WithSecure Oyj (WITH) Earnings Call Transcript & Summary

Welcome to the Global F-Secure Partner Webinar, September edition. All right. So let's get started. So greetings from the Helsinki headquarters here in rainy Helsinki, Finland. And this month, we have actually great topics and great speakers. So let's get going. First of all, today, we have Hannu Kilpelainen from our product marketing team, talking about insights from our end customer survey, where he will be introducing to the -- you to the customers' top security priorities that we've just gotten out of the results. Also, there are some interesting insights on the COVID-19 situation and how does that affect the customers. And then we have Minttu Kettunen from our customer experience team talking about partner survey insights, so what you guys on the partner -- partners are thinking about and what kind of improvement suggestions we've received from you and what are the actions that we are going to then take. So without further ado [Operator Instructions]. But for now, I will give the floor to Hannu, and we will start the presentations. So over to you, Hannu.

Excellent. Thank you, [ Annie ]. Great to see so many participants joining today for this webinar. We are starting this webinar with the latest insights from 2020 B2B market research project. I managed the project over several months during this year. It happened to be during the COVID time, but we managed to put it through, and we managed to get some nice insights for you as well, how the world looks like. So it seems like we are well visible in the video as well. Great to see you, too. So I really hope that you will find these insights valuable when discussing with your end customers. Perhaps you use these insights in the discussions and making you perhaps even more relevant when knowing what are the key topics, most relevant topics that the IT decision makers are discussing these days. If I can actually change the slide, I will manage to move on to the next one. Excellent. Thank you, Annie. So to start with this customer insights, overall insights topics. So Gartner actually defines it as something that enables sellers to enhance the sales experience by teaching the customers something new about his or her business. And it makes commercial messages more powerful by cutting through the clutter and creating the urgency to act. So that's where you can actually use some of these insights we are discussing today. Sure, you will find many of these insights from the latest marketing and sales materials available from F-Secure. So those are all available for you. All right. First, an overview about the latest 2020 edition of the B2B market research. So first of all, the market research is all conducted by F-Secure. It's our own rather extensive, quantitative and primary research. So we run it by ourselves. And we really focus on the buyer attitudes in the B2B space. We look at the security priorities, both product and service use. Those are of high interest for us and many of you as well. The research is focusing primarily to Europe. Sure, we do look at U.S. and Japan being really important markets for us as well, those specifics, but today, we discuss mainly about results from Europe. This is not the first market research. We conducted some years ago, we call it, segmentation study. I believe this B2B market research is a better name for external audience, so whenever you're using the outcome and insights that might be easier to call it as a B2B market research by F-Secure. So some of the results from 2 years ago are also visible, and we can also like see it a bit for the trend how things have changed the world over the 2-year period. This year has been, of course, very exceptional year due to COVID-19 pandemic. So this survey was executed during April and May. So we managed to actually ask some of the questions regarding the COVID situation. Like Annie said, we'll walk through some of those changes, how the COVID actually impacts IT decision-making. We included overall 2,750 responders, primarily decision-makers, but also a quarter of the responders are influencers. And these are all about purchase decisions -- decision-makers for IT and network security products and services in their organization. So not too broad audience, it's really decision-makers and influencers. It's a very significant research to have really so many decision-makers around the world participating. So I'm really pleased to share the results here. Then like I said that we focus on Europe, many of the other research is primarily U.S.-based. So it's also a unique way of seeing like how the buyer behavior is in Europe. So in Europe, we have 1,950 responders across U.K., Germany, France, Belgium and Netherlands. We also include Nordics, Denmark, Norway, Sweden and Finland. That makes that 1,950 responders. It's also important to understand that most of these or actually pretty much like over 90% of these responders are not existing F-Secure customers. So we get a lot of insights about the general market, how it looks, also for those who have not yet selected F-Secure as a security vendor. Of course, we have a reference to the end customer survey, and that's specific for those who are using the F-Secure. So today, we will focus on key findings. We start with the impact of COVID-19, the buyer behavior and what solutions they purchase. We continue with a number of targeted attacks, how the companies see them. And then we look at the top security priorities for 2020. We continue with insights about service providers and resellers, selection criteria. We look at the top reasons why they change the vendor. And we will finish with key takeaways, making it a little bit easier for you. All right. COVID-19. So during April and May this year, 36% expected to delay spending. On the other hand, only 14% declare they will decrease budgets due to the crisis. And these budgets are specifically about IT and network security. 37% say there's no impact, while the remaining 12% expect an increase of budgets. It's really interesting reference point as well from our end-customer survey. So in that survey, actually, it was a little bit more positive in that sense that only 18% felt their security budget plans will be delayed, so being less compared to the broader market research. Overall, I think it's a good signal that existing F-Secure customers are not planning to delay spending on the IT security. But word of caution, of course, these customers -- end customers who responded to the F-Secure survey might not be the same type of decision-makers, maybe they might be end users as well. So they might not feel the same budget pressure as the decision-makers in the broader market research. When it comes to the vendor and reseller chains, it's, again, good news for the existing customers since the change is slowing down. On the other hand, new customers might not be so willing to switch to us. For vendors, 42% of responders say that they are changing vendor, but haven't decided yet. Fair amount of 28% say they are not going to change the vendor, but on the other hand, 23% said that they are changing their IT security vendor in the next 6 months. For resellers, on the other hand, it was the same, 42% of responders saying they will consider but have not decided, while about 1/3 said that they are not going to change the vendor or reseller in this case. And only 14% say that they are going to change the IT service provider or reseller in the next 6 months. So it's more stable when it comes to the reseller switching compared to the vendor and especially when it comes to the MSP reseller type of partners. Two lessons here to all of us: to take care of our existing customers and leverage opportunity with those considering to change the vendor. Maybe there are good ones to switch to F-Secure then. Then one more COVID-19-related topic is increased work from home. We know that there is increasing VPN usage that has been in the news. And I guess, all of us know that very well. But what hasn't been in the news is that with the clear growth that we can see from this market research showing that security for cloud-based collaboration is growing quite rapidly as well compared to the 2-year-ago results of the survey. That includes, in our case, a cloud protection for Office 365 and Salesforce, both getting a good traction. And this was actually like across all the countries. All the countries saw the significant growth in these 2 solution areas. I also remember some of the data points from Gartner Research. So they indicated that cloud-based endpoint protection is definitely going to grow. So in our case, it's rapid detection and response and protection service for business, protecting the employees working from home, and those solutions -- especially those solutions are not expected to decline during the COVID-19. And most of this type of solutions are expected to rebound in the medium term, meaning that we are expecting growing budgets in the year 2021 and -- onwards. Then for usage of other security solutions. It's not a surprise that most responders say they currently use network firewalls. Sure, but there are other findings, I would say, as a highlight of opportunity in the areas that many are not yet using. So first, I would say that vulnerability management has only about 22% adoption or, as another reference point, only 12% of the security influencers from midsize businesses declare they are using vulnerability management, so greater -- from F-Security, it's a great opportunity. Second was the patch management on 18%, definitely something that our organization should take care -- better take care, and that's covered by the PSB solution from F-Secure. And lastly, EDR has massive potential with only 16% declared they're currently using EDR. And again, we got the solution for that. But you see the other solutions perhaps you are carrying in your portfolio, and this is declared usage. So it doesn't necessarily mean that, that represents that organizations have only half of them carrying their firewall. It's really much about how the decision-makers are responding while they are presented the list. So a bit of word of caution as well. Now next one is about the aspiration of all-in-one security solution. So 82% say they would like to have an all-in-one security solution or core solution or service in that case if it's from a service provider. 43% of these responders say they would be happy to have just one solution. But then other 39% say that they would maintain still some important best-in-class solution to cover some of the areas, specific areas. We, at F-Secure, are also responding to this overall market shift, and we've been working really hard over the years now to really put together an extensive portfolio in a way that we are integrating the portfolio, and if you have joined the December partner webinar already last year and other webinars in the upcoming months, you will hear a little bit more about this portfolio integration from F-Secure as well. So super-exciting times as well to see this convergence of all-in-one cloud-native offering. And recently, Office 365 protection came into picture as well, but exciting times, and it looks like the market is very ready for all-in-one and, of course, simplified solution to manage -- easier to manage and that's what we are also offering. Then some -- a few words about the companies being targeted by cyber attacks. Almost half of the responders say that organizations were repeatedly attacked by targeted attacks in the last 12 months. So not just once but twice or more. So it's getting more common. Roughly 1/5 of the responders say that they never detected a cyber attack or a targeted attack. At least they don't know about the attack. Maybe they were breached, and that's even more alarming. So let's help these companies to be protected from targeted attacks as well. That leads to the topic of how organizations are actually planning to protect themselves from these targeted attacks. Well, naming the solutions Endpoint Detection and Response, EDR; and Managed Detection and Response, MDR, ways of dealing with this. For those who have not yet started to use one of these solutions, 42% say that it's a priority. So that is also really good news. Clear increase from, like, 2 years ago. Two years ago, it was 34%. So especially in the upper mid-market, 500 to 1,000 employees, there's a clear demand, but equally across the company sizes as well. Almost 50% of the upper mid-market organizations are seeing EDR/MDR as a priority. When it comes to the priority in the 6 months period, 17% considered detection response as a priority, and other 25% considered as a priority after 6 months. So in case organizations don't already have detection response solution, so probably it's a good idea to offer one of these solutions perhaps as a product or as a managed service. So let's help our customers to be prepared for the targeted attacks and data breaches, so not to wait for the impact. There's a little bit of something going on with the slide, so just a moment. Yes. Well, it really looks like too many companies just keep on waiting. I think it was 33% in the study who say that they don't consider detection response as a current priority. So again, the insights we just presented, like in the previous slide, probably wake them up. If they haven't been or they don't know about the increase, then it might be just a matter of not knowing about it. Okay. We got the right slide back. We can try to move to the next one and try not to click the wrong button over here. All right. Okay, let me click once more. Let's see -- great. We got to the important topic of the day. So security priorities and top 5 priorities in this case. So these are the security priorities for 2020. We asked from these responders to select from the list we have provided 5 topics that represent the biggest challenges for them and the organization in the coming 12 months. Well, first of all, compared to the results from 2 years ago, there were no really major shifts, but at least the top 5 looks quite stable. And the #1 priority with 30% remains as malware and ransomware protection. So that is bread and butter for F-Secure, like you could say, covered by the PSB cloud-native solution business. So it's for on-premise alternative. Then a new EDR and MDR solution area that we addressed a couple of years ago is the second highest data breach and attack detection after other security measures have been bypassed. That remains a top priority with 26%. And like I said, we cover that one with solutions, great solutions as well with 25% of responders say it's also priority to protect cloud-based collaboration like Office 365 and Salesforce. Those were addressed by F-Secure cloud production. So it sounds like we are ticking the box really well. And finally, in the top 5, actually, on a shared fourth position with 25% this year was security awareness. And that is actually addressed by F-Secure's Phishd, that is geared towards larger enterprises, but equally, you have opportunity to provide training, security trainings for these end customers as well. So keep in mind. I have prepared here also a full list of security priorities. Just make sure that the slide changes. Great. So if you are interested to see like beyond those top 5, if there are some areas that perhaps you are specifically focusing, you might pick that specific insight from this list and present it to the end customer as well. And of course, these are the majority of the potential customers who are considering as a top priority. It's, of course, really important that we are understanding what are the top priorities and then gearing our messages in the sales and marketing towards those priorities. So better chances to win in the sales cases. Moving on to insights about resellers and service provider partners. So first, 60% of responders buying IT security solutions from service provider or reseller described their provider as a key partner. So that means that they have perhaps outsourced some of their IT function or they rely heavily when it comes to the security. 13% say that there's actually a partner who they outsource most of the IT function, including security. Then 28% say that a key partner is specialized in security, not just general IT. Good. Then a couple of insights related to the personnel that organizations have. So 52% of organizations say they have in-house IT network security people. It's a quite significant increase of 6% from 2 years ago, and this is actually across all company sizes. So you can expect a little bit more awareness of security-related matters from customers these days, at least compared to 2 years ago. On the other hand, it's great to see that organizations are taking IT security more seriously than before. So they actually are investing in it. Perhaps there's some growth expected as well in budgets. So when they have better understanding of the issues, they might be more willing to invest into addressing these issues as well. Sure, there's now really like a question that, okay, to what level skills they have whenever they are responding that they have in-house security guys. Well, it's relative, but I'm sure that you would have opportunity to provide services to support them as a service provider or some of these services can be provided from F-Secure as well. Then 65% use some services as part of their security solution mix. That is similar outcome like 2 years ago calling F-Secure partners to evolve from resellers to service providers to stay relevant with the market. We have been making or at least trying to make it very easy for you. We have dedicated people actually available to help you to ramp up your services business. So whenever you are considering and perhaps don't have too much resources in-house, so you can reach us as well to let us to help you out as well. Then I will highlight 2 aspects about selection criteria. There we go. First, when buying security products, advanced technical know-how is the most demanded quality from the resellers and service providers that you should have, followed by good trust-based relationship and also availability beyond office hours and flexibility. So those are standing out from the other criteria. It's good to note that many other aspects of price are appreciated by end customers. So look at the value beyond just price. The second selection criteria is regarding Security as a Service. So availability and relationship counts the most. So well, in this case, the option was to ask about availability as 24/7 availability when it comes to services; trust, good relationship with the managed partner; then -- that's about 30%. There are also other reasons like lack of internal expertise, especially when it comes to the advanced solutions like EDR. So that's really opportunity for you guys to provide this service, at least as an example. When counting the Security as a Service aspect, just reminding you that almost 2/3 have already some services as part of the security solution mix. So I would say it's continuous battle with good and evil. We continue to make you the latest technology, but customers don't really have enough sufficient skills to actually respond to these advanced threats. So I really call for you guys as well to step in and provide Security as a Service. That's a great opportunity and, clearly, something that customers are looking as well. Then when it comes to the MSP support, more specifically, we asked about service providers and managed service providers. So we got response that 22% currently use some form of MSP support. There are some industries where -- or verticals where the MSP support is highest. Examples are transport/tourism/leisure. Also manufacturing and public sector count it above average. On the other hand, there are a couple of, like, professional service, ICT and IT consulting service type of, finance/insurance type of verticals where they use least MSP support. So in case you are targeting some of the specific verticals, that might be a good insight as well where to start with. Then an insight about security purchased as a service. So it's most likely purchased from managed security service provider. So underlining the security, that's clearly the largest portion, 55%. On the other hand, it's less from nonspecialist or a service provider or directly from vendor is less as well. So if you're offering security as a service, there is expectation to have a similar level of expertise. So it's worth to invest into skilled team and training as well. There's a role for general MSPs as well, of course. But based on the market research, the portion is quite small, 28%; and directly with a vendor, like F-Secure, only 17%. So definitely, there is a managed service business for those who have the skills and the ability to find the right team. Finally, an insight about purchasing services across different company sizes. So as an example, where these managed security service providers are clearly in all company sizes, so you can see that it's not only the largest ones or smaller ones, but many services are demanded by all company sizes. Sure, general service providers are also in demand, but that leaves security vendors like F-Secure to address directly on a small portion of the services and/or businesses. And overall, you could say that service providers are addressing all company sizes, not limited to the smallest ones. Piece-of-Mind. That's I would call to have opportunity about offering managed services. So a couple of data points from the market research about how organizations seem to keep their skilled security people available even around the clock. So based on responses, IT security teams are commonly organized to work during standard hours, so then they have on-call personnel at other times. So already 22% use MSPs to assist or fully manage their security, but there could be an opportunity to have even more businesses to use MSP. So there might need to be a flexibility to either fully manage over the business hours or perhaps extended business hours or even 24/7 in some cases. So there is an opportunity to augment this in-house teams, free up their time in the night shifts or reduce the need for them to be on call, perhaps something that could be evaluated as a service model for you as well. And top reasons why they'd change the vendor. First, finding a better solution was important to all, then price was more important for smaller or more service-oriented companies, less important for larger IT environments, and also legal/compliance requirements seem to be relatively important, especially service-oriented companies whenever they are changing the vendor. Those are some of the top reasons. So these might be all the reasons why some of these organizations might find F-Secure as a better choice than their current solution. When taking example of the legal and compliance requirements, well, Radar might be one way of addressing PCI requirements. Quite a lot of things we have gone through. So we list the summary with key takeaways. I had to pick the best 5, not too many. I hope there's no too much information coming over to you, but to make it a little bit easier to digest, I prepared a couple of takeaways. So first about the COVID-19 impact. It will be seen through delayed vendor change and some delay in spending, but a small number of responders expect to decrease their IT security budget. So that's a good sign. Only small number are expecting to decrease. Work from home drives increased use of specific solutions like VPN and cloud collaboration, while increased number of targeted attacks make detection and response solution a priority. In terms of security priorities, malware and ransomware protection remained #1 priority, followed by data breach and attack detection and protection of cloud-based collaboration. We also discussed about high aspiration for all-in-one security platform or service and how F-Secure is addressing that as well. Stay tuned for exciting developments in that area, very exciting times ahead for us together with you as our partners. And finally, we looked at many aspects of Security as a Service. So we noted that almost 2/3 of these responders use some services already as part of their security solution mix. That's all the insights I prepared for today. I hope these fresh insights are useful and help you become even more successful. In the end, we have prepared a little bit of time for questions and answers. So I have Minttu Kettunen here, my colleague, ready to present the partner survey. So over to you.

Thank you, Hannu, and hello from my side as well. I'm very pleased to be here, and as said, my name is Minttu Kettunen, and I work in our customer experience team, and I'm here today to present you the findings from our partner survey. So what we are now hearing is the -- most of the partners, so how you see us as F-Secure or -- and the partnership with us. Yes. First of all, I would really like to thank you for your feedback. It is very valued and appreciated in all formats that we get it. In addition to the discussions and contacts you have with your local teams, we have this more centralized ways of gathering the feedback through these different surveys. And what this survey insights and also other feedback is used for is to help improve our solutions, but also to help improve our partnership with you guys. What we want to find out in this survey is what you like about us, but also maybe, even more importantly, what are the improvement suggestions. And for these topics, especially the open comments are really the meat to the bones to the scores. We get better understanding of the insights and what you actually need. We gather this feedback globally twice a year, and it's done -- one round is done via e-mail survey and another round is done via form survey. Now let's have a look at the first -- some findings from the first survey round this year. So as said, this is now the first round for the year 2020, and this was now done during June and via e-mail. We have translated the survey into 11 languages, and we got responses globally from partners in 21 countries. In total, the response rate was a bit of -- the responses came for a bit over 200, which was a bit lower than last year, but very good anyways. And from the map, you are able to see a bit of the distribution between the different responses in different countries. In these surveys, we ask questions regarding your willingness to recommend F-Secure, but also your satisfaction in the commercial and technical side of our partnership and operations, so for example, for your satisfaction in margins or licensing or, for example, the technical capabilities of our support. And since this was again sent in this new situation, we also added in this survey round a few questions about the impact of the COVID-19 situation. Now let's take a look first on what you liked about us. We're really happy to see that approximately 2/3 of the respondents are extremely willing to recommend F-Secure to their business contacts. And especially, this is visible with the partners that have been with us for a really long time. So for example, in this quote of a partner with us for more than 25 years, they say that the quality of the product is always high, then you cannot recommend anything else. You also gave us really high scores for our key brand pillars, which is, of course, delightful to see that 93% of you see F-Secure as a trusted company and 87% see excellence in our technology and also in our operations with you. Where we saw some increase in partner satisfaction was in the ease of doing business with us. And also even though we've got a lot of good improvement suggestions for our new partner portal, but there can already be seen a slight increase in improvement there as well. So about -- of the respondents in the survey who actively use partner portals, so either -- or approximately 2/3 either were satisfied or somewhat satisfied with the new partner portal. And then maybe last but not least, the impact of the COVID-19 crisis. And as was already in Hannu's presentation as well that the situation doesn't seem that dire. So around 75% of you estimate that the security business will not be impacted or that the security business will even increase due to this crisis. And just a reminder, this was -- the survey was done in June when the first wave of the COVID-19 was still quite high upon us. Then improvement suggestions or improvement topics that you would like us to do. First of all, we have the more proactive communication. Of course, this is, for example, about development in our products. This is something that we, of course, constantly are developing and figuring out new ways to communicate with you. But also, I would maybe encourage you to make sure that the preferences, for example, for e-mails is up to date, then you are able to receive our general communications and other, for example, product communication e-mails. Second point now on this list is assistance with lead generation. And for this one with the new partner program, we have also introduced new marketing funds programs, which start for partners from silver level and up. These funds can be used in various demand-generation activities, but -- and, in addition to these, we also have co-marketing playbooks -- several co-marketing playbooks available with ready assets to be used in demand generation. And you can find out more about these reaching out to your local F-Secure team or visiting the Materials section in partner portal. There has also been a question for more training options, especially for the EDR side. And we are currently also working on developing new training models for our partners. And more about these trainings, we will then present in the partner webinars. And more attention and contact from local teams. This is also kind of interesting topic as well. Cisco operation with our local teams is really highly valued with our recommending partners. So obviously, we are doing things right, but of course, there could always be some more involvement. And then finally, improvements in the licensing models. And we have heard this need already earlier. And as some of you probably are aware, we are currently working on developing our SaaS business model, which is exactly aimed to make the licensing more flexible. And about these topics and other improvement topics that we got from the partner surveys, we are communicating more to you through the channel and in these upcoming partner webinars. And as a final conclusion, we really appreciate your feedback, and it always is taken into consideration it's distributed to the relevant stakeholders and taken forward. So I would really want you to also take the time next time when you receive our survey to give your answers. Thank you from my side. And now back to you, Annie.

All right. We still have a couple of minutes for questions and answers. And we already have a couple of questions online, but if you still have something to ask, then please type in your question in the questions box.

One question to Hannu. So there was a lot of insights from the customers, and you already talked about like how we could use these insights in sales and marketing. So how can we use these?

Sure. Sure. Of course, these results are fresh, just came out, and we are making them now available. Our team is working on the marketing side, building material in the upcoming months. So you will get campaign material, marketing material that helps you to actually do this kind of like a co-marketing together with material we are providing. Of course, the sales materials are being updated as well, and you can find some of these insights from there as well. Of course, providing this source. You can also quote these results in your own materials.

All right. Thank you. Then another question on the survey frequency. So how often do we -- when are we actually then conducting the next surveys again? I think for both.

Okay. So I can start by saying that we are conducting this market research every 2 years. So we consider that is a suitable time to see how the market is changing. So every year might be a bit too frequent. In our case, of course, is a quite significant investment as well, both time of money, to invest for a so large global survey, so kind of like optimizing the value that it delivers every 2 years. So we consider that every 2 years is a good time for this kind of market survey. And I think, like, 2 or 3 times, we have been already, like, using this time frame. So I hope you find them anyway fresh for the next 2 years now, the results that we just got.

Yes. And for these partner surveys, we are, as said, doing them twice a year. So now this was the first round for this year in June. And now in the autumn time, we are having the second round for the partner surveys.

Okay. As we don't have any more questions online, I think we will close the session. The next partner webinars will be again coming this fall. So we will be talking about competence development, as Minttu mentioned, so what are the new trainings coming up from F-Secure's side to partners. The know-how is really important to our customers. So we really want to support you guys there. And then we will also be talking about the new product portfolio and one offering, one solution that Hannu also mentioned in the coming webinars this fall. So hope to see you soon, and thank you for the attendance. Thank you.

Thank you, all, and stay safe.

Thank you.