SSH Communications Security Oyj (SSH1V) Earnings Call Transcript & Summary

Welcome to SSH Communications Securities Investor Call for Q4 of 2024. My name is Aino Virolainen. I am a member of the SSH Finance team and also responsible for Investor Relations. The results will be presented by our CEO, Rami Raulas; and CFO, Michael Kommonen. After their presentations, we will have time for questions and answers. We received some in advance, so thank you very much for those. And if you wish to ask any questions during the call, you can do so by writing in the chat. The call is hosted with our own solution, SalaX Secure Messaging. The call will be recorded and the recording as well as the presentation material will be made available on our website. If you're not seeing the presentation on full screen, please check the chat for instructions on how to optimize your view. But now I think it's time to start. So I will give the floor to our CEO, Rami Raulas. Sir, please go ahead.

Thank you, Aino. And welcome from my side as well to the Q4 and 2024 summary and [indiscernible] outlook for [indiscernible] year 2025. We have come long way as a company with our mission now and we have in the recent year clarified our solution portfolio. With our mission to protect secret and sensitive data, I mean we can't have breaches like the ones that have happened recently with health care operators exposing 80,000 identity information of consumers or citizens or a breach into 70,000 pension fund details because somebody got access on a service provider's password. So protect and then defend secondly, access and visibility to critical systems and enable secure communications between human systems and networks. We've also been talking for the past 2 years about defensive cybersecurity for organizations to stay ahead of emerging technologies like quantum computers. So with that, we are now this year celebrating our 30-year, 30th year anniversary since the beginning of the incarnation or development of SSH Secure Shell. Our founder, Tatu, is the developer for that, and we are responsible for that authentication and encryption technology that has been able to secure Internet for the past 30 years. And now it's time to move forward to secure it for the next 30 years. The Secure Shell itself, by the way, is still very modernly used after 30 years, access to subway trains, access to windmill parks, access to Tesla cars is all handled by SSH protocol. Maybe Tesla is not the greatest example in current recent developments, but still very heavily used in modern IT technology as well. And the other key topic that has really taken us forward and will be an important focus for us is defensive cybersecurity and the defense market. The fourth area of defense, land, air, navy and cyber. The market is really hot. Most of the investments are going into defense industries and the valuation of defense industry companies has skyrocketed in the past couple of years. The defense market a couple of years ago, 4, 5 years ago and are now making ways forward into NATO approvals and seeking markets for wider market opportunities for our solutions. So that was only a logical step for us to get the NATO approval last year as well. But with those 2, so 30-year anniversary and defense focus, I would like to hand over to Michael to talk a little bit about what actually happened last year.

Thank you, Rami, and good morning on my behalf as well, and welcome to our fourth quarter earnings presentation. I'm pleased to report strong performance in the fourth quarter of last year and also with that contributing to a significantly improved financial performance for the full year 2024 compared to 2023. So in the fourth quarter, our net sales grew by 23.1% and EBITDA reached EUR 1.7 million. With this growth, the net sales were EUR 6.8 million. And within that sales subscription ARR grew 7.4%, PrivX subscription growth was 16% in the fourth quarter and 23% in the full year. The quarterly EBITDA, as mentioned, was EUR 1.7 million and for the full year, EUR 3.4 million. In the fourth quarter, license sales contributed strongly to our -- both to our top line, so to our sales and also consequently to the profitability in the fourth quarter. We delivered the cryptographic solution that we announced in the first quarter of the year, partially in the fourth quarter and recognized revenue for that. The liquidity situation also improved quite substantially in the fourth quarter, so sequentially over the end of the third quarter by over EUR 2 million and reached EUR 2.9 million at the end of the year. On the market and portfolio side, we were able to close several multiyear Zero Trust suite deals both in EMEA and APAC. We also had a breakthrough with the SalaX product, securing our first customer outside the Nordics by the end of last year. Looking a bit more at the numbers. As you can see here, we had overall subscription growth growing 4.3%. Deferred revenue increased by EUR 1 million, reaching EUR 13.5 million in the -- by the end of the year. EBITDA was, as mentioned, EUR 1.7 million and also the EBIT turned clearly positive in the fourth quarter. It was EUR 0.8 million. Also, as mentioned previously, as the cash and liquidity situation improved during the final quarter. This was driven by strong cash flow from operations of EUR 3.2 million. So with that, I will hand back over to our CEO, Rami, who will discuss the quarter and last year in greater detail.

Thank you, Michael. So I just wanted to give from my side as well a quick update on key milestones from last year. So overall, our business is global. About 55% of our revenue comes from Europe, 36% from Americas and just shy of 10% from APAC, Asia. We have many security-related advancements and improvements. I think you could call us nowadays as a state-of-the-art security vendor from a safety and security point of view with all the necessary approvals from the military, from the national cybersecurity agencies and with an ISO 27001 processes in place. We also improved and simplified and clarified our solution offering to the key 3 strategic market areas that we are focusing on Zero Trust, Operational Technology and Quantum Safe. By the way, we had a really interesting meeting with the United States Department of State just at the end of the year and their focus, surprise-surprise, to drive security forward in the U.S. is on Zero Trust, Operational Technology and Quantum Safe, so fully in line with that. AI has also been extensively used in PrivX for a couple of years already and will be used more in -- across all of our products and cyber in particular. So I would say that the second half of 2024 was kind of a major step for us becoming more able to grow faster and to improve our profitability. So a few words about growth itself. So like Michael was saying, so the overall growth was 9% on revenue, much more so in Q4. We actually grew much more in invoicing terms, 22%, which kind of means that we have more customer commitments already contributing to revenue in 2025 and onwards. Also, many of the subscription deals came quite late in the year, so didn't really have time to have that much impact on the revenue for last year. So I think we have a good cash position moving forward as a result of that as well. We were also able to increase our pipeline, meaning the amount of new opportunities and new deals significantly moving forward. And region-wise, Asia and Europe or European region grew better, Asia nearly 30%, Europe in double-digit numbers. We were not able to grow as we anticipated in the U.S., and I'll come back to that a bit later. This year will be our growth year target for the U.S. market more widely. And as you've seen earlier from our announcements, we work through partners. We need and want more feet on the ground through partner network. So we have been widening our partner network. Here you see a few examples of new partners that we signed and actually had initial deals as well in Central Europe, DACH, CANCOM and Bechtle, Deloitte in the Nordics, in Ireland, in Taiwan, in South Korea and Thailand, as you can see examples there. On the profitability side of things, we were able to improve our profitability by streamlining the operations. So we went through an organizational change, moved away from any hierarchical structures or functional unnecessary structures and moved to just simply 3 business units and 3 regions and then set up a special OT task team to drive forward that growth opportunity for us. We also introduced new sets of values to make our life easier and clearer for everybody, so dare, care and share, simply for more initiative taking, entrepreneurship, more ownership, teamwork and results orientation. So all of these contributed for us to be able to improve our EBITDA throughout the year by 88%. So I wanted to say also a little bit, and I said that we streamlined and clarified our portfolio. So we have simplified it into 3 product names for product brands, communication security for human systems and networks with the brands for PrivX for Systems, which is the biggest part of our business and the fastest-growing part of our business as well. Network security with NQX and then people-to-peeople communication with SalaX, which is a new brand that we just launched in end of Q2 last year. PrivX subscription sales grew 23% last year. So that is our kind of spearhead and growth engine moving forward. It's also a market that not only has renewal elements in it, customers renewing their 15-, 20-year-old initial privileged access management solutions, but also really new innovative technology companies looking for modern architecture solutions. The SalaX Secure Messaging was brought to market with initial customer engagements. And now we are going to put that SalaX matrix-based secure messaging to be available in the public authority network very soon as well. We also introduced a partnership with Honeywell to enhance and expand our OT security offering for OT discovery, threat intelligence, anomaly detection kind of things. And we are now moving forward to integrate PrivX OT more deeply into that anomaly detection and threat intelligence solution. And last but not least, as a result of this earlier announced EUR 1.8 million cryptographic solution projects, out of which a bit over half was recognized last year, the rest in the coming years. As a result of that, we will be bringing to market very soon an [ FQX ] file encryption solution for the wider markets and other geographies now. So let's have a quick look at what happened in the different markets and segments. So typically we've been in quite a few segments, as you can see here. We were able to expand our vertical market penetration in my opinion in a quite balanced way. But more towards the growth markets of defense market, critical infrastructure and OT or manufacturing companies, but also making ways forward in IT and managed service provider markets, finance market, which typically has been our stronghold, especially for key management solutions for compliance of banks and which, by the way, now need even more compliance for DORA and for Quantum Safe moving forward. But let's have a quick look on what we actually achieved last year in each of these segments. So I'll go through them kind of one by one. So in the defense market, practically we are selling all of our solutions to the defense market, defense and defense-related manufacturing industries working together with the defense forces. And our plan is to also introduce into that segment the secure messaging. Initial steps for that have already been taken recently. And of course, in that market, the proper accreditations are needed. And we got those approvals for our network encryption solution. We are now in the process of seeking approvals and certifications for the network security NQX, both for EU and NATO restricted approvals. We're also seeking for PrivX, FIPS. FIPS is the American encryption technology standard for American government players. So both of those, EU and NATO restricted certifications and FIPS certification will take place this year for our solutions. Critical infrastructure, we've already been there. For instance, the national grid access controls are protected and secure communication are protected with our solutions. But we also were able to close some business and new deals. Here's just an example of one major energy company who took into use PrivX as an access management solution for that environment. In the manufacturing, environment. Manufacturing companies are a good target. It's a bad thing that they are a good target because they are a good target for people who want to attack them for ransomware, extortion, trying to stop facilities. This is an information from IBM X-Force intelligence report, just demonstrating that the manufacturing industry has been the most attacked one in the past 3 years already. And why? Because they are the least protected, a lot of legacy systems without proper encryption in there, and you can't disrupt especially process production or industry. You need continuity and you need resilience. So that's why we see it as a proper investment market for us and a growth market for us moving forward as well. And in last year, we were just able to achieve very satisfied OT customer, actually customers willing to wholeheartedly recommend us and to expand with us for further services, for instance, 2 of the top 6 paper and pulp companies. And furthermore, we also gained additional customers there. Here is one example of the largest steel manufacturer. This is kind of a unique approach on the market because these both 2 customer cases are a combination of both IT security and OT security. Now what does that mean, this convergence of IT and OT. Simply means that for the IT side, the requirements for what is needed to protect assets and data in IT side are very well known overall. You see things like identity and governance, modernity and scalability, session recording, zero trust access, zero standing privileges. On the OT side, the requirements are a little bit different. We talk about governance, we talk about compliance, we talk about standards, we talk about supporting legacy OT, access protocols, being able to grant access just in time from the site or from the plant directly to users who need to enter there to do remote diagnostics or maintenance or remote production system optimization. The outside connection to manufacturing environment is already used for kind of edge computing to collect sensor data into clouds and everybody is talking about Industry 4.0 and digital twin since many years. But what is unique, what we can do and be able to present to the market and partners and customers is to really just simply combine these 2 into 1 platform, so customers don't need 2 or 3 separate solutions moving forward. Now on IT and technology MSP market. We have had quite a few many service providers already, so governing access when they access their customers' environments. Here's one example, Fujitsu has been doing that both in Japan and Europe. And then for the IT market or technology market, we also gained a new kind of exciting Final Fantasy customer for a gaming company. And that only proves how successful we can be in that IT market and especially software companies or service companies. I've been working for a Japanese company for over 10 years and I've been trying to sell different kinds of solutions in my earlier career into Japan. I'm really proud that we are winning business in Japan because if you can win customers in Japan, then your product is quality, good enough quality anywhere else to anybody else. Finance and insurance market. We had some expansions of some customer cases, both for Tectia, Secure Communications and for key management, both in Asia and the United States. So indeed, we've been talking, in the past years we've been talking about key account management, having great customer names, talking about land and expand or cross-selling. And I think we have now good proof here that we are able to take steps forward in gaining more ground on existing customer base as well. An interesting area and focus now is retail and logistics. We've been in dialogues recently and last year with logistics and retail companies and especially port and maritime operations also according to analysts is a big threat. So that needs to be protected better. And most of the big retailers like Walmart as an example, need to protect the whole supply chain. Also NIS2, the European legislation for network and information security governance and mandates also whole supply chain governance. We can provide solutions where the whole -- all the connections can be encapsulated or encrypted into a quantum-safe tunneling already now without having to change everything else. And last, we've also been acting in the health care market with the secure communication product and access management solutions. And here's another example of a major Nordic health care operator selecting our access management solution as well, combining that to an identity management solution on the market. So those were quick highlights of what happened last year and what kind of successes and achievements we were able to achieve with customers in the past 12 months or so. But let's have a quick look on this year's focus and where we see us going moving forward. We want to accelerate our growth in all regions in a balanced way. We are putting together even more so more competitive solutions portfolio, so not stopping what we did in the past 18 months in that. And I claim that this is the year of Quantum Safe and move to crypto agility readiness for all companies. When I speak, for instance, in the defense market with generals, the first question is, is your product already Quantum Safe? First question. So the market is already taking place. I'll come to that later on. There are some interesting developments in there as well. But just a few quick words on accelerating our growth. Last year, we didn't manage to grow in the American market. We are now rebuilding that under the new leadership and getting a new team in place. And just in the past month and ongoing weeks now, we are putting together a new team for strengthened sales and marketing team. And as I mentioned, also accreditation certification for the federal central government market. So our aim is to put ourselves back into the growth mode in the U.S. as well. And we want to expand our presence in those growth segments of -- as mentioned earlier. And very important topic of course is to work more tightly with the existing partners so that they are more active and proactive with our solutions to their customer base and to new customers, and we will be recruiting more partners as well in the main markets. So on the solution area, so we see a clear transition from the secure mail deployments that people are having now in place since quite a few number of years into secure messaging, secure rooms and secure messaging and secure chats and file sharing there, a bit more that in a minute. NQX, we are putting more technology. This is just software-based encryption technology. Of course, it runs on hardware at the moment. But we'll be able -- we are putting more performance and throughput into that solution, and I'll show you a picture of that in a minute. On the OT side, it's more of an integration work this year to integrate those threat detection and anomaly detection solution parts that we now have in our portfolio together with the access management, PrivX access management solution. And we'll be also bringing to market the kind of an endpoint tunneling solution to simplify the access for OT environments and get removed the need of having to use VPNs for that as well. And with the launch of the file encryption to the market. Beyond that initial customer case will take place this year. So I think you could say that we now have a fairly complete family of encryption solutions in our portfolio. And that's, by the way, what that encryption, file encryption looks like. So I just look for names of people I want to encrypt the file with our encrypt files or files and then share them and only the persons who have the matching encryption key, for instance, from a smart card like in the government environment or from a YubiKey or token like that. So that leads into a portfolio of PrivX, NQX and SalaX. And the components within there around the PrivX one is this. Our value proposition for the PrivX is that it's a highly scalable, very modern solution that has superior total cost of ownership or return of investment for people and also for key management, which is unique in our solution compared to traditional PAM vendors. NQX is network security with a kind of unprecedented performance and security, especially for the key exchange world and has already been having Quantum Safe for post-quantum resilience since 2 or 3 years now. And then secure collaboration and file encryption. And here, our transition is toward best breed of metrics-based secure messaging, combining that as a transition tool from secure mail environments. If you have a quick look at the PrivX, you may have noticed on our new website that it's called PAM to the power of 3. So please have a look at that. But the whole clue behind this is that the biggest attack vector in the market are lost, fished, stolen, sold credentials. So the right credentials are in the wrong hands. And typically they are passwords. So there's a journey that we are providing for customers to move gradually away from having to manage and rotate and store and obfuscate and vault passwords and just automate that all so there are no passwords, just a short-lived token certificate that grants access and then it's distorted automatically after use. But there are 10x more keys than passwords, and they are typically just totally out of control. So we'll -- in our combined solution, integrated solution help with that as well so that the keys can be found, taken under control and eventually taken away as well. It's a bit silly actually that we -- the inventor of SSH keys are now saying that get rid of keys altogether, is actually get rid of having to manage keys altogether. And that is done with the PrivX Zero Trust access and then of course on top of that, always post-quantum safety as kind of off-the-shelf solution now. And we have some customer cases there. This is a large European public -- largest European public organization with massive user base, up to 40,000 users soon. They were just looking -- it's been now in production and expansion now with speed, simplicity and cost efficiency. They were actually -- they were unhappy with the legacy system, which was CyberArk in this particular case, just because of the time it takes to deploy and the costs associated in running it. So this is a proper kind of modern deployment in a really big scale. Also for PrivX, we have some customer feelings about it. So more than 93%. It's actually last week already 94% I heard. I need to recommend, this is [indiscernible] peer review information. So as you can see from there, customers that use our solutions are happy about it, are willing to recommend it actually much more than the traditional market-leading legacy solutions that you see listed there as well. We also measure net promoter score, satisfaction score, how willing our customers to recommend our products. And here for PrivX, we got 50 and for key management 75. These are also well above industry standard net promoter scores on the market. But not only customers, but also we're seeing some analysts kind of favoring preferably our solution. This is one analyst [indiscernible] call where they put us in the leader category. We are the fourth red -- third red dot from the right in the leader category. It's a bit small apologies for that. So that's just another example. Now SalaX is moving forward from traditional secure mail. This is the portfolio of secure communications we've been having now for 3 years. But the transition clearly is happening to secure messaging platforms. And that transition, we are helping -- we put on product to market for deliveries and services towards the second half of the year, and now we have initial customer engagements, as I mentioned earlier. So what does it do then for sure. It's a technology that offers open interoperability with other messaging solutions. Customers typically have the encryption keys in their own hands. So it's not in the public cloud in America, for instance, or anywhere else for that matter. And secure chat, secure rooms, secure messaging, video calls, voice calls. The technology that we chose to build upon together with our partner element based on the Matrix open foundation is a strong performer also in the Forrester Wave. Forrester is an analyst company. So in their Forrester Wave for secure communications, it was deemed to be a strong performer. And the technology is widely used in Europe, in France, Germany and Nordic countries already. And for the NQX, for the network security solution, we have a family of products and solutions there. And we are now expanding it both to the small end. We had a nano product. Now we will have a pico product, which is actually deployable also in the field in more rugged environments as well and then to the high end of really getting high throughput all the way up to 100 gigabits. Sorry for the technology jargon here, up to 100 gigabits, which is the fastest connection of networks available now. And not legacy systems don't even support that level of connect or connection speed, let alone when you encrypt -- when you put post-quantum encryption on top of the network, how much do you really get through? Typically, you get from a 100 gigabit network, you get maybe 8 gigabits through or 10 maximum. And we've been surprising governmental bodies around the world and data center operators with that throughput. Now we will be aiming to get actually nearly 100 gigabits through 100 gigabit network towards the end of the year. And that all comes or stems from the architecture of the solution. It's really scalable, running in parallel, multiple processors and the processor speeds are going up all the time as well. We started the market kind of from the defense market, but now we are pivoting into other markets as well, site-to-site connection, connectivity in OT, a lot of interest for that. Data center, rack to rack, data center to data center connections with really encrypting everything on a low level, like just on the layer 2 call layer to low level encryption that everything is encrypted completely with quantum safe with really high bandwidth, really high throughput and very low latency. So the applications or the data transfers don't stop because there are some gaps in between. But the last thing I wanted to talk about a little bit more, which I hinted to already earlier, is about the transition to quantum safety now altogether. So we've been protecting now the Internet and secure communications for 30 years with Secure Shell as an inventor and Tatu as the origin of that technology. Now it's time to shift to the next generation of encryption, which is quantum safe for PQC, post-quantum cryptography, for the next 30 years. So let's have a look at how this journey has actually developed in the past years. So this was our starting point. And we've been crypto agile the whole way. So we've been able to update and enhance the cryptography in our solution since the beginning. So it's stayed modern. That's why, as I mentioned early on in the beginning, that's why modern solutions like subway trains or windmill parks still use the technology because it has all the necessary cryptography solutions being developed over the years in the past. We're also kind of a spokes company for that. We've been talking a lot about. Here you see our fellow [indiscernible] speaking about it, presenting it, educating the market, actually putting fire under chairs to speed up the development overall. It's been taking place several years. In 2020, so what is that, nearly 5 years ago, we were part of driving together a consortium here in Finland. Finland has actually been a forerunner for post-quantum security since then. And there were 10 companies and government bodies and military involved in that. And that project won the security award for future technologies already in 2020. So we were early on, on that. Then after that, we came out with first implementation for NQX in 3 years ago already for quantum safe, and it's been gradually been updated. The version 3.0 last summer brought the latest list, American standardization standards of MLKM and other protocols into it. After that, we brought Tectia Quantum-Safe to market as an update to upgrade to markets. Then we brought PrivX to market, version 26, we're now in version 38. So that was quite some while ago already. And then we joined a list post-quantum migration committee or task force. We are one of the really few Europeans in that because we felt it's important that we're also not developing standards but we are early in implementing them and driving the market together with other players in the market as well. And then now, just about now, we are going to also announce quantum-safe connections to secure mail as well. Okay. That was 30 years ago. What's going to happen in the next -- not even 30 years, next 3 years or 5 years. Here you see a picture of the increase of quantum-safe algorithms being used in web connections, the way that we use web applications with browsers from early last year to Christmas or end of last year. And you can see it's kind of exponential. It's now up to about 45% a week ago. In Finland, it's about 43%. In Ukraine, it's 47%, highest there, by the way, and for quite some understandable reasons as well. Now this will take place moving forward, but there's kind of a quantum race going on between China and U.S. China leads in the quantum communications, QKD is one area to describe that. And U.S. leads in quantum computing, machines with more qbits as they are measured. So what is happening there? So U.S. has been kind of driving that. They established a White House document. It was passed into quantum policy law, went through the Senate in 2022 in record time. So it's a law in the U.S. Initially, the U.S. market objective was to be quantum ready by 2035. But now very recently, as you can see here, it has been pulled forward to year 2020. So there's a bit of a rush to expedite and speed up now the deployment of moving from traditional cryptography to quantum-safe cryptography stepwise, partially in parallel and eventually only quantum safe then once that is available. But is that enough? Maybe not, because China has made it a bit better and said that by 2027 they want to be ready for quantum safety in all application solutions and networks. So the race is on. Now why is this so important? Well, the problem -- challenge is that these quantum computers, they work totally differently to traditional computers. I mean, I'll try and explain that in a moment. They can perform calculations at unimaginable speeds. It's like not 100x or 10x, 10,000x, it's like million times faster because of the way that quantum mechanics works. There are interesting descriptions there for super positioning, meaning that if a traditional computer is 1 or 0, either/or and then you compute and calculate those in sequence. Quantum computers can do super precision, can be 1 or 2 at any given time. And then there's entanglement, which means that these quantum computers can entangle with each other and just do everything more even faster. It was really interesting. I don't know if any of you saw the news on that now that Google shut down actually their Willow project for a while because there's now a big speculation that they already achieved quantum consciousness or supremacy or virtual reality worlds in that. So the speculation goes up, but it only proves that the performance and calculation performance will be huge. Now it's a bit complicated like that. So let me try and explain in a bit different way how it works. So if you think about it from a point of like flipping a coin, right? So if I flip a coin, it's either heads or it's either tails. So if I would try and gamble saying out of 1 million coin tosses, how many will be heads and tails probably have an app, but the computing would take a long time. But the way that quantum computers work is that you actually kind of -- you to the coins -- they stay in the air and they can produce either heads or tails all the time and they can do it together. It's a massive increase in performance. Maybe another way to have a look at it as well is to think of how Google Maps or routing works. So when you need to go from A to B, typically, then the traditional computer in your car or wherever, mobile phone, will calculate the distance from point A to B time of travel and then do it in sequence, and it will take time to calculate it. A quantum computer will do all of that in parallel all the time. So you have all the routes available to you any second, any millisecond. Maybe this is, by the way, how autonomic driving and self-driving cars will be superior someday, if we trust the safety of those. So that was kind of -- it's supreme performance. I mean, Google's quantum project said that the calculation of a mathematical problem -- and by the way, encryption is mathematics was done within seconds, whereas for traditional computers it will take 10,000 years to compute by today's computing systems. So we need to move to that quantum safety. And we have a solution portfolio altogether now in our hands that has quantum-safe readiness in there, and we believe that we can help customers in that migration moving forward and then some. And with that, I invite Michael back here to say just a few words about our guidance, and then we will have an opportunity for questions-and-answer session.

Thank you, Rami. Yes. So our guidance for this year is quite simple for those who have followed us. We expect our net sales to grow compared to 2024. We estimate EBITDA and cash flow from operating activities to be positive in 2025. And as a reminder, at the end of 2024, our annual recurring revenue was EUR 20.5 million, up from EUR 19.3 million in 2023. And our net sales grew 9.0% in 2024, reaching EUR 22.2 million and EBITDA was EUR 3.4 million last year.

With that, maybe back to you, Aino, for questions.

Thank you very much. As has been tradition, the first questions will come from Redeye's equity analyst, Fredrik Reuterhall. So Fredrik, if you are ready, please go ahead.

Congratulations to a very, very nice report. And I mean, you went through quite a lot in your presentation, so I only have a few questions. My first one is regarding the strong growth in the license sales. I mean you communicated a number of orders. But maybe can you provide a bit more details on the specific solutions and services and what to expect on the growth looking forward to 2025 and that is especially for the license part.

[indiscernible] Maybe if I start. Okay. Maybe third time is the charm here. So yes, on the license sales question, so as you said, Fredrik, we recognized a significant amount of license sales in the fourth quarter. And as stated in our release, approximately half of the value of the cryptographic solution that we announced in the first quarter in February of 2024, approximately half of that was recognized in the fourth quarter and the full value of that order is EUR 1.8 million. So from there, you can extrapolate roughly what that share was. With regards to license sales going forward this year and beyond, we have a number of -- a few license deals in the pipeline, certain customers looking for that type of solution, preferring CapEx over OpEx. So we expect some license sales also going forward.

Maybe turn the audio on again. So Fredrik had another question.

Yes. My next question is regarding the strong EBITDA margin. I mean, I guess some part of it is from the scaling effect from the license sales and also the streamline of your operations. But can you give me a rough number of how much was the scaling effect and how much is from the streamline of operation or cut of costs? What I'm after is going forward of course.

Yes. I think if you look at it, we did reduce head count somewhat in the second half and third half of the quarter. So that said, I would say a majority of the EBITDA improvement came from the license sales. So probably something like a 70-30 split could be -- if we're talking now about -- specifically about the fourth quarter, it could be a rough split of the effect from increased sales and cost savings on EBITDA margin.

Yes. But we need to have -- yes, absolutely. But we need to have, of course, a balanced view. So the only way to handle and manage better profitability is to do it both on top line, sell more at higher prices and then manage costs on all levels. And we have some cost improvements still moving forward and some payment costs which are not in there for this year which were there for last year. So definitely aim to kind of grow profitably, which is always a difficult challenge.

Yes. Okay. Makes sense. And then my last question, I mean, you grew very strongly in both APAC and the EMEA. As you said, America was flat, and you had -- you showed some steps that you're going to put forward now in 2025. But I'm a bit curious about the time line. Can you be a bit more specific for what steps you will take in H1 and H2? And then another question is, is there any validation of your products that you will need to, so to speak, come inside some doors for the U.S.

Thank you, Fredrik. Good question. So yes, we certainly -- we have, like I said earlier, a strong customer base, so this kind of cross-selling and land and expand selling. We have projects with our existing customers, both in the finance and retail sector where we aim to close business in the first half already. We are then of course building pipeline by putting in place now a more rigorous sales and marketing team. We have unfortunately had to make quite a few changes there before kind of middle of last year. So that rebuilding takes a bit of time. But it's a combination really of existing customers and indeed existing -- not only existing customers, but existing deals or cases that we've been building in during last year that will materialize this year and then building a new pipeline, which will then yield better results for second half and then for 2026. What comes to that qualification or certification, we've been having -- we have a federal company in the U.S. as well. So federal market has been our market in the past years already or past decades, to be honest. On the Tectia side, we have FIPS approval. FIPS is the governmental cryptography library requirement -- mandatory requirement to deploy solutions in there. And now we started the project end of last year to deploy this so-called FIPS compliant cryptographic libraries, sorry for the jargon there, for PrivX, and that will be available in Q2. So then we are qualified for that market. And we have a couple of customers that are pulling and pushing us to do it as quickly as possible. Aino, You had some questions in the chat as well.

Yes, that was all from Fredrik. We will move on to the questions we got in advance. "So approximately 5 years ago, you gave an estimate of a total contract value of EUR 20 million for NQX. Is this expected to realize according to that estimate? And if not, why?"

Yes. That deal is progressing. So deliveries have started already 2 years ago, 2.5 years ago for that, a particular customer case of which I can't tell more about. It will take a bit longer time. And with some of the changes that have happened now, Finland joining NATO and kind of connectivity standards moving to also other technologies, I estimate the value of the final outcome of that deal will be less, will be smaller than we anticipated. I mean these contract values are just contract values for the tendering process. Whether they were realized in that scale is always a question. But yes, the project is ongoing, and we will be growing with that, but not to the initial extent of it maybe 4 years ago or 3 years ago.

All right. Thank you. Next question. "The Finnish Insta Group has just received TL2 secret class certification for their encryption solution. Is it expected that NQX will receive the same certification?"

Yes. NQX is certified for Level 3 and 4, so confidential and restricted or TL3, TL4 as a denomination. To build a secret level system requires different hardware technologies for red and black separation and hardware encryption. At the moment, we don't have a solution for that market. Also, the market opportunity in our home territory here would be way too small to justify an investment for that. But we are looking at partnerships for being able to enter the NATO secret level Tier 2 market in the coming years.

Thank you. Then is the PrivX average deal size increasing or decreasing? And has the churn in existing PrivX customers been low?

First of all, the churn on existing PrivX customers indeed has been low and most -- many, if not most customers are actually upgrading, so deploying more users and targets to it. Some IT customers are also now putting it into use in their manufacturing side and OT side. The average deal size, we have some really big deals. And I mentioned a few -- one customer case there earlier, which is massive, 6-digit, 7-digit projects annually. And then we have some small deals. We announced actually mid-market PrivX through our distribution network as well. So I would say, for larger companies, maybe it is growing a bit. But then on the other hand, it's kind of polarized. It's either small cases or large cases.

All right. Thank you. "How has this new SalaX Secure Collaboration solution been received on the market? In which countries in addition to Finland and in which sectors do you have the highest expectations for it?"

Yes. That product will be a solution will be taken first, of course, from a security aware customers, and that would definitely be, surprise-surprise, defense, critical infrastructure, government, health care to begin with. And we have traction there. As I mentioned, we are going to get it into the public authority network as a service soon as well. And we have for emergency services type of use cases or the kind of qualifications for the product. So those will be the prime market -- target markets for it. And we have cases and dialogues ongoing in the Nordics and Central Europe at the moment.

All right. "Then how has the Finnish NATO membership impacted SSH now that Finland has been a member for over 1.5 years? And has SSH had the opportunity to participate in significant tenders?"

Yes. NATO certainly can be seen as an opportunity, of course, as per my earlier answer to the NQX it changed a little bit also the balance or priorities in network security. But sure, that's why we went after we got the eligibility from the Ministry of Defense to get the NATO approval, so-called basic ordering agreement approval last year. Now we're getting into the product catalogs to be -- we are eligible to participate in tendering documents. But NATO is a federated environment. So most of the deployments will be actually governed and procured by the national, for instance, defense forces. And then those systems will be federated. So it's an opportunity, and we are seeking to find cases that we can participate in, but that will take some time.

Thank you. "Then when you report subscription sales growth, is this net increase? Don't some subscriptions also end? What is the typical length of subscriptions? How many years?"

Yes. So subscription growth is as mentioned or as in the question, it's a net increase. So when we report subscription sales growth, we look at one period and another period and compare those periods, recognize subscription revenue, and that's how we calculate the growth in subscription revenue. So yes, some subscription sales contracts will end in some cases, in some -- at some point. With regards to the typical length of a subscription sale, it's a bit difficult to say. I think in general, one way you can think about it is we have a lot of customers on the Zero Trust side who, when they make an agreement, they might pay 3 years or even 5 years in advance. So that of course locks in the subscription sale for that whole period. But even in cases where customers pay only a year in advance for these type of solutions, it's quite uncommon because of the project work and implementation work related to implementing these solutions that they would use them for a shorter period than, for example, the 3 or 5 years where they are paid upfront in that way.

Thank you. Then we do have a few questions in the chat as well. "What is the dream case for growth for 2025 and beyond?"

Sorry, what was the question?

"What is the dream case for growth?"

Dream case for growth.

Yes.

I don't think we have a specific number we can give on that, but I think we can, in general, say that we are aiming for significant growth.

Thank you. "Then what type of prospects do you have in Central Europe?"

All kinds of prospects in all of those industries that I mentioned earlier. So I don't know how to be more specific than that.

All right. And then the last question we have at the moment is, "What are your plans to price increases?"

Well, we do price increases all the time over our products and price them accordingly and increase prices in line with, I guess, you could say, more or less industry standards, but we're not going to publicly discuss what kind of price increases we do for specific products.

Yes. And for sure, when we introduce more value-add solutions, then they have more value, which means that they will have higher price.

All right. Thank you. I think we don't have any more questions at this point. So now I think it's time to end the call. Thank you very much, Rami and Michael, for the presentations, and thank you to everyone who have been following us online. Our next investor call will be on the 29th of April, and it will be for Q1 results. So thank you again, and we hope to see you in April.