, who do you call? You call your friend, who might know something about the topic. When I did my PhD some years back, 5 years back, 6 years, the -- 1 of the 3 professors that were guiding me, said, Teemu, when I was preparing for the dissertation that, "Teemu, I don't understand anything you are talking about." But I still got through. And we have the same challenge, especially the people who sit on the wallet like Michael, they might not exactly understand why I need more money because it's something it's not tangible. But if something happens, it's very tangible, that we can see. So helping the customer on the road moving forward, we asked these 4 questions to check the maturity of the customer. Do you know what is your critical data? Do you know where it is, in which cloud, in which server, in which country? Do you know who can read the data? Do you have a [ Snowden ] in your organization -- in your ecosystem and do you know if it's safe for the future? If you can answer all these 4 questions, you don't need us. So we provide just-in-time access, just enough access based on roles because biggest of our customers have tens of thousands of superusers who can read your data. You cannot manage them individually. You have to have it automated based on the roles, which is what PrivX does. Actually PrivX does all these things. If I look at the end market, and I've kind of referred to it and Henri also said it, we are coming with the banks. Most of the big banks use us. Many of the public sector people who use us and Rami will tell more about the names we are allowed to take. And there are 2 big market areas where PrivX has been extended with a special version for managed service providers and for operational technology. And these markets have not yet learned how to deal with privacy and security. It's funny. I think public sector, having been slow, it's different. It wants to go to cloud faster because they understand about IT less. But GDPR, especially in Europe, made it that every public sector vendor has to really understand is the private that are really private. That's why they have done a lot also with us. One of our biggest customers is government. So we see OT where we have had significant success with OT and with outsourcing companies. So we see that as a growth engine from the end market we go after. Now PrivX is great. PrivX of kind of funny way of saying, privileged access, privileged to somebody who has something else and that you have the keys to the cookie jar. And containers is an underlying technology with computers, and I pardon you for this little part of a lecture, containers are 1,000x cheaper than anything else today. So you just pay for the data access memory processing power by millisecond, but it requires something from the system. So in the good old days, when you own your old car, didn't lease it, you had your own computer. Amazon had their own computer center, and that's why they created AWS because they thought the utilization was so low. So how to reduce it? You put the old computer to run in a box in a virtual environment called virtual machine. But you don't have to touch the program. But if you really want to go cheap because you still have to run the whole thing, that's easy. You have to break the program between data, memory, algorithms and the user interface in a browser and communications in between, you have to rewrite it. We don't because PrivX was made on that technology. The competitors, big ones are 10, 15 years older, they have no chance of rewriting their application. PrivX is cost-effective because it runs natively in a container. All the big boys cannot. They are not cloud-ready. They are not good in hybrid environment. We are because we are cloud native. But going back, it's not only about the future. If you take the sunrise, business from midnight to 9 in the evening. It's interesting, a cloud is growing. But it's only 20% of the business. The sunset business, from 9 to 12 is still most of your budget. If you are the CFO, the CIO, the CISO, you still have to take care of the installed base because they keep the lights on in the building. And if we look at the market rate that is estimated for cybersecurity of 15.5%. And we think we start now with 20% market share with the new stuff, in 10 years, it will be only half. That's where our history helps. We can do both sides, and we have future-proof with PrivX. And the customer has to learn on their own because cybersecurity is a new thing, especially outside banking. And the yellow part, customers have to make processes, build an organization. The dark blue part, we can help. And then companies like Nixu can provide you the security operations center to do the rest 24/7 pen testing, all these wonderful things that we don't do. We just provide software. And just providing software is that we also have to get our product to be future-proof. So we have the core that keeps the lights on, and we have invested significantly on different products. I don't go through them in detail, but we are ready for the future, and we can take care of the 80% of our customer spending and the security of it. So that's what we call Zero Trust Suite. Rid of -- get rid of passwords, move the data and know who did what, when. And on that journey to the password-less world because the passwords are annoying, I don't know how many passwords I have. Do you have more than 10 passwords you have to manage. And my wife is completely upset because in her company, organization, they have to change passwords every 3 years. She has used my name, my birthdate, her brother's birthday, her mother's birthday. And she's running out of idea she could remember. And when I used to be at [indiscernible], the CIO, our biggest problem at the help desk was this time of the year when people came back from vacation, they didn't remember their password. And if I give my password to Lauri, he can lock in like me. Why do you have passwords? They annoy you and they are risk. So that part of the story, the staircase up to the mountain. I think people have done more. They are at level 2. There's a [indiscernible]. Everybody is investing in identity management and most people are dreaming about password-less life because it's a better life. But passwords are only 10% of the secrets that you need to run your business. The other part are keys that created by Tatu Ylönen. And there, they are invisible. They worked for years, nobody pays any attention. Banks do, but not many other people. And there, the journey is longer. And that's where our UKM product, especially with UKM Zero Trust Edition is helping customers on that way because basically, the vision we want to provide to our customers is that you can be keyless and password-less in the borderless world. And you just get into the system with your face or your fingerprint or your iris and you are in. The system knows your identity and knows what you are allowed to do, all automated. We can do all this. We actually, I think, an amazing company because we have 75% of our business outside Finland, 1/3 of our business is in the U.S., which is cool for a European software company. Asia is fastest growing, but it's always the one that follows the technology later. And Europe, it's our home. So I'm really happy to work in a company that is truly global and truly software only. And if we now say, well, what do we do? If you take the famous cost and consulting metrics, we have 5 product lines. Three of them are core. They are the ones that keep the lights on. And PrivX is a grown up by now. It's doing well. NQX has grown also up to the late teens. And we have revitalized professional services because our product is part of customer's ecosystem. And that's why it's better that we can help them that they can get the product in production faster, so that they can taken tighten screws of their production systems. And that leads to the thing that the benefit we provide to customers is less interfaces, more system responsibility by us. Because as you can see, all of our products, the light-blue water, newer kids in the block. All of them have different competitors. So would you like to buy 5 products to have communication security or would you rather buy from 1 vendor all the things you need for people, systems, applications, networks, clouds, communication? That's why you should talk to us. And that's why people are talking to us. So I go very briefly now through the products and you get the material online. So don't worry if I'm going too fast. So Tectia is the oldest product, the most profitable product, and it's more than just a Secure Shell client. Shell is the program that superusers used to address the raw data in the system. Secure Shell is the one that we made put into open shell. So that's why our biggest competitor is our own code. We also drew tunneling. We do the fastest file transfer. The bad news is file transfer is over. It's going to go to messaging. And we can get rid of the passwords and we can be quantum-safe. UKM was done because there were 2 mistakes that Tatu made, which was understandable at that time, SSH keys have no expiry dates. They are the one who has it, holds it. And so you have to manage them. You have to have somebody to control the keys. UKM does that and this is our Sherlock product, which every customer we are able to sell it. You also can get the free version. They are surprised. I didn't know that in my network, this computer talks to that computer. Why is that? Because they never saw it. We make the SSH key network visible, like the map makes the subway visible. PrivX, which is, like Henri mentioned, that's the thing to remember from this presentation, PrivX if a modern, I hate this word as well, privileged access management, which means the guy who is like the janitor, who has the keys to every house. We provide that for network devices, for applications, for systems. It's cheap. It's installable in hours. It scales to biggest -- biggest volume with our customer now is 1 million sessions per day. It's just in time. Just in our access. Not just the key that you can take away and use when you want. It's low cost. It's future-proof based on what I told you about containers, and it's hybrid. Most of our customers, especially banking customers, they still use the data centers. They don't go to cloud. They are afraid to go to cloud. So we have a competitive edge because we can do on-premise and on-cloud at the same time with the same service. So that is the key technology that we have developed with about 30 people out of 150 for the last 5 years. So we've put an enormous investment from the size of the company to make the portfolio that is both proven and used and cloud native. It's domain independent. Now supported with services with post-quantum. Juha, will tell you more about what is quantum and then we are not going to any more paint our own paintings and cut our own hair. We're going to use upstream partners to extend the technology we have. So I was thinking that for this audience because I think you kind of all deal with money, you must know what the safety deposit box is. I want to compare PrivX to a bank. You go there, you have to show your ID to the clerk. PrivX does it with your fingerprint. Then he takes you to the vault, where your box is, and you can only open the box with the clerk. Once you're done, you go back out and the clerk keeps the other key, you can't come back. PrivX does that in the invisible digital world -- cheaply, simply, nice to use. And then I go to the new thing very brief but Rami will tell more about our communications suite for humans. Securities Exchange Commission, Close to Wall Street has find now altogether 2.5 billion fines for companies because their employees have been using their private devices to talk to their clients without company oversight. And that's where the companies broke the law. You cannot let your people talk and not to store the communication with your client. That's a lot of money. And I think the taxman is happy or whoever gets the money. But that's an opportunity for us that every PrivX user will need our communications suite for human-to-human communication, in transit, in rest and in use. So the background of the company is that there we are doing also a major investment. We are moving take old technology to PrivX. We make it look more modern. We are going for faster release cycle to 2x a year because our customers don't want to upgrade all the time because they have to be certified and tested. And we do market changes on how we go to the market. And without taking the power away from Rami, we are going to go for instant messaging and video calls, they're both secure. E-mail is still growing, but it's history. File transfer is still growing, but it's history. Everything goes to instant messaging. And that's what we are working on. NQX, last but not least, is an encryption device. And that's kind of the fish killer. You don't need a firewall anymore. You need a line encryptor that is separate from firewall. People still buy firewalls, but they actually need it. What they need is traffic control. And that's what we do on software. So the competition makes propriety hardware for some thousands of computers a year. Our stuff runs on a PC. And the customers hate to buy proprietary spare parts and get software updates that are done physically then. No, they can do it on their own because it's just a PC, and it's much better performing. And there is technology behind it that I can tell you why it's more performing than others because our guys can code. We also have put in PrivX there for higher level of automation because our biggest customer has 700,000 connections going on. We don't want to manage 700,000 connections like an old switchboard by hand. It needs to be automated based on roles and it's certified for critical use [indiscernible] in Finland. Now giving a little bit of a segue to -- you have presentation. When quantum computers come, they can break anything you can crypt today. And that's a big risk if you have data that is valuable for years to come. So the data that is critical for you, you have to keep safe. So the journey for our customers where we assist them is get rid of the walls, leave for the next 10 years in a hybrid environment or longer and go for password-less and keyless world. To the business model, we are just a software company. We are building a stronger ecosystem because we just do as much professional services as it makes customers to have a faster journey to the system into production. Now the other changes, I go a little bit to the partnering side of things because actually SSH, the company itself was created by Sun Microsystems, funny enough. I took it as an example earlier. They came to SSH and said it's wonderful that you made open SSH, but we can't use it. We want to use a product. Can you make a product out of it that's active? And with Sun's reach to the market, proportionally, we came big. Oracle did the same with CyberArk, which is the market leader today. Oracle didn't want to develop their PAM. They bought it or they licensed it from CyberArk. IBM did that in Europe with Thycotic, which centricity is now Delinea, that's the second biggest in the market. You know also the story about IBM, how they did PC by mistake. That also would take the whole evening in fact, if you would let me. And they went for open source, they went for Linux and they bought Red Hat with EUR 36 billion. SAP, by mistake, ended up creating a market for ServiceNow because -- IBM is so -- SAP is so digital to use, that ServiceNow made the field force management doable even if you have SAP. And the last 2 logos are may be in the wrong order because beyond added is bigger than us, but they provide us the device recognition, biometric recognition, get rid of the SMSes and we've turned forces with them. So this all is about the opportunity in the upside, on the upstream. On the downstream, we need to be more focused on partners. We have half of our business partners, but it hasn't been our focus. So that's our internal problem, which is always easier to solve. The partners themselves are changing because if you adjust the wholesaler like on [indiscernible] you have to live on very small margins. So people want to get paid for the work they do. And over that, they also want to go to the operating cost side. So recurring revenue, like we do on value-add solution providers, outsources. So our focus is also moving away from distributors of software to value-added resellers and operators of the customer environment. So we are putting effort on strengthening the ecosystem and also leveraging the open source inside our product like IBM does. Now I want to jump to the digital phase because people buy differently. If you buy a new car, do you first go to a shop and talk to a salesperson or what do you do? You might be googling first. That's what business buyers do today. They identify the long list and even the short list before they even talk to a salesperson. That's why we have put a lot of effort and Lauri is leading the effort with us that our digital phase is even better looking than I'm. I'm not sure if it's possible, but -- and we drive that we better digital content; 3-minute reads, 1-minute videos, mouthful podcasts because people don't have the patience to listen to a lecture that I'm giving to you now. Luckily, you can't leave, so I can keep you here. We also have to look at that there are different customers. There are customers who want the budget. There are the technical leads who can talk the same language as our team and then you have the people who actually use our product. But I guarantee you, nobody who makes the decision of buying an SSH product will ever, ever, never use it themselves. Again, very similar to SAP. I bought and I've sold a lot of SAP systems, but I've never used SAP. And the last most important thing for me in the digital phase is the thought leadership on letting people to learn. And there, we have a huge advantage with SSH Academy, originally done by Tatu. So if you want to understand the cryptography, come to SSH Academy. If you just look at the web traffic, we are -- if our major competitors are 10x bigger than we are, we have 10x more traffic on SSH Academy. Over 5 million visitors every year. So that's what we do. Those are the mega trends I've said, and we focus on going for a solution, so more customer value add. We focus on getting deal size bigger. And Rami will talk about that as well more. Partnering, I discussed, that is the big change we are doing. Open source, we have used before, we continue to use it. And we want to have services, but we are not going to become a service company. We just do the service to sell our products better and making our customers happier. So [indiscernible]. And before I hand over to Juha, I only have 1 wish to you and your friends and partners, don't lose your keys to the kingdom. Thank you.

Thank you, Teemu. Very insightful. And actually, as you started to speak, the chat exploded, almost not yet, but we are very happy. And we'll try to address most of the questions during the Q&A session. And if we will run out of the time, we will answer each question after the event. But I see at least a couple of questions about generative AI. So how is SSH positioned in the heat of the discussion about generative AI because you have 5 minutes yet to before the end. So maybe you can tell about AI.

Well, artificial intelligence was a promise, I think, for a long time. The problem is that it also needs humans to model it. And it needs an organization to run. So I think the technology is there. We have artificial intelligence in our PrivX with the worst acronym ever, web user behavioral analysis. So basically, we can look at -- like you saw in U.K., you can see who talks to who, and we can see that's a normal pattern. If Teemu goes to the network at midnight, and there's a red flag he shouldn't be here. Why is he here now? And that can be all automated. So PrivX does it already. But the bigger problem is for customers to leverage the data that's coming out of AI. Because if you take 1 video camera or 1 PrivX in a big environment, it creates 30 gigabytes of data every day. Who wants to read 30 gigabytes of data a day. So you need automation to actually leverage the stuff. And that's why it takes time.

Yes. Thank you. And well, maybe we'll have 1 more question and we will be exactly in time in agenda. How do you see the value of the 100 and plus patents going forward?

Well, we have only a defensive patent strategy because I used to compete with Honeywell, and they had an Oracle and they have tons of layers that cost a lot of money because they are aggressive in their patent thing. They want to get money out of their patent. We tried that also some years ago. Now we do patents that if somebody steals our technology, we have already patented it that we can continue to use our staff. And we only get active on patents if somebody else starts to challenge us. So it's a defense like -- we are different cyber security. It's only defense.

Thank you very much, Tim. Next, we'll dive into fascinating realm of quantum computing. Juha Vartiainen, Co-Founder and Global Affair Officer of IQM Finland will share his expertise. Juha, please?

Thank you, Lauri. Thank you for Teemu and Lauri inviting me here. Why I'm on the stage today is, of course, this gentleman is so kind and we have had a good discussion about possible collaborations in future since we are both working in a sector which are slightly overlapping there in post cryptography. And we have some touch points. But I think mostly why I'm invited here is that the cyber world start to see the threat now in quantum. Actually, I was half a year ago in Washington, D.C. and there were some high-level officials from White House who said, like, what is the biggest problem or like a threat for America at the moment. And of course, there are some military threats, maybe Russia, China, but he listed quantum as the highest-level threat. And why is that since the quantum is directly addressing the core of nation. So it's this core of this intelligence collection -- whole society works around that thing that secrets remain secret. And there is even slight chance that quantum computer maybe after some time, maybe 10 years, it will challenge that one. And that's why White House is taking that very seriously. And of course, the rest of the world should follow as they are acting rationally. But let's say, I'm coming from IQM, one of the founders of the company. We are not so much working in this defense or security sector, which is driving the development in U.S., but we see there are a lot of positive applications, and I also want to talk about those ones, and I want to bring some, let's say, the realism to the discussion. So first, something about the quantum computing. So it has been actually invented 3x, as I know. First, by Richard Feynman, 1982. His, let's say, realization was that nature while at it's let's lowest level, it's quantum mechanical. It follows different laws of physics than regular computers. So in order to simulate it efficiently, you better to have a quantum mechanical computer. And from that, let's say, history, there are those applications of quantum computing for molecular simulation and some other, which are still maybe the lowest hanging fruit for useful applications. Then 4 years later, I came, let's say, the most -- maybe visionary use case coming from David Deutsch. And he was thinking in like the fabric of reality. Since quantum mechanics -- it's very different worldview, if you take it really seriously. And this is like highly philosophical question and it's not of general interest as long as they're physicists who are staying in the labs, studying atoms what you don't really see, and elementary particles which are -- it's okay to -- since you can calculate the right outcome, but it doesn't really make any sense how it seems to work. But hitting that, if we would have like good enough AI, and you would run it on quantum mechanical hardware. Then the AI would get like firsthand input from quantum world, and it could be capable of telling you how you should interpret that. So that would answer to the very philosophical question of fabric of nature. And there comes like AI solutions, quantum, machine learning and so on. And then the third time, '94, Peter Shor, he's mathematician and he was thinking like computational complexity, different mathematical problems have different computational complexity. So very often, you need to, let's say, when you program something to the computer, you need to -- when the data -- number of data grows, it's the computational complexity tells you if the computational time grows in proportional to data as it grows or is it exponential or some polynomial behavior. And he found out that if you would release or it depends -- the computational complexity depends on the system on which you are running your -- what are you using to solve the problem. And he found out -- he analyzed that what if you would instead of regular digital computer, you would switch to quantum mechanical computer, what would stay the same and what would change? And he was able to show that actually the computational complexity will change dramatically and he invented already a long time ago, this Shor's Algorithm, which particularly is still maybe the most important use case, at least in the long run. So you can factorize a big integer in the 2 factors probably in polynomial time and no other algorithm known in existing computers, which could do that. So that's the big invention by him and that has been driving this development a lot. And if you look now where is quantum computing? That's kind of new completely, let's say, new kind of industry. It was a university research still not so long time ago. So at the moment, as an industry, it's building the foundation. So technological capabilities are ramping up from close to 0 to somewhere where they are usable. So it's still mostly for educational research sector, where it's interest and it's mostly publicly funded. So it's beyond the limit of becoming commercially viable. But then this discussion is when it becomes commercially viable, is this quantum advantage. So that means when for the first time, quantum computer alone or together with the high-performance computer will solve some problem either faster or with less energy or it will solve something which is not soluble otherwise. So 3 different categories but one of those will happen maybe in 3 to 5 years, might be molecular simulation might be, for example, AI, accelerating some of the AI computation since it's very computational-heavy nowadays. So that might make it profitable for the first time. And then there will be a lot of applications areas one by one, which become beyond this level to become useful. And that may be still takes 5 to 10 years, maybe long time. And eventually, the capabilities of quantum computer have developed to the stage where it's like a general purpose, error-corrected, like very different from now what it is. So it's like a fully mature technology. And there, we will see the disruption, which is where these quantum computers become cryptography relevant. And as of today or last year, this is the market. So it's below USD 1 billion. It's growing like 25% a year. And the biggest sector in application area is finance. So they are very interested since they can make immediately money if there is some quantum advantage. And the second most popular application area is the research of quantum computing itself. And the third one is cybersecurity. And then there are like a number of others, namely this pharmaceutical industry is very interested about this as well. And today maybe the most interesting application is this cryptography. So a big part of Internet security, security in general is built on top of this public infrastructure. And it's -- based on the facts that factoring a large integer is very, very difficult. And the Shor's Algorithm, as I told, it potentially gives a polynomial time solution. Why it's potentially since there has been a lot of doubts that can this kind of computer ever be built -- which would be running this computer. So there are maybe some physical limitation very difficult. But now it seems that it's only an engineering problem. So as more and more engineering work is put there, then it seems that these boundaries are pushed further and further, and we believe there are no fundamental limits there. So eventually, we have a couple of enough quantum computers for this purpose. And -- what is maybe good or, let's say, why we can sleep well is that this time when this quantum computer, like anyone would have it, which can break this, it's years away. And like this kind of breaking the RSA code with a reasonable key length, it takes a lot of time at the moment. But still, what -- why we should build awareness why SSH Academy, we have IQM Academy as well. Why they are very important is that we have to educate people that people should start protecting the data. They should take this seriously. Since storing the data is very cheap. So harvest now decrypt later, is a strategy that can be used for some data, which still has a value after maybe 10, 20 years. And if some decrypt it later and then finds out some facts which are still valuable, you might be in big trouble. Okay. Then there are constantly coming some suggestion for shortcuts. So maybe some -- there're may be some clever algorithm, which is more feasible than Shor's Algorithm. And last winter, they are so-called Schnorr's algorithm, which is very close to Shor's Algorithm. And it's -- there was a lot of claims that it can actually do something useful with much less qubits. So in Shor's Algorithm usually millions of qubits are needed, but they said that only 100s would be enough. This was kind of not so well studied approach, and it caused a lot of attention last year -- or this year. And it seems like not very well, but it was very difficult to say, is it true or not and lately, there was a paper where they analyzed it very well, and it seems to be untrue. So it seems to work for small integers, but when the integer grows bigger, then it doesn't work anymore. So at the moment, no other polynomial time algorithm is known for this problem. And this is now a little bit technical picture, but I like it. So we have here a kind of 2 fundamental characteristics of a quantum computer. So there are actually very different modalities of quantum computer, very different approaches. But you can kind of put them on the same picture this way that you put, how many qubits? You have how much information you can code in the quantum computer. And then on Y- you put the error rate? How much error you introduce in 1 operation. So everybody started lower left corner and as the technology develops, it goes to the right top corner. And I have flooded here with this red dots, may be one possible trajectory of some company who would push this technology forward. So first, increase the fidelity going up, navigating North. And then in some point, once the fidelities on the green zone where there start to be some applications, then start to increase the complexity of the system and go to the right. And those red lines, there are -- those are the RSA codes with different key lengths. And from this figure, you can quite well see. So I have drawn there 15 points. So maybe that is what the difference between the point is maybe development in 1 year what a company could do. So it's maybe 15 years away in this respect, but this is my, let's say, estimation. Okay. Who are those who can -- who could be capable of doing this kind of development? So we can check the funding situation. So China is to date EUR 25 billion public funding. So they are very, very serious about this. This is in the 5-year plan of Communist Party that they need to make quantum computer working. So I think they take it very, very seriously. Second is European Union altogether and Germany alone is quite a big -- but the U.S. public funding is not that high, but we have to take into account that there are a lot of private companies investing in a lot of private monitor and then there might be some defense budgets which are not visible in this figure. But anyway, this is like a geopolitical game now or race. So China, U.S. developing their technology, investing a lot. There are a lot of export controls. And so they are treating this area of technology almost like a nuclear weapons back in the days. And Finland is actually positioned here very well. So you can see small Finnish flags in all of those 3 categories. This is not done by me, but Boston Consulting Group. So there is some credibility in this figure as well. So Finland has invested on this technology since 1960s, and there is like a lot of scientific activity. Last year, we hosted a scientific conference of 300 top scientists in this area in Finland. Actually, this week, it's there in Munich in -- where we have our other office. So it's -- I can host it second time now. And so we have actually a very good position in this technology. And so just a couple of words about IQM. So we are the biggest European company developing quantum computers. We are a hardware company. So we also do a little bit software, by heart, we are hardware company. We build those actual systems. We're mostly here in Finland, also Munich and 3 other countries. And we have a big quantum computer delivery projects. We delivered 1 to -- or actually 2 computers we have delivered to Finland. We are now delivering 2 computers to Germany also, and other countries. This is connected to high-performance computing. So we have connected our quantum computer to LUMI supercomputer, the third fastest competitor in the world. So we foresee this kind of acceleration hybrid model will be the kind of a winning one, at least in the early stages. Okay. Do we have -- yes, so this is the slide I was looking for. So we have seen like a lot of benefits of doing certain marketing activities together, we are discussing this and this post-quantum cryptography products are very interesting also for us.

Thank you, Juha. And maybe a couple of questions. I actually also prepared 1. How you see the development of quantum computing impacting the cybersecurity industry overall? You mentioned a little bit, but if you go a little bit deeper with that topic?

Yes. So there are actually a lot of dimensions in quantum technologies, and they are only, let's say, starting to mature. So of course, there is this quantum computing, which will maybe challenge some of the encryption methods in later years, as I mentioned. But then there are also other dimensions. One of those is a quantum key distribution, which is actually bringing -- like probably uncompromisable way of distributing keys between the, let's say, distant locations over the fiberoptic cable or over the satellite connection. So that is definitely something which will shape the industry. And of course, there is this whole development of polarization of the world geopolitics game and which countries have access to this technology, which don't, and that probably also is reflected at the industrial side.

But are we basically at the same moment, which we were somewhere in '90s when first encryption and, for example, SSH protocol was invented. And now as the quantum computers will emerge, traditional encryption will almost be like not working.

Yes, I think this has to be taken very seriously. So this is very serious threat. And I think like all the industries who take seriously the information securities should really consider how they tackle this threat.

Do we have any questions to Juha here at audience? We are 5 minutes ahead of the time, but well, that will give us 5 minutes more for coffee. If no, then thank you very much, Juha. And like I said, next we have coffee break. So we'll continue with the program in 20 minutes, so 15:50 around. And before that, you can enjoy coffee and people online, come back around 15:50 will proceed then. Thank you very much. [Break]

Welcome back, welcome back dear guests. As we convened, we continue with the program. [Operator Instructions] So next, we will have Rami Raulas, our Head of the EMEA region. He will demonstrate how our SSH solution are geared towards securing our customers' future. So please, Rami, welcome.

So I am Rami, proven what I have and what I am. So strong identity, now you can believe me. Now I'm not a fisherman, I'm a whaler. My job is to haul in whales and sell more to the whales. Can we stay there? Here are some of our customers, some whales, some salmons, some trouts, and there are 3 things I want to go through today with you. One is the underlying opportunities, kind of tailwind, trends. ZTOT, I'm a big ACDC fan, so it was easy to come with the strategy of ZTOT, Zero Trust and Operational Technology. How can we land and expand? So sell more of the same but to more people within our customers, and how can we cross-sell, sell the Zero Trust Suite to our existing customers who only have 1 product from us, not a suite of solutions. And how we can replicate with the new wins, how can we replicate if we have 2 of the top 6 paper and pulp companies for OT now in the bank. How do we get the next 3? So how do we replicate wins within industries. One thing -- so it's like, we cannot show all the great customer names publicly. These are the ones that we can. We always try, but it's like me telling that my house is protected with [indiscernible] key, and it's under the side doormat -- I shouldn't have said that. Now you know my secret. But 1 thing that we wanted to also say apart from utilizing the growth opportunities and trends, selling more to existing customers, land and expand, cross-sell and replicating successes to peers in OT and other industries, we also want to increase the size of average deals. And here are a couple of examples of some average deals, deal sizes, which are already significantly larger than you would have seen 2 years ago. And these are all recurring revenue customers, so we are sticky. They won't go away overnight. Some customers have committed financially. It was for 5 years. Most of our customers will use these products from between 7 and 10 years. So these are a couple of examples, so 1 of the world's biggest retailer. We have also won 1 of the biggest with PrivX, 1 of the world's biggest e-tailer, but it doesn't qualify in the list. Of course, it's slightly under [ EUR 300,000 ] a year. Nor do the paper and pulp company, because they are still just shy of EUR 300,000 as well. So you can see a fairly even distribution between industries, different solutions and different geographies for increasing the customer size and landing and expanding and selling more to them. But we need -- we can only grow that much with our own organization. We are limited in terms of headcount in sales and marketing, so we need more feet on the ground. We need to excite a partner network like Teemu was saying earlier. And with the partner network, we clearly see a development from just software or box shifters, like distributors or pure resellers who add little value to systems integrators and managed service providers. But there's a couple of names for distributors that we have, and we'll keep banking on their growth. Here are some typical resellers in U.S., Europe and here in the Nordics here. And then our aim is to grow with the systems integrated solution integrators, which are big guys. These are whales or very large salmons as partners, not [ as end ] customers and partners because more and more customers are outsourcing their work to these guys. They make the technology decisions and choices with us. Some even outsource those technology choices to their partners. But typically, we influence, we get the kind of technical win and then we partner with the systems integrators and get them to deliver and maintain -- do application management services. As an example, we just had a training session for Wipro, which is one of the big 5 Indian guys. 45 people, sales, presales and technical support people training for -- they want to go to the OT market with us with PrivX OT addition. So 45 people were stunned. They said, we've been trying to do with this with the market-leading product side [indiscernible], it doesn't work there your product is perfect. So we have opportunities there, which we need to now engage and we need to get those people. We won't get from Wipro. We won't get all 500 account managers to be the evangelist for our PrivX OT solution. But if we get 25, that's 10x more than other salespeople we have. So that really is an important topic. But it's not only the downstream partners that are important for us. So this -- if we call these downstream partners, people who talk in favor, win customers and deliver services together with us for their customer base. We also want to need to expand our offering a little bit. This is the ecosystem. So I would not want to be a CISO, Chief Information Security Officer. Of course, I would have 70 domains to manage and only money for half of them and resources for 1/3 of those. So you need to prioritize. And we can only do so much, right? So we can do only that much in the different spaces. So we have decided that we will partner with so-called upstream technology partners, people who have technology that we would love to have, we would love to develop but don't have the R&D research to do ourselves or resources to do ourselves. So we partner with these guys to have a broader and more meaningful offering. I mean coming up with the Zero Trust Suite. So from selling point solutions, the 5-point solutions that Teemu described, we're selling it as a suite. So as an example, one of the biggest Swiss banks, which has only been buying Tectia from us, now is curious about Zero Trust. I think they are under an audit threat. They need to do something more at the moment. So there are a couple of these companies that we are working on to bring on the sexy words of the market growth called [ SASE and CASB ]. And we're working with a company called [ Menlo ] security there, which offers functionalities to secure more users. We secure now the hardcore administrators and super users and developers and database administrators, network administrators. But with this offering, we can cover all of us, we can secure all of us from doing something fishy in the middle of the night into the Internet. I wonder what sites you were on Teemu. But we would know, with that solution, we would know. We would maybe even say, "Hey, on your home computer, you can do it, but not with the office computer" and a couple of others. So this will broaden our offering. We are integrating it with our solutions. So we're not -- our aim is not to take another solution and resell it. We are integrating this to add value to our own solutions. And some of these partners also will act as channels for us because they have their own customer base. Why are they larger than our own customer base. And they can integrate and take mainly the PrivX core technology and integrate it into their solution as an additional functionality to what they already have been selling to their customers. So this acts as kind of a 2-way street with many of these partners. All right. But let's have a look at some of the assets that I want to discover the trends and the land and expand on the new customer wins. So let's have a look at some of the favorable trends that are happening for us. So these are the analyst -- this is Gartner Group who says that these are the biggest threats materializing soon. And even customers are now talking about them as well. Zero Trust, okay. It seems like we made a nice choice there. Everybody wants to understand what Zero Trust is all about. It's a philosophy, and it kind of means never trust, always verify, right? Well, this will be one way of verifying. Don't leave back doors open. Don't leave the keys to your [ kingdom ] hanging around. And the KPMG made an interesting -- I'll come to that in a minute. That's not just kind of an insurance cost or cybersecurity measure. It's kind of a business imperative already. And you need to automate it, it's too vast amount of data to be trying to handle with manpower. You need to automate it. And surprise, actually, with our solutions suite, we can actually cover quite a bit of these areas, with our Zero Trust Suite. So at least we seem to be spot on money on the trajectories that analysts are predicting to be important. And we are seeing that. I'll cover Zero Trust OT, operational technology and a little bit coming back to the Quantum-Safe. So I have divided my presentation into those 3 parts. But let's have a look at what KPMG has found. They tend to do a kind of a CEO research. And 2 years ago, cyber rose as #1 in terms of risk management by CEO. So hurricanes and floods are less important than cyber threats. And I'll show you some figures in a minute. And that was repeated also last year. Now in all honesty, at the moment, maybe the biggest hindrance or challenge for us is the economic situation, investment situation, interest rates. So we're seeing people not canceling, but postponing. So it's a bit slower to close deals. But the topic of cyber and cybersecurity is on top of the minds of CFOs and actually boards. We have board members here as well for risk management. And some companies are even clever to turn this into a strategic function and seeing it as a competitive advantage. And I'll show you in a minute why that indeed is really, really important. One challenge we have, which we are trying to address now is that we've been talking to the techies, the nerds, the security architects, the guys who run the operations, the network guys. They all understand that as they visit the academy 5 million times a year, right? They get it. But we haven't been able to deliver our message. Why this is important and why they need to choose us for the CISO, CFO, CIOs and CEOs? And that's where we are trying to lift and need to lift our communications. So kind of have the tech communication and then the business communication a little bit more separated from each other. But this is totally not just an insurance cost or risk management costs. It's also a total cost of ownership benefit and cleverly seen also a return of investment for the money. But that's more difficult to calculate, obviously. Okay. So let's talk about these 3 trends a bit more in detail, and I'll show you a couple of customer examples. But let's start from OT. OT as Teemu was saying, OT is the is the kind of the forgotten part. Banks are well protected, maybe not against quantum trade yet. Public sector is Okay. Managed service providers the big software companies, the big service providers like Fujitsu's and Wipro's and the names you saw on the previous chart, surprisingly, don't [indiscernible] shoemakers children don't have shoes, right? So they need to be equipping. And we have lots of wins and a lot of opportunities ongoing at the moment with managed service providers there. But the least protected the most old fashioned in terms of securities OT, operational technology, manufacturing companies, critical infrastructure. And I'll come to that a little bit more. It's only not us saying this is also from the same ex force IBM's survey saying that the biggest attacks, biggest ransomware attacks do indeed take place in manufacturing and critical infrastructure, not in banks. Maybe there's more money in banks to hijack but they are more protected. So this is an easier piece to go after. A lot of zeros, right? Is that a billion or a trillion? Whatever. It's a big sum. So this is an analyst report from KnowBe2 -- sorry, KnowBe4, the cost of ransomware, cost of risks materialized in companies and especially manufacturing and critical infrastructure organizations. We will rise from EUR 20 billion to EUR 265 billion. So there's a lot of money at stake. We can help protect that. Okay. So you can take an ostrich strategy and put your head in the sand and show your ass and hope that nothing happens. But quite a bit has happened. Here are a couple of just very recent couple of years back, a tax ransomware data theft in the world. You've maybe seen some of these. It's really a shame that Nokian Tyres 1,000 R&D and manufacturing documents were stolen by the employees, by the way, and bosses because it was not detected. And now we have Black Donut manufacturing tires in Middle East and Russia. Okay, from Russia, you can't bring them in anymore, but -- so don't let that happen. Vastaamo, we all know patient data leaking because somebody forgot to turn security on and the database was called, database and the password for database was password01. Oh my God, how can that happen? Why are the guys not in jail. And a couple of other cases. Tower semiconductor is a really good example. Maersk, of course, ships stopped at sea because they could not be controlled anymore. Big, big thing. But it's Tower Semiconductor. It's an Israeli company, which merged with Jazz or Panasonic semiconductor some years back. They were ransomware. So they have to stop production for 4 days, and they had -- so they paid EUR 0.25 million for production stoppage and EUR 0.25 million for ransomware. So EUR 0.5 billion cost. Okay, no wonder IBM now bought them at low price. So it has a market cap impact, at least if you don't treat your cybersecurity properly enough. So what we want to do and help here is really is to help -- because in the physical -- will help protect this, put a digital gatekeeper in place, right? But in the physical world, when you go to a manufacturing site or a power plant or I mean, I can't even get to Loviisa Nuclear Power Plant. It takes over a year to even get through the gate. So in the physical world, you are stopped at the gate, your passport is taken away and somebody takes you in and somebody kicks you out. In the physical world, like Teemu showed every vendor has their own hole in defense, a tunnel under the fence or they climb over the fence. So we have no idea who is coming and what are they doing? Not good. So we provide a digital gatekeeper. Oh, by the way, 2 weeks ago, there was another one with ABB, this Black Basta gang managed to hack them. Let's see how much that will cost them. I would assume EUR 0.25 billion, but let's see. So why is this important? Not only for the money, but it's also kind of a must and mandate. We have a Network Information Security Act or legislation or regulation in Europe. And now there's a new version of it, NIS2, Network Information Security 2 coming into legislation in October next year. So people have less than a year to comply with this. And this will now cover more critical infrastructure players, as you can see from there food, transportation, transportation, public administration. We were just talking in June with the biggest health care operator in Finland and asked, how are you prepared for NIS2. Oh, yes, we started to think about it last week and asked to traffic on the NCSA for recommendation, they promised to come back in a few weeks' time. Wow, I mean, people are late, late with this. And it's about putting supply chain security in place, putting security gateways, as we said earlier, gatekeepers, being able to respond and detect strong encryption, encryption in transit and at rest so that the data is not readable and then swift reporting and reaction. Now there is also a monetary aspect to this is that people will be liable as the management teams and boards will be liable if we don't adhere to this. European Union itself is saying, this is a good headwind for us, is saying that this will have to increase the IT cost and security -- cybersecurity cost by 22% to be more ready. So that's a nice tailwind for us. Once we just get these companies educated and reacted within the next year. All right. So I'll show you a few customer examples in the OT space. Now Maersk ships were stopped on sea because of hack, [ Alpha Ori ] ships won't 200 ships because they are controlled by PrivX. Earlier, the service engineer had to fly to the harbor and wait for a few days in the harbor for the ship to arrive to do some service job, program the computers and service the ships. Now it's done online in a minute over the satellite network, strong encryption using PrivX technology to control the ships remotely. So they will not be stopped at sea at all. Another one interesting is that there are -- this is manufacturer of seaport and container handling systems, 37,000 of them in different harbors. Earlier they were not able to control who can go to what device. So the Chinese guys go to the German harbors and vice versa. Now by implementing the PrivX OT technology they can control the identity of the person, say, hey, you can only go to that crane in Shanghai Harbor only for next 35 minutes, and then you're out. And next time you try, we'll still verify that it is still you that does it. So it's really -- and they are selling this as part of their solution to the customers. And they see this coming back to the KPMG message. They see this as a competitive advantage over their competitors. They can say, "Hey, our systems are better protected. There's less risk in your harbor because the harbors are really automated. There are not people operating this. These are remotely controlled automated. And how about securing service business and enable industry? [indiscernible] 4.0, this is a household [ care ] manufacturer with washing machines and ovens. And they have computers, right? And they need service or upgrades. So the problem they had earlier was that every machine has the same public key and let's coming back to our innovation of SSH and secure shell on public key and private key encryption from 1995. Every household device has the same public key and every service engineer around the world has the same private key. So what the hell stops the Chinese service -- sorry for using so much China here, but it's on the topic in yesterday's news in Finland and in the U.S. in the past months. So what stop this Chinese service engineer from selling his key to his brothers company? And you lost your service business to the Chinese company, not anymore. Now they use PrivX, every service engineers strongly authenticated, identity is checked and they only get access to that device and they don't know what the key is. They no longer know. There's nothing for them to sell or steal. This is a major paper and pulp manufacturer earlier. And typically, when you are in the OT space, especially in process industry, machines have to run at 98%, and the yield has to be 96%, because below that, you'll never make money. So you can't have stoppages. And if there's an outage, you have to fix it really, really quickly. So earlier, it took them, believe it or not, 5 days to get a service engineer remotely accessing the system. Now when they have been installed PrivX in 4 regions, 2,000 service engineers, 39 sites around the globe, including Brazil, which needs another server because the connections to Brazil are so slow. Now the service engineers get can access within 30 seconds. So from 5 days to 30 seconds. Now I think you can calculate the productivity gain from that very clearly. But we want to repeat. Okay. Let's have a little bit of look at the Quantum, although that's maybe the longest-term impact for our business. But there are considerations for that. So of course, we need to help protect the nation and the nations. Now in this space, I cannot tell you anything about customers because if I tell you then I have to kill you. So I cannot really say anything here. But other -- and the NATO compatibility, being able to communicate with NATO is a big topic for us now. I think Catharina will say a few words with her experience from having actually worked with NATO as well earlier. But another example is we talked about critical infrastructure being under attack. So the electricity grid needs to be protected, whether it's Ellevio in Sweden or Fingrid here in Finland. We have helped them protect it. First of all, all the people who communicate with them, communicate securely with secure communications, secure e-mail. They actually identified electronically from passports if they are not Finnish people who then are identified with the Finnish certificate. But they also use PrivX to protect access to the infrastructure and the Finnish electricity grid. Kari Suominen, who is the CIO, when I last spoke -- actually came out in the news as well that there are more than 20 attacks to our electricity grid to Fingrid daily. Most of them from the East, not only Russia, I mean, North Korea is financing the nuclear program with ransomware. So there are other players in the market as well. 20 a day. Now most of them are harmless attacks, but some of them are trying to get into network as well, so let's protect it. And we have, here in Finland, we have partnered very strongly with the local players. [indiscernible] was the big service provider, both [ Toba and Torrey ] parts and [ Traficom ] is certifying our products for confidential level and restricted level solutions. So here in our home country, we are really strongly in network to protect this country. Now of course, we need to take it to other countries. And it's a big market opportunity, I think within -- maybe not so much in France and Germany, they have the own industry in this space in encryption space. But if you take any country from Estonia down to Turkey, they don't, and they are on the border line, like we are as well. So that's a market opportunity we are now starting to chase as well. And we have the technical competence coming back to the Quantum-Safe. So we introduced Quantum-Safe key exchange algorithms to our product, the encryption product NQX 2 years ago. So if Carlsberg says that this is probably the best beer in the world, we can say it was probably the first in the world with Quantum-Safe encryption already 2 years ago. Now we have some companies like [indiscernible] post operator in Europe, upgraded their Tectia to Quantum-Safe a few months ago. They just say, "Hey, we want to be ready. We want to -- you guys have the technology, we'll convert to it. Just to be safe. And we've got a nice award as well. We were driving -- setting up and driving the PQC Post-Quantum Cryptography initiative in Finland, financed by Business Finland, which ended a year ago. And this was awarded the Annual Security Award of the Year as an initiative. And now hopefully, we get the next phase of [indiscernible] PQC. So Finland is in the forerun like [ Johan ] was saying in this space. And for us, from a marketing and sense point of view, this is kind of a door opener. It gets us to the table. It's a meal ticket for us to talk seriously with big decision makers at the biggest retailer in the U.S. as an example. Communication security is the third leg in a way. And a couple of use cases for this. And this is kind of an interesting funnel. I'm going to show you a funnel of security now. So first of all, cyber -- normal crime doesn't pay off. Normal crime doesn't pay off. Cybercrime pays off. So we have helped the national blood service so that when you input your data, it's secure when you transmit it, it's secure, when you make your consent, it's secure and the doctors use the data, it's secure. HR, but there was a big hack here when somebody got access of Bank account. So my salary would have been paid to another bank account, not nice, protect it. And then I get insurance agreements, communication from the banks with using our secure mail infrastructure. Then we alluded into this one. So we have a funnel here that the Swedish police were actually got a reprimand, complaints slap on the wrist that you cannot send a customer, it's interesting criminals are called customers. You cannot send customer data in a clear text in Google mail, you have to protect the anonymity of those suspects better. So police needs to protect it better and the court rooms need to protect the documents that are being sent. And then when the customers are convicted and sent to jail, this is Hong Kong correctional services on the top bottom there, criminals are also customers in language. So their data has to be protected. So all the way from police, court system to jails is where our PrivX technology and secure communications have been deployed. And now what is new as Teemu said, is that we are now announcing today and publicly, it will go out early next week, a new secure communications suite 2024, which starts with the new mail, which is written with PrivX technology and then instant messaging and other modern communication tools as well. Finally, about Zero Trust. These are some attacked vectors that if you look at -- [ doesn't animate that ] way. On the left-hand side here, you see the threat sources, whether it's internal or external. On the right-hand side, you see what are the risks, operational continuity safety or other stuff. When we do this kind of analysis with our partners, typically two things come out. Wrong people have access to the right systems or wrong systems, so which is what we protect and all the malware and ransomware is coming with files, right? So protect illegit file transfers. And these are the areas we can help protect. A couple of use cases there. This is a bank out of Britain. They are changing with our automation tools, 1.5 million keys twice a year. And even that level of automation is not good enough, so they want to move zero -- completely Zero Trust, fully automated, which generate a short-lived certificate for 4 minutes, 5 minutes and then the job is done and no access is left behind. This semiconductor manufacturer. They have now, as Teemu mentioned, close to 1 million sessions per day happening through there at the moment. So highly automated, access control, which could not be done manually. So what do our customers say about our solutions? So this is -- don't even try and read this is a color coded screen. So on the left here, we have our solution. This is a big software company, one of the leading in the world. The second column is one of the market leaders, #2 on the market, another 800-pound gorilla that we are trying to tackle. Third one is a new upcoming vendor, Fourth one is a new upcoming vendor and the Fifth one is their own. Let's do it ourselves, right? Let's use open source and do it ourselves. So you can see PrivX the only one which is fully green there. Okay. The legacy product from 20 years also is green, but not anymore on the second page of course. If you want to deploy it automatically like Teemu was talking about containers and automation. We are the only ones who can do that. So technically, we have a win here. Now I just need to collect the cash. Here's another one, many service provider. Normally, we say that, hey, let's promote 3 features of our products, tier advantages. So these guys found 5 from here, quite a few from here, quite a few advantages that they thought PrivX offers them over competition. They chose and bought us, by the way. So it's an existing MSP. They love the architecture, and they think it's really easy to use, right? And then we have plenty of other positive customer feedback as well. So to summarize, and you can [ watch out ] all from our web page, so you can see that see that there. So just to highlight and summarize here the strategy and execution. So from a strategic point of view, it's about focusing on the growth trajectories, Zero Trust operational technology and preparing for the Quantum-Safe. From the sales and marketing execution part is sell more to the existing customers, land and expand and cross-sell, especially to the Wales, increase the average deal size as we started with and replicate successes with other companies within the industries. People talk to people. We just want an energy company. and they talk to two of our customers, and that's why they chose us, not because of our technical. They said, okay, if you trust them, we will trust them. And then we want to help people to migrate from the on-premise to the cloud and partner with the systems integrators and managed service providers, just simply to become more meaningful, have a wider offering, get bigger share of their wallet altogether. And now since I cannot see [ qubit ], which is the language of Quantum computers, so I can only see digital zeros and ones, which is represented by Morse Code. So here's a brain part for you, just to try and understand. [presentation]

Anyone got that, SOS, SSH helps. All right. Thank you very much.

Thank you very much, Rami. And let's continue with the program, so we will have time for questions. Thank you for your activity in the chat. Next, we will have Catharina Candolin, SSH member of the Board of Directors and cybersecurity expert at OP Group. She provides insights on cybersecurity in our rapidly changing world. So please welcome, Catharina.

So good afternoon. It's a joint privilege to be here and talk about my favorite topic and it is cybersecurity in a changing world. So basically, how did we get into this mess? Well, we can go back about 40 years to the happy 1980s when things were still fun. Then we were young kids who basically, they had technical skills, and they had computers as a hobby. And what they wanted to do was basically not pay for games, so break the copper right protection or maybe write some malware to tease some other or maybe break into a server and leave a message to the administrator that I'm much better than you. So the idea was not so much to really do any harm, but it was mostly to have fun and to show off to other in the field that, hey, look how good I am but then in the 1990s, things started to change, and this had a lot to do with the fact that the Soviet Union crashed. So what happened then was that there were a lot of technically skilled people, but they were not really jobs available. And somehow you need to put bread on the table. So what happened was that basically organized crime started to work together with technically skilled people. And this gave rise to cybercrime. First of all, information security at that time, it was not on the same level as it is even today. So it was really, really bad. The criminals probably did not get caught. And even if they did get caught, the legislation was not up to date. So there was nothing to charge you for. So this was really a golden era for cyber criminals to start to make a business out of cybercrime. Now of course, nation states also realized that cyber space is an opportunity to build capabilities, to promote your political and financial and military motives. So a lot of nations started to develop cyber capabilities. And if we're looking at the situation today, now the cyber space is part of modern warfare. So in 40 years, we have come from kids playing and having fun to actually modern warfare. So if there's anything new in cyber or not? Yes and no. No, in the sense that this has been going on. But yes, if you look at the implication it has for our societies today, then a lot has happened. I wanted to mention also the term information operations, which is kind of a sibling to cyber operations. It's not the same. This has basically a lot to do with the fact that, well, we have always used information in warfare. So there's a term information warfare but -- and it has been about spreading propaganda or maybe fooling the enemy and so on. But this has beginning a new rise in the 2010s with the [ advent ] of social media, because now we have a new platform to spread information and disinformation and for nations to affect the decision-making of other countries through information operations. And this is, for example, a lot what Russia is doing and two concrete examples have been, for example, Brexit or the U.S. Presidential Election in 2016. So just as a term, I wanted to mention it is a sibling to cyber operations. I will concentrate on cyber operations in the talk, however. To give you a few examples, and this is by no means a comprehensive list but just some cases that we have seen during the last 15, 20 years. If you go back to 2007, we had the [ Tallinn Bronze ] statute. This was the first major cyber incident that was really talked about globally. Technically, it was very simple. It was a denial of service attack that was addressed towards Estonia. And this had a lot to do with the fact that they wanted to move the bronze statue in Tallinn from one place to another place. And of course, there were protests, so there were riots in the street, but at the same time, there were also riots in cyberspace. So a lot of denial service attacks were addressed at Estonia, and it was so bad that, for example, Estonia was cut off from the Internet for over 24 hours. Some of the banks were hit pretty badly, government institutions and so on. Of course, Estonia attributed Russia, Russia denied everything, but well. If it looks like a dog, barks like a dog and works like the dog, it probably is a dog. Very similar tactics used a year later in the Georgia war. Then in 2010, we saw something called Stuxnet. Stuxnet was a malware, a virus that was very much, I would say, tailored to work at one certain facility. And this facility was in Iran. And what this facility was doing was that it was enriching uranium. So what the malware did was that it attacked the automation systems that were spinning the centrifuges, so that the centrifuges started to spin in different speeds, which led to that either the uranium that came out was not usable or these centrifuges actually physically broke down. So this was the first time that there was physical damage caused by a cyberattack. But why this also was a very significant that, that was that it was quite obvious that there was a nation state behind it. Before these cyber experts like myself, and we had been talking about things like this, we were told that we are nerds, we drink too much Coca-Cola and eat pizza and watch to a Star Wars and we should probably go back into our basements and continue to do so. That this is a science fiction that we're talking about. Stuxnet showed, and it was also understood on the political level that this is not science fiction. This is actually what happens because in order to do something like Stuxnet, first of all, you need intelligence. You need to know what facility to attack? What kind of systems do they have in that facilities? Which versions? What vulnerabilities are there? Then you need to actually produce the malware and be sure that it actually works there. And then you have to get it to the system. Now this facility was not connected to the Internet. So you had to go over the air gap and get that in. So it was obviously not a criminal group. Criminal groups usually want money. It was not some hacktivists. They might have had the motivation, but surely not the skill and resources, so it pretty much had to be a state. And pretty quickly, their eyes turned towards the U.S. and also Israel. Now in 2014, when Russia invaded Cremia, there were also electrical power cuts. So this was an attack on the critical infrastructure. And of course, pretty bad blackouts during winter, which is, we all know, living in the Nordics, how it would feel if you would have no electricity, let's say, in January or February. It would be dark, it would be cold, it would be miserable. And this is what happened. In 2016, we saw another interesting cyber-attack, and this is called the world's largest bank heist. Now here, we had North Korea. North Korea is an interesting state in a sense that it actually acts more like a criminal gang. Its motivation is to get money. Now why so? First of all, there are sanctions against North Korea, which means that they can do business like normal Asians can do. But they still want to develop their nuclear powers and their nuclear arms and the ballistic missiles. So where do we get money from cybercrime. Right? Where is the money? Well, banks. That's a very good target. So let's start specializing in bank robbery and in this case, they were able to break into the National Bank in Bangladesh, and they got access to the swift network and the account that was in a National Reserve Bank in the U.S. and they wanted to transfer $1 billion. They only managed to get a little bit more than $100 million. And the reason actually was that they made a typo in one of the requests. So they were supposed to write fundraising, but they wrote fun raising. And some person in Germany caught this and thought that this is something suspicious and blocked all the rest of the transfers. But anyway, some money was transferred. It was lifted from ATMs and washed in casinos. And this is considered to be the largest bank heist to date. Then we had Petya and NotPetya and WannaCry these were examples of ransomware that also Rami already touched about. So basically ransomware it decrypts your data and then the attacker sits with the decryption key and says that if you don't pay me, I won't give you the decryption key and then basically all your data is lost. Petya and NotPetya, Russia was behind them. And for example [indiscernible], we saw as one of the examples was attacked by this one. WannaCry, again, North Korea behind it. This was not as successful because North Korea actually never gave you the decryption keys, so you lost your data anyway. And the rumors that you spread that don't pay because the data is already lost. Supply chain attacks, also one of the bigger threats today. So basically, instead of attacking an organization, you attack it somewhere in the supply chain. And typically, it can be pretty bad because if you are successful in one place, then that attack can spread to a lot of other victims. So for example, SolarWinds in 2021. It affected Microsoft, Intel, Cisco, federal agencies, all that were using the SolarWinds product. Case Vastaamo, we also talked about already. So this was a company where security was badly neglected. So the data was stolen and then the victims were actually or they were trying to get, first of all, Vastaamo to pay and then they try to get the actual victims, the persons who are using Vastaamo services to pay. Fortunately, the perpetrator has been caught and there's court case soon starting off. And actually, the CEO already got a sentence also from neglecting cybersecurity in Vastaamo. So this has been a very big case. And now also talking about the Ukraine war. So this is the first time that the cyber element is part of conventional warfare to this extent. Of course, even before the traditional military operations started. Russia had already conducted both cyber operations and information operations towards Ukraine. So the idea was probably to mess up the society and then come in with the military attack and march to Kyiv and get the recognition papers, but this didn't happen. First of all, they were not so successful, either with cyber or information operations, and we all know that they have not been so successful with the military operations either. But the main target was the critical and is still the critical infrastructure of Ukraine. Now why is so? Well, first of all, this is pretty much in the doctrine of Russia and other nations as well because the critical infrastructure is vital for our function -- societies to function. Without them, our societies don't work. So if you really want to mess up a society, then mess with the critical infrastructure. Why haven't they been successful so far or had more success? Well, first of all, Ukraine has been a cyber laboratory for Russia for quite some time. So they have had the possibility to develop their cyber defense capabilities. They have been getting help from the West. They have been getting help also from the private sector. They have been moving services out of Ukraine, and they have been able to maintain their communication infrastructure. But what we can learn from this is that cyber and the [ information ] element will be part in future wars as from now on, and the critical infrastructures will be the main target. So critical infrastructure that include, for example, the power grids, the telecommunication systems, the financial sector, the water, the food and agriculture. It also includes the logistics, so both land, air and sea. It [ contains ] the governmental functions, the health care systems, which, by the way, was very much attacked during the pandemic and also hazardous materials, et cetera. And not only is it vital to secure all of this infrastructure. One has to understand that these infrastructures are also dependent on each other. So for example, if their harbors are messed up, then we probably then don't get the products into the stores, well, maybe if you don't get them so what, let's say that the financial system is down because the telecommunications sector is down. Maybe the telecommunications sector is down because the electrical system is down and vice versa. So these infrastructures also depend very much on each other. So this is actually the hot potato when we are talking, for example, cyber defense. Of course, nations have realized that we have to do something to secure our societies, and it cannot be left to the governments alone. It cannot be left to the private sector alone. It cannot be left to the individuals alone. So we are all in the same boat. And this is why so many nations have a cybersecurity strategy because now you bring all the stakeholders to the table to figure out what are we going to do about it. So in Finland, for example, the first cybersecurity strategy came in 2013, and it talked about protecting the infrastructure and about the role and mandate of the police, the role a mandate of the defense forces, about legislation and so on and so forth. So it was a good start. And we have done a lot of work, for example, with preparing and securing and so on, but there is still a lot to do. And this is really the big hot potato and open question to date. What does it mean to defend a nation also in cyberspace. We know what it means when we're talking about land, air and sea, but what about the cyber space. The logic confirmed the fact that the cyber attack can be considered an armed attack if the consequences are comparable to that of a military attack or a traditional armed attack, and that means that the nation has the right to defend themselves. Now, if we would get a missile in our head in the critical infrastructure, we would consider it an armed attack, and we would defend ourselves. But if we could get the same thing to happen for cyberattack and so forth, nations be like, we don't do anything, and it's up to the companies to take care of it. So it's -- there's still -- this whole logic has to be on level. So what does it require? It requires attribution, so we have the ability and political will to point out who was behind the attack. We need to have a national cyber and situational awareness. We need to have operational leadership. We can start then thinking that what should we do under the situation and so on, this has to be defined and exercised. We need to talk about countermeasures, switch on to softer stand, can be diplomacy; on the harder stand, it can be military action. Big nations talk about answering with nuclear arms. We need to have the legislation, and very important, international collaboration where both the European Union and also NATO is very much in our sphere. Now with NATO, one has to realize that cyber defense is part of NATO's collective defense, so that means Article 5 applies. So if any NATO nation calls for Article 5 after a cyberattack, we have to help them, or vice versa. If we get hit, we can revoke Article 5. So of course, NATO is working a lot on cyber defense and NATO also works a lot with industry because NATO has realized that this is not something they can do on their own. So this is, of course, also an opportunity. And this is also seen in the governmental program of Finland. They are talking about developing a new cyber defense structuring about updating the cybersecurity strategy and the legislation. It's also addressing crypto issues and getting [indiscernible] and quantum cryptography, and also seeing the opportunities for cyber in NATO and how Finland has to promote that. And not to forget EU, of course. Of course, whatever the nation is doing is fine, but we must not think that this takes away the responsibilities of companies. The companies still have the same responsibilities for managing their own cybersecurity, as they have always had. So prevent and protect, to prevent the bad guy from doing any harm. If something would happen, you have to be able to detect and defend against it. Then, you have to be able to manage the crisis and recover from it, and then ensure business continues, which you do with management and development of these capabilities and exercising. Some of the challenges that we still have, for example, artificial intelligence. Well, it can be used for defensive purposes, as we are using, but it can also be used for offensive operations. So we are basically waiting that when will the first major cyberattack actually using artificial intelligence capabilities happen. Of course, ChatGPT has been on the radar, what can you do with it, but it's still not a silver bullet even for offensive operations. IoT security, OT, we have been touching upon quantum computing. So basically, with quantum computing, it means that I can steal your data now, I can wait 30 years, and then decrypt it when we have quantum computer. So what you should do is protect your sensitive data now so that it will not be possible. That is why we are talking so much about quantum cryptography. And ransomware attack and supply chain attacks are also on the rise and seen as one of the main threats today. So this is basically where the SSH referred to our comms, in that we are able to answer to this challenges and address the threats that we see, both from nation states that are actively really pursuing this as part of their doctrine and also for criminals whose motivation is money, or be it activists who have ideological reasons. So basically, we have a portfolio to really be a major part in this puzzle. So thank you. This was a very quick overview.

Thank you very much, Catharina. It's very pleasure to listen to you, as always. Following Catharina's presentation, we actually have now a dedicated Q&A session. So -- and after that, Teemu will say a couple of words as a conclusion. But if I may have our leadership team joining here, and then I will start to ask a couple of questions. But in the meantime, I have one question for you, Catharina, because I know that you have worked for NATO, and it's now a hot topic here in Finland as we joined officially NATO Alliance. What does this mean for private sector now that Finland has joined NATO?

Thank you. That's a very good question. It means a lot of things, a lot of possibilities. First of all, NATO typically only purchases solutions or products from NATO countries. So even when we were an active partner, so no matter how good we were, the doors were still shut to us. But now, we are inside the Alliance, so this opens up a market. A second way that this is beneficial to us is that especially with cyber, NATO works a lot with industry because NATO has realized that it cannot do everything itself. It cannot build all the capabilities itself, so it needs help from the industry. And now we are part of the gang, we are part of the club. So this opens up also a lot of opportunities to not only sell products now, but to also develop future products and be present in this. So I think it's a very good opportunity for us.

Thank you, Catharina. And well, gentlemen, couple of questions to you also. So I will read from the chat. [Operator Instructions] So first question, I guess, maybe Rami talked about the partners. So how much of the revenue generation comes from partner network? And what is the outlook for revenue generation from partnership in future?

This is very quick. More than half and growing.

Thank you, Rami. Actually, second question is a little bit the same. Do you plan to strengthen your presence in certain key countries through strong local partnerships? And if so, in which countries?

Well, I think Teemu covered that as well. I mean, U.S. is the biggest market, so we are a little bit underrepresented even if we have a long history there. And then Europe, the biggest markets are obviously Germany, DACH, Central European market. We also see a lot of opportunities next door in Sweden, so that's something we've been investing recently as well. But those are maybe the obvious ones, but of course, we are present in most places.

Middle East.

We have gotten active partners waking up. And in Asia, we are doing a big change because we were very dependent on Hong Kong and Singapore, and Hong Kong is not really the place for Western cybersecurity company. So we are reducing dependence on Hong Kong and going for Southeast Asia. We have new partners now in Thailand, Indonesia, we're talking with Australia. And that's basically the plan, to get the partners up and running so that we can get Asia back on track.

Thank you. And then a couple of questions have been also here circulating about the go-to-market actions. So which are our next go-to-market actions?

Well, I guess, partnering is obvious. We have done a lot of customer visits post-COVID. Actually, I just got from Mariott and updated this year, I have been in hotel 66 nights. And we have been at fairs, I think about 30 different fairs. OT has been a big topic as we've been a lot with the new partners in the OT space, which is -- it takes about 10 to 12 months to get the partner up and running. So we want scale. We also -- Lauri is leading our digital space, and we've done a lot of content. And now, we actually have too much content. We have to get people to read it. So if you have nothing to do in the weekend, just go to our website and read some stuff.

Okay. And also videos and podcasts. Then I don't have more questions from the chat, but I have one question. [Operator Instructions]

I have quite some questions, but I take the easiest one first, maybe. Can you talk about the price adjustments when 3-year contracts to be renewed? I mean, how much do you bump up the price? It's like 5%, 10%? And are there any change between the U.S. and European customers to accept the price change?

U.S. seems to have been executing more. Our target has been 5%. A lot of our contracts and a lot of our customers want to tie it to [ OECD ] index, so consumer index. But typically, we've gone for the 5% and amazingly, little push back more in Europe. U.S. is faster in any decision making anyway.

Okay. You don't guide on your sales now, 2023. But I mean if the sector is growing around 13%, 14%, you should beat that growth number, right?

That is where the target is.

Okay. And this one for Rami. I think you talked about the average deal size, and we saw a picture of it as well. And how much is the -- I mean, a larger deal size? Is it over [ EUR 100,000 ] or...

We talk about the deal when it's over [ EUR 0.25 million ].

Okay. Okay. And on the other side of the same coin that will it terminate very, very small customers?

We have actually moved -- consolidated the partner network so that we moved the smaller customers and automated the invoicing and renewals with them through the partner network. So less touch from us. Of course, there's no reason to lose small customers either. We just need to optimize it.

Okay. Great. And then the last question here. You talked about the products, they are pretty high technical levels. How is it? Are the customers up to speed on their needs, so to say? I mean, are they as technical informed as you would like them to be? I mean, do they understand what they need?

Let me answer that first. I mean, typical RFP for access management has 375 questions, technical questions. So I guess -- so I think it's an overkill. I think I would say if you can qualify for these 12 functionalities, it should be enough. But they have consultants helping them, The Garnet Groups, and they overdo it. So I would say the technical level people are very skilled. They know what they're talking about, I think even maybe overboard. But then when the question comes to the decision makers, CFOs or CIOs or even CEOs, then they couldn't care less. They just trust, hey, this is the right solution. Then the question is, what is the payback? What is the risk of not doing it? So there are 2 levels that we need to address.

Thank you. And there we have next one.

[Foreign Language]

[Foreign Language]

So just short recap. We had a question about the SSH Board, and will we fill new members to the Board and about the diversity of the Board.

Good point. Yes. I didn't know if I answered this.

Do we have any more questions? There is.

I was wondering about the deal size here too, then you seem to show that the maximum deal size is about [ EUR 1 million ] something, and I would assume that there are bigger companies here in the world. So by -- what do you think about the deal size going forward? Are the average deal size or how the customers will develop, because it seems that you still have quite big companies as customers? So I feel that as I see the industry, they have deal sizes that are several millions or even bigger than that. Then the other part here is that it used to be so, especially in, to my understanding, in the area of security products that you were able to use like different type of security providers at the same time, like firewall providers, you had 2 or 3 of them at the same time. So how does it change? Or does it change with the Zero Trust or the current approach?

Yes. First on that, we have about [ EUR 2 million ] size annual recurring revenue customers that are both very happy. We're now in negotiation of doubling the business with each of them, so that gives you maybe the -- a lot of scale opportunity for OT customers. If we have sort of [ EUR 0.25 million ] OT case, there's [ EUR 0.25 million ] IT case there as well. So that's kind of how we how we see that. Then on the -- so the other question was about kind of consolidation or having multiple vendors. Yes. I think we are -- if you look at PrivX as an example, we have -- you saw that one colorful chart where we are beating one of the 800 [indiscernible] the #2 in the market. We have 2 customers that have come from market leader, CyberArk, from us, said that this is a monster infra, we're going to change it. So we see customers actually changing. Not adding -- maybe initially, they add us, they add PrivX for a certain use case, maybe developers, OT. But then eventually, the idea is that only one vendor in this space is needed. So there is kind of consolidation in that respect as well.

Customers want to have less vendors. That's the trend. Technically, they can have more, but they typically want to reduce the number of suppliers they have. And just on the bigger deals, there's, of course, always a bigger boat. But in 2020, our average PrivX deal was [ 70,000 ] subscription. Now which, what Rami said, [ 250,000 ]. That's quite a change in 3 years.

Thank you very much. And now that we are lacking out of time, I encourage you to write more questions to us. For example, to me, and I will forward to them to the leadership and so on. But now, I would want to ask Teemu for a conclusion of the event and the summary. So a couple more of minutes if you stay online, so you will see the end of the event. I thank you -- thank myself -- not myself, but you joining us on behalf of SSH. Thank you very much. Teemu, once more.

Thank you. Yes. My daughter always says that things will be good in the end. And if they are not good, it is not the end. So what should you remember from us? We go for local customers. We go for share of the wallet. PrivX technology enables Zero Trust, which is a journey to our customers. And of course, we are here to bring growth to the company further. Moving ahead, we want to be closer to customers, see important innovation happens with the customers. And we want to improve our internal efficiency, both on the go-to-market and on the R&D using more common tools, automating our own systems, getting now also the 27001 certificate on the wall. So I would like to close with the slide, just a flash back to the previous CMD. Things have changed, and you don't have to read this, luckily. But we did quite a lot of changes during these 3 years. So with these words, thank you for participating, and hope to stay in touch and see you next time. Thank you.