WithSecure Oyj (WITH) Earnings Call Transcript & Summary

Good afternoon, everyone, and welcome to F-Secure's Capital Markets Day 2021. I am Henri Kiili, responsible for Investor Relations at F-Secure. I'm today joined with our speakers. We will have, first, Juhani Hintikka, presenting the group strategy and also laying the cornerstones of our corporate security strategy. After that, we'll have a first Q&A session. And then Juha Kivikoski, EVP of Business Security, will take the stage. After his section also, we'll take a Q&A. Then Edward Parsons will come to the stage and talk about cyber security consulting. After which, we'll also have a separate Q&A. And finally, Timo Laasksonen will introduce the consumer security strategy, followed by a Q&A. After that, we'll dive to the financials with Juhani Hintikka. But now, Juhani, stage is yours.

Thank you, Henri. Great to be here. Good afternoon, everybody. And this actually has been a while since we had our last Capital Markets Day. So I think it's time that we came out and engaged with all of you. And great to see so many of you here also physically, and also would like to welcome all who are following us online. So today, as said, we will share highlights from our strategy and then also talk about the growth opportunities and longer-term financial targets we have for our company. And as said, I'm joined here by part of our leadership team, who will follow me as speakers. This topic headline, in a way, captures a lot of the things that we consider important: outcome-based security through the fusion of technology, human expertise and partnership. All of those words are important. When we say outcome-based security, we really mean that we need to demonstrate the value that comes from our solutions and from our expertise for our customers. And we need to accomplish that. We need both great technology and deep human expertise and all joined by the partnership we have among ourselves in the company but also very much among us, our partners and customers. I'm happy to report that after the successful transformation that has been going on for the past few years, we are -- we have ended up with two strong businesses that are both growing and growing profitably. So looking at the graphs here, on the left-hand side, in the dark blue, you see that our corporate security revenue and in the gray bar, you see our consumer security. That gives you an idea of the size of the company. And worth mentioning that in consumer security, we broke the EUR 100 million mark for the first time last calendar year and fiscal year. Profitability is improving after an investment cycle. So we have been talking about the investments that we have needed to take. And now we are starting to reap some of the benefits, as you can see from the numbers. More about the content and the facts behind this growth and development a little bit later on. The market that we are serving is in a really exciting stage. Of course, when we look at our customers and what is happening around us, it's clear that it is a data-driven algorithmic world, which, in a way, means both the fact that these algorithms and that data needs to be protected. It's key to the business processes of companies. It is also about individuals' own right to protect their own data. It also means that AI, automation, machine learning are technologies that are increasingly relevant also in terms of the actual technology that we develop and use for tackling this environment. And that is also something that we have been investing in. Cloud is mainstream. It's almost a cliche to say that. But that, of course, is a reality that not everybody yet is in the cloud, when we look at the corporate customers around us. But most of them are on their way. That also means that the products that are being developed, and that includes also our products, are increasingly cloud-native, and we see the strongest growth coming from that. We all know that distributed work and remote work is here to stay. How long will that stay and in which format will that stay is still open, and there are differences of opinion what that will look like going forward. And I don't think there's a clear one answer to that. But one thing is for certain, digitalization has taken a leap forward. And that infrastructure needs to be protected and not all of it has been designed to actually kind of operate in such a way that most of the workforce is working outside of the offices, so more work for us. And then finally, if we look at the overall cyber security market, it is increasingly complex. And that also means that for the customers, for the corporates that we are protecting, it looks complex. And many of them have elected to actually purchase the Security as a Service. When we say servitization of security, we really mean that we need to be able to provide and deliver and sell the security solutions services as servitized packages that can be consumed at will. The markets that we are serving, looking at F-Secure, are the following. So from the top, we see the corporate security products, where we see the highest growth with the 15% CAGR, a USD 22 billion -- or EUR 22 billion market. We have the cyber security consulting market, which is the largest market, growing at about 10% CAGR. And it's, of course, clear that this market is very, very large because simply there are no products for some of the cyber security challenges that will continue to be services-driven. And then we have the consumer security market at 4% CAGR, growing. And of course, that has been reflected also in all of our numbers. And we are present in all of these three segments and all of our businesses are growing. If you look at our recent publications regarding the second quarter, you can see that we're happy to report that all of our businesses are growing and our profitability is improving. And that, of course, is an excellent basis for developing our company further. We have also spent time in the spring to articulate our strategy. And of course, the foundation for our strategy has been the good work that's been done in the company over the past few years. We actually looked at the elements and essence of that company and the culture as part of the strategy work in the springtime. And one of the things that came up from that work was that it's emanating both from the discussions between us and our customers and also among our people that really F-Secure stands for good partnership. And if you pause to think about it, what does it really mean? Well, in a market where you need to have great products and great people in order to actually even to be able to discuss with the customers and have a seat at the table, you need to have that, but on top of that, you need to have something else to differentiate. And in our case, it's very much about this good partnership that we have built, we are demonstrating and taking forward. And that is really a cornerstone of our strategy. We have also articulated some lofty goals for us as part of the work. And first and foremost, and this is probably the boldest goal, is to state that no one should experience a serious loss from a cyber attack, at least nobody who partners with us. And that is a direction we want to take. And that is a direction we want to take in partnership with our partners, with our customers and, of course, among ourselves as a company. Our people are the most precious assets in our company. And we want to take really good care of our people. We want to provide them with an environment where they can develop and where they can feel that they are contributing and also making a difference. For many of our people, it means a lot to be actually working in our company and in this industry, where they feel that they are making a positive impact in the society around us. And we really want to nurture this and be the most desired partner in cyber security but also the most loved place of work in cyber security. And finally, as said, as an industry and also as a company, we are working more towards a Security as a Service company going forward. And that, of course, will materialize itself as increasingly become a SaaS company that tracks its progress through annual recurring revenue. How will we win then? What are the elements or the components of our strategy that are really important? And we will talk more about this in detail. But just covering them, highlight, one of the bigger piece of news for today is that we will be launching a new brand for our B2B business. We have clearly seen that there are distinctive needs for our consumer business and for our B2B business. We need to be able to articulate the focus and the customer orientation, also in terms of the branding and what the brand stands for. And therefore, we have launched this exercise of coming up with a B2B brand. And our timeline is to have finalized this work by the end of this year so that we would be able to launch it beginning of next year at the latest. Combining technology and real-world expertise really is about the fact that it's hard to solve the cyber security problems of the world and of the customers with products alone. But it can be a real winner if you combine the products with the expertise our people bring into the table. We want to monetize through software and solutions, software and technology. Behind the software is important for all of our businesses. That provides a lot of the scale impact that we are seeing and also provides a good platform for further automation and repetition of our solutions in the market. We have invested in one data-powered platform countering active attacks. And this, of course, is something that we will continue to further enhance and evolve. And we are in the process of rolling the latest version of that to our customers. Especially in our consulting business, we have developed deep expertise about chosen verticals. And in our business security business unit, we have taken forays into new ecosystems that we will talk about later on today. And we need to be flexible about how we work with our customers. We need to have flexible ways to subscribe for our services. And we believe that will be one of the key cornerstones of our success. This picture seeks to highlight the different -- on one hand, the different businesses we're in but also the different playbooks that are required. What do I mean by that? On the left-hand side, we're talking about the consumer business. And the consumers, we are addressing primarily through our partner channel, which, to a large degree, consists of telecom operators around the world. We have about 200 of them but also other types of partners. And then we have an online business that where we sell solutions to consumers directly. Then we have the B2B part where, as said, we are developing a new distinctive brand for the corporate security to cover all of the things we do underneath. And actually, that what we do underneath from a customer standpoint can be divided into two. So we have the mid-market businesses that we are addressing through our partner channel, partner network that we have developed over time and are now accelerating the growth of that. And then we have the enterprises that we address directly. And this is largely about our consulting but also our Managed Detection and Response capabilities. And as we have communicated this morning separately, we're evaluating options to capture growth opportunities in all of our businesses. And I emphasize the fact that we have excellent opportunities to go -- to grow all of these three businesses or two businesses, if you count consumer and B2B as two. But at the same time, we're conscious of the fact that longer term, we need to also ensure adequate resources for continued and even accelerated development of these businesses. And for that reason, we have, this morning, announced that we have decided -- or the Board of Directors has decided to carry out the review and evaluate the possible listing of our consumer security business. The timeline for this that we have indicated is that this evaluation will be completed by the end of H1 of 2022. So a few words about the technology and real-world expertise. What does it really mean? So in our industry, typically when you look at products, one of the things that makes it particular to the information security is that it's hard for the customers actually to evaluate themselves which products actually work well and which don't. So for that reason, there are outside agencies and certification bodies that routinely test products and then issue findings and, of course, rankings based on those. And F-Secure has been excellent in this test. For example, the awards that you see here regarding the AV-TEST, for example, we have won the most of them since inception. And we have, of course, other certifications, where we have done really well, like MITRE, and we have been recognized by Gartner Peer Insights and so forth. There are many other things like that one. One particular thing, which is related also to our technology excellence, is the Blackfin, which is referring to the artificial intelligence platform that we have developed inside the company that does many things. But one of the things it does really well is that it helps us also manage the cost related to our cloud usage in the company, which is, of course, increasing as we are moving increasingly to cloud-native products. On the right-hand side of this picture, you see then the people part, which is about the experts. So it can mean different things. It can mean that we have partners who are using the F-Secure Elements products. But there is a services need that they kind of tackle themselves. And we are offering them, as part of the platform, the ability to just simply elevate that problem to F-Secure and F-Secure will step in and take care of that. Then we have our own Managed Detection and Response, which as the name says, it's about managed service, where the customer doesn't have necessarily the capability in their own team to come in and manage the platform, we'll come in and do it for them. And it goes without -- it goes with the people. And typically, these are longer-term engagements that we have at our customers and then of course, the cyber security consulting that Ed Parsons will talk more about later, which also is a combination of project business but also longer-term engagements. All good companies need great teams. And of course, it's not just the leadership team that we are talking about here but teams in our entire company. One of the cornerstones of our success so far and will be going forward is the culture, the people that we have inside our company. And we, of course, want to nurture and further develop the fellowship culture, as we call it, inside the company. But here is the leadership team and some of the changes that we have made there most recently. And one person that I would actually like to introduce to this audience because you will be dealing with him later on, his name is -- please come on stage, Tom. This is Tom Jansson. Tom is our new CFO. He will be starting 1st of September. And they will be working together, both of them, with Eriikka Söderström, our current CFO, during the month of September. So really happy to have you onboard, Tom, welcome.

Thank you.

So moving on and talking a little bit more about the corporate security strategy. So as mentioned, we are addressing two parts of the market: the mid-market and the enterprise that have differing needs and particular characteristics. So the mid-market, we are primarily addressing with our partner network and we are working very closely with them. And of course, Juha will talk more about that later. But as you will find out, it's much more than just the products. These partners that we work with typically have limited internal cyber security capabilities, so we complement them. And increasingly, of course, this business is about protecting the cloud environments that we have. Then we have the enterprise piece. And there, clearly, if we look at some of the most demanding customer segments, like financial sector, the customers themselves need to ensure that they comply in terms of the regulation and the framework that are required from them also from a cyber security perspective. And of course, we help them with that. The most complex customer cases are here. These are some of the sectors that are most under threat or under attack typically. So on one hand, of course, it's an extremely challenging environment. It requires us to have the expertise that we can provide. And we have built our position there and are clearly a recognized player. At the same time, it is an opportunity for us also to understand that what is going on, what is happening in the market, what is the threat landscape and also funnel that information into our product processes as input. This is a business of trust. And this typically is about entering a new customer, showing that you can do something, deliver credibly, show the outcomes and gradually build yourselves into the position of being a trusted vendor. Industry vertical understanding is also required here. In some cases, it's not just about the technology environment, but it's also understanding the regulatory and business framework that there is. So we follow the customer and sell according to the need. On the business security products side, channel sales, mid-market, software. And here, we have most recently, at the end of June -- end of May, we have launched the Elements portfolio. Then we have the solutions part, as we call it. We have the Managed Detection and Response and consulting. Part of our offering is human expertise combined with the technology that we have underneath. And here, we tackle that market directly. We also see that there is a synergy between managed detection and consulting, when we can enter, for example, one customer case with a consulting engagement and then move on to a longer-term engagement. And this is our portfolio. I talked about Elements, which is a key part of our portfolio, recently launched, that covers endpoint protection but also, of course, increasingly, we'll talk about Endpoint Detection and Response. That has been the evolution. These are often bundled together but also nowadays sold separately. Collaboration protection and vulnerability management are also part of it. And then on the right-hand side, we have then some other areas, like Cloud Protection for Salesforce, has its own offering, Juha will talk more about that one, and then Managed Detection and Response and consulting, more services-driven offering. The joint things that we share are the technology elements that we have underneath. There's the artificial intelligence and machine learning, where we have invested quite a bit over the recent years. And of course, we share the information regarding the threat landscape. And that is something that is benefited by the whole company. And increasingly, of course, this is about data processing and understanding how to take advantage of data in this environment. When we talk about flexible subscriptions, we really talk about different commercial models that we're able to offer to the customers. So typically, of course, this has been about the license, but then we have moved on to longer-term subscriptions. We've introduced usage-based pricing. And of course, we also, in many cases, we need to demonstrate the value. It needs to be outcome-based, especially in the solution engagements. The key to our success is that our partners are successful. And of course, beyond that portfolio, we have also then other things that are crucial that make up the whole thing, such as partner programs, competence development, the user interfaces and automation and so forth. We have seen positive results about increasing actually the cross-selling of our solutions. And here, you see evolution that what is the percentage with more than two solutions from F-Secure. And you see the gradual improvement. And of course, we need to and want to improve that over time. This is also very much part of our land-and-expand strategy, which is about entering the customer, demonstrating the value and then gradually building our presence there. And that's how we get the synergy also between the different B2B businesses. When I talked about the chosen verticals, and this is especially true for our consulting business, I mentioned financial services. Here, in Nordics, for example, all of the 5 top banks are our customers; in U.K. as well in North America, 3 out of 5; and in Singapore, 4 out of 5 top banking institutions are our customers. In addition to that, we, of course, serve the technology sector. So many of the software companies, for example, are very advanced in terms of their cyber capabilities but also the needs to develop them further. We help them with our consulting skills. We have the communications industry, the telecom operators that we also serve from a consulting perspective. And then a very large segment that is true also for enterprise but also in mid-market is the manufacturing sector. And then I mentioned the ecosystems, we'll talk more about them later on. But we see really promising development now for the Cloud Protection for Salesforce business and also the collaboration protection for Microsoft 365. As mentioned, we are gradually building this towards a SaaS company. And that, of course, will be reflected in the metrics. Here you see how our ARR has been developing on a year-on-year basis. So we are moving to the right direction. Of course, we continue to report on that progress as we advance. Here is the development of our order book. So you see how that has been evolving from H2 2020 to H1 2021. And you see also here, I think for the first time, how we're splitting this between Managed Detection and Response and then business security software. And some of these orders, of course, we are booking in. And we, in a way, call it, having the orders in the balance sheet so that we have the ability then to monetize those later on over time. And we are increasing this deferred revenue, as we say. And you can see the evolution, how it goes. This, ladies and gentlemen, concludes my first part. I will be back for a summary in the end. But now I believe, Henri, it's time for a few questions.

[Operator Instructions] But now let's start off with questions from the room.

It's Matti Riikonen, Carnegie. A couple of questions related to the plans to split the company. I think earlier, your message has been that the technology platform for F-Secure is common for both businesses, so corporate and consumer. And now if you split the company in two, what will happen to the kind of core technology platform and, of course, the competencies related to it? How does it kind of serve two separate companies if that is to be the case?

Yes. So first of all, part of the technology platform is common. There are also specific elements that are only specific for consumer. What we foresee -- and of course, we are just conducting the evaluation, so we haven't executed on any decision. But what we foresee happening is that we can provide an operational structure where we can, if required, continue to serve also the consumer business from a technology perspective. And this is actually quite common in our industry that you are actually getting some part of a technology from the cloud from another provider.

Okay. Then regarding the timing, when did you start to get the idea that there would be kind of better version of the company would be that it would have two separate lives. I mean, did it come after Symantec kind of split into the NortonLifeLock consumer business? Or after you saw that Norton has actually been consolidating the market and taken many of your competitors to their umbrella?

So we have been conducting a review on the strategy of the company and the options in the springtime. Part of it has been also related to this question. So I think that's a natural evolution of that work rather than a reaction to anything specific happening in the marketplace.

And can I finally ask, were you approached during the time that Norton has been making the kind of ambitious moves? And did that lead to your thinking that maybe it would be worthwhile to have a company in two parts so that you could be utilizing M&A opportunities in both?

Of course, we haven't been officially approached, and we would have been obliged to communicate that kind of things. But I will say this, that, of course, when you look at the market around us, there's quite a lot going on at the moment. We've seen examples of consolidation. And there's a regular dialogue also going on in the market among the players. And I think that's normal course of business. And I foresee that to continue as well.

So any other questions?

Jaakko Tyrvainen from SEB. Just hypothetically, if you lease the consumer business and raise some money or gain some money to the remaining F-Secure, what are the plans for those proceeds then? Where are you going to invest it? And should we assume a bit more heavier investment phase for the corporate security side?

So first of all, we're quite happy with the current situation. That is then where we have organic growth and where we'll see improving profitability. We see that investment cycle that has led into situations like this is behind us now. Speculating about the future, were that kind of decision to be taken, of course, we would look at then the overall picture, what would make most sense. And of course, we would have all options open for us, whether it would be about M&A or expansion of the portfolio or even some kind of a geographic expansion. And I think that work is still ahead of us.

Okay. And then any other questions?

It's Veikkopekka Silvasti from Danske Bank. So firstly, could you give some more color on what's the main reason behind this potential spinoff of the consumer business? So is it to make the organization more lean in order for make it easier to reach growth? Or is it to be able to invest more in R&D? Or what is behind this?

So one of the things that we have been reviewing and clearly targeting has been to -- recognizing the fact that we operate in different businesses, consumer and B2B, is to bring more focus and clarity into what those businesses are all about, what those customers require. And I think even without the announcement concerning consumer, this would have been required. And that is, of course, reflected in the fact that we have separately taken the decision that we are going to launch a second brand. We're going to cover the B2B with a new brand. That will happen regardless of our evaluation. So I think, on one hand, we want to focus and we want to demonstrate what it means in concrete terms. But then of course, there is this question that how to ensure the positive development over a little bit longer period of time. It's not the question of this year. I think we're quite happily executing our plans. We're quite happy with the results. We are happy with the growth of 10% across the overall company. But thinking about it a little bit longer term to ensure that all of our businesses are successful, we foresee that we will potentially need more resources to share.

Clear. And then regarding these potential additional resources, would they be used mostly in the corporate segment for the B2B side? And would it be mostly to R&D in order to maybe add some new modules to your platform? Or would it be to sales and marketing to boost the growth through maybe additional partners or something like this?

I think it's too early to say that. And I would just kind of reiterate that we would look at the needs for all of the businesses. And of course, we need to balance what is the growth opportunity. Clearly, in the B2B side, the market is growing faster. And there, I think it's a bigger question in terms of what is required to be part of it. But if we look at our current portfolio and our current execution, we're actually quite happy already with the structure we have there in terms of starting to reap benefits from the past investments.

Okay. And then finally, who would you consider to be your main competitors for both of these new entities, so the B2B side and the consumer side?

This is such a crowded market that it's hard to pick one, one competitor who would be there. So I think it varies whether we are talking about consumer or B2B, first of all, and then even smaller sections of these segments. So maybe I'll leave it at that.

Felix Henriksson from Nordea. A question regarding your management team and the changes there. Aside from Tom stepping in as the CFO, one can notice that you also have a new Chief Technology Officer in place and the consumer security leaders has also changed. So could you perhaps provide a bit more color on these changes? And do you see that your management team is right now set to drive your strategy? Or is it still missing something?

Yes. I think, yes, obviously, there have been quite a few changes. And if I start with the CTO, we were very happy to find an excellent person as CTO, Christine Bejerasco from our own company. Christine is currently leading our tactical defense unit and has a stellar career in cyber security. And we think it's really important that we recognize the fact that also in the leadership team of this kind of company, we need to have deep technology expertise, deep expertise about the market. And recognizing that fact, that's why Christine is there and why that position is there. She's actually officially starting tomorrow, that will be her first day. The same goes for Timo, who is here. He will be one of the speakers. Bear in mind, that Timo's first day in his new job is tomorrow, so try not to be too hard on him in terms of the questions. He obviously comes with a long, distinguished career at F-Secure and in cyber security as well. And just in terms of the change itself, I think it's natural for all companies to have management rotation and change. So there's nothing more dramatic than that. But of course, it is really important that we have the kind of team here that can tackle the opportunity and the challenges they bring. And I'm personally extremely excited to be working with this kind of a group of people, who I consider to be top-notch.

Matti Riikonen again. Coming back to the rationale for the potential split, have you felt that you are kind of underinvested in the consumer business or not kind of utilizing the full potential there with some of the product, new launches that you have made, while at the same time, you have had quite a lot of investments on the corporate side? So have you felt that somehow you would need to have more resources for the consumer side as well to able to capture the full potential?

Well, if you ask the businesses, they always, in a way, need more and there's always more opportunity. But in balance, if we look at the market growth, the opportunity and stage of the life cycle we're in, in consumer business, I think it's a pretty good balance. We have also invested in consumer. So we have launched new products, like SENSE and IDP. SENSE is the router product, IDP is the personal protection product and a password vault. So I think in that sense, we are -- it's quite a good balance. But at the same time, of course, we want to keep it a healthy, good business. And that means also continuing to invest what is required there and also actively developing the portfolio if required. The market landscape and threat landscape is also developing in the consumer area as such. And of course, we need to be alert to that.

So should we take some more questions? If nothing from the room, I'll have one from the portal related to geopolitics and the B2B security. So do you find China as an accessible market for F-Secure?

I think so far, F-Secure has been predominantly, from a revenue standpoint, a Europe plus Nordics play. And then of course, there are certain markets outside of that, that are important for us and where we have focus. There's North America. For example, there's Japan, as couple of examples. Those continue to be important for that. But I think we have quite a lot to tackle still, for example, in Europe before even having to consider further down the road. As for the geopolitics, of course, it's clear that the fact that our primary market is the European community is related also to the fact that we are a European company. We understand how to do business in Europe. We understand the regulatory framework, et cetera. So it makes it a very natural market for us.

Yes, thank you. So do we have any questions for this section? I think then we'll move on. So Juha Kivikoski.

Welcome, Juha.

Okay. Welcome, everybody, on my behalf as well. And let's talk about a little bit the customer challenges we face. And I would also like to introduce a little bit to the other side that how do we solve those or at least try to solve. So overall, if you look at the current situation out there with our customers and also with our partners, I think that the one key thing there is that there is a lot of different technologies that have been deployed into their environments. According to our studies, it's about, on average, six different. So that usually means also that it's six different vendors or manufacturers that they use. And that means that there is a huge amount of work, manual work and also learning work that has to be done. There is no common user interface, so the user experiences are different. So it means that you are not really doing it in a most efficient way, which also means that you are adding complexity. You have to learn new ways how this technology works, how they talk with each other. And the fact is that usually, none of these technologies talk with each other, which means that you don't really gain a situational awareness. So you really don't know what's going on out there. And that is the ultimate problem here. So that you are actually exposing yourself to the different threats out there because you don't really know what's going on out there. So how are we now solving this one? This is brand-new stuff. We launched this in our SPECIES event in May this year. So if you participated last time to our CMD, there was none of these existing. This was under plans. So that's more or less the time when we started to develop this stuff. So what we have done here, we have split our business model to totally new way. We have technologies, we have services stack and then we have the pricing models. And if I talk about the technologies first a little bit. In the past, we had, for example, EDR, we had EPP, we had a vulnerability management and so on. They all had their own clients. They all had their own data lakes. They all had their own back ends. So what did we do? We actually combined the back ends, so we did redesign those, we did build one data lake, we did build one client and then we added one more thing. We added the collaboration protection, protection for Microsoft 365 environment. And all of these things, like the one client combining vulnerability management, EPP and EDR and then the cloud-to-cloud native stuff with the Microsoft 365 protection are all putting all the data into one unified data lake, where we can do all kind of correlation, security analysis. And then we added, on top of that, one unified management view, one reporting, one management, ease of use, clear picture what's going on. And that system delivers you actually great, refined information for fast decision-making. And that's the benefit that you get from the technology part. Then if you look at the service part, we have there multiple elements. For example, elevate to F-Secure as one example. If our partner or the end user using the F-Secure Elements solution doesn't know what is this challenge I'm facing, they can actually, just in the Elements Security Center, just click and elevate that ticket to F-Secure experts. We will take care of it. We will solve it on your behalf. Then if you look at the pricing models, last time at the CMD time, we only had the annual license. You could buy it for 1 year, 2 year or whatever years. We introduced then the SaaS business model that we have run for 3-plus years now. And I would say that, that's very well taking in place. We have a lot of customers moving from the annual license model to the SaaS to the monthly payment model. And then we introduced now, with the Elements launch, the latest and greatest, and that's the usage-based. You only pay for what you use. So if you have one seat used in that particular client today, but you don't have it in the next month, then it means that you don't pay it next month. So it's a very flexible model. And on top of this, we listened, our partners and our customers, and they all told us, "Hey, take away the routines. We want to focus to the security. We don't want to focus to the routines." So what did we do? We automated the whole process. So we introduced here a simple way how to provision new clients to the customer or the partner managed environment. We also integrated it to talk with our CRM solution as well as our ERP. So when an admin wants to protect one particular client, it might be a mobile phone, might be a laptop or a server, just provision that protection there and then the system is actually creating automatically an asset to us and our ERP is automatically invoicing. So there is 0 human touch needed. This is a great way of building a scalable business model. So going forward, if you look then a little bit at what is Microsoft 365 protection, it's actually a technology that is cloud-native, it's cloud-to-cloud integration. So M365 cloud connected directly to the F-Secure cloud. And what it means, no client needs to be installed, fast to take into use. The second thing is that we introduce advanced malware protection into this. So Microsoft as a native solution doesn't do that. In addition to this, one of the coolest thing here is related to the compromised account protection. So for example, if a user credentials go and leak out, get compromised, we can see it from the management system. And we can inform the Microsoft admin that, "Hey, this CFO has lost his or her credentials to the bad guys. So please take and block the account and ask the person to create new credentials just to help the project against the future breach." Then you are wondering that what is this number, 108,000? That's the amount of attacks we have blocked during the past 6 months. So is there any use for this? Yes, there is. 108,000 attacks blocked in the last 6 months, it's a significant thing. Then if you look at the other side of the cloud protection solutions we have is the Cloud Protection for Salesforce. And this is something that, don't get us wrong, we are not protecting Salesforce platform. What do we do? We actually make sure that the content is clean so that the content doesn't have any kind of malware or harmful URLs or so, we block those. So what it actually does, this is a shared responsibility model in the cloud. The cloud provider protects the environment. But the user is responsible to make sure that their data is good and clean. A typical use case is a community cloud user, where you're partnering with somebody. For example, I give you an example, a recent example of our deployment, Tokyo Olympic Games. So we secured the delegates. When they came, they actually uploaded their COVID-19 data, the test results and so on into the collaboration -- sorry, Community Cloud provided by Salesforce by the Tokyo Olympics Organising Committee. So when those documents were uploaded from various sources, we did scan those documents and we did clean all the possible malware out of it. At the moment, this is a direct sale, which means that this is sitting in the Salesforce AppExchange, where you can download it and start using it. And if you want it, then you start paying for us. We have currently 19 out of Fortune 500 customers using this technology. This is very fast-growing, scalable business model, cloud-native. So let's then talk about a little bit the other business area we have, Managed Detection and Response. And this is something which is really, really interesting stuff. It means that, if I try to picture a little bit, we have the customer environment, the infrastructure. We have their software, we have their different kind of log data and so on. Then we have the F-Secure detection and response technology, which includes kind of different technologies, like hunt engine. I will talk about that a little bit later. And then we have there something like a user behavior analysis and so on. And then we have the human factor. We have the threat hunters. We have the first response teams. And how does this all orchestrate together? Threat hunting is incorporated as a service into this model. We use the technology to collect the data. And then we have the threat hunters. Threat hunting means that you are actively all the time analyzing what's going on in the customers' environment. It might be a keyboard-led modern attack, where a human being is attacking. It's not only malware, it can be just a person doing different kind of lateral movements, trying to gain more access and so on. And our threat hunters, they really know how to seek that kind of behavior. Or it can be some tooling used, which creates anomalities into the network traffic, for example. So what do we provide? We provide clear outcomes to protect our customers. So when we identify malicious behavior, we block it out and then we explain to the customer that this is what's going on in your network. And it's detected by the technology and human beings. And what we deliver with this? It's peace time for the customers. They can trust that, "Hey, we are backed up by F-Secure experts. They know what they do." And this is really, really an interesting area, fast-growing. And it's good that it actually creates us a huge playground to understand about the modern attacking behaviors, how the attackers are behaving, what kind of tooling is used today. Juhani talked a little bit about the commercial models, yes, land and expand. I wanted to elaborate this one more time. What is the point here? Typically, a traditional F-Secure customer has had like an endpoint protection. Now with the ease of use with the F-Secure Elements, it's really easy to provision, for example, the Endpoint Detection and Response from the same management center. They can also provision, for example, vulnerability management. So it means that using F-Secure technologies more is more beneficial for the partners and for the end customers because you have one user experience, you have one combined threat intelligence dashboard at front of you. And the numbers speak for themselves. This is what's going on. More products in use with the same customer. And then if you look a little bit this kind of topic, we did about 2 years ago, not the decision, but when it became active, we did decide that we in-source our renewal sales. We had outsourced that service for years. And we saw that we are not really performing as we would like it to perform. So we did build into our HQ a 35-strong international sales team to take care of the renewals. The countries are handling today only the big clients' renewals. All the rest, we do centrally here. They speak all kind of languages. Only Japan and U.S. are handled from those locations. But those people in those roles are reporting into the centralized team as well. So same metrics used, it's like a trading floor if you think about the cadence of doing the things. And it really pays off, as you can see, from the renewal rates. We have also introduced here the cross-sell team so that they are also doing a lot of cross-sell and up-sell for the existing clients. So this really works. And then if you look a little bit the EDR, there was a little bit like, let's say, virus in the air when EDR was launched, that in the few years, the kind of a price premium will be 100% melted into the EPP price levels. But that has not happened. And I believe that there are a few reasons for that. First of all, I think our product, as such, has improved both on the EPP side as well as on the EDR detection capabilities, the threat hunting capabilities, how it really works, it has significantly improved. In addition to that, we did launch the Global Partner Program. And I would say that, that has been a success. We can see that our gold and platinum partners' business are growing faster than ever before. It's actually the fastest-growing partner segment we have, our biggest and the best partners. And now it looks like that the easiness of doing business with F-Secure, with F-Secure Elements as well as the profitability boost and the easiness of doing business because of our Global Partner Program, which is, by the way, supported by our new partner portal for automation of the order business -- orders, I would say that all this has contributed to the positive development for the EDR price per seat. And then lastly, we had a decision a few years back that, "Hey, cloud is the future." So we decided, "Let's put all our ammunition to the cloud business." So what are we doing today? We are putting all our R&D new efforts, new technology developments and so on to the cloud-based solutions. And you can see it from the trend of the business, there are two trends. Some people don't just like about cloud because of their nature of business they do or they just don't like it yet and they decide to stay with the on-prem solutions. But we also see that many of current on-prem solution users, they actually migrate to the cloud-based. There are hundreds of customers, end customers, who are migrating every quarter on their own will to the cloud-based solutions. Usability is better and deployment easiness is better. And why would you like to invest your own money? Why would you spend any CapEx to the servers and so on and do their maintenance? And we can see that our strategy works, the cloud business -- or cloud-based solutions are growing pretty strongly, I would say. Okay.

Thank you, Juha, for the presentation. Then we could continue with questions. And now you can shoot them to Juha. So let's start from the room.

So it's Veikkopekka Silvasti from Danske Bank. So the Elements platform, let's start from that. It seems fairly solid. But how does it compare to Falcon platform of CrowdStrike or Helix platform of FireEye or FortiXDR from Fortinet and so forth? So what is the competitive advantage?

Yes. I would say that what's the competitive advantage, we can say that always you can fight about do I have a better detection capabilities or the neighbor? I would say that, that's not the right comparison. Or you can say that, "Hey, how well all the back ends and systems are integrated?" I think that it's more or less the vendor's problem. The only thing that is solving the game is the usability. Because if you have a partner model, like we operate through 7,000 partners globally, I think that how we win the race is that how easy it is to use our system how good visibility it gives you, how good situational awareness, it gives you how good is your reporting, how well it integrates to the third-party systems and so on. And then this is not enough. You need to have the business model. The business model is what interests also the partners, how they make money out of it, how easy it is to provision, how cumbersome is the ordering process and invoicing process. And if you combine all this with the partner program we have, which is, by the way, selected as the best global partner program by Forrester, I would say that we are on the winning side here. We are newcomers, yes, but I would say that we are going to take a good share of the market with this technology. I fundamentally believe that this is pretty unique stuff.

Clear. And then maybe if you put Elements next to the other just mentioned platforms and others in the market, which platform do your partners, sales partners see as the next best thing to choose maybe?

You mean not ours, but what would be the other? Yes. So it depends, we have a different kind of go-to-market models, I mean, the way how you sell, do you sell direct or do you go with the channel? Or what's your model? Is it mixed or bot model. But if you look at this, our approach, we believe that with the Elements, it's 100% channel game as it is. I would say that then you need to look at how is the partner program, for example, supporting that. And then if I look at with whom we mainly compete, it differs so much. If I look from Japan to U.S. and everything between, every country is different. I cannot say what is the next best. I think our competitors have great solutions. But I think that it's really important to look also that how is the total picture, including the business model, working.

Okay. And then nextly, regarding the Salesforce protection. So is this kind of service is unique? Or are other -- this kind of security APIs for Salesforce available?

This is a tricky question. You can solve this problem in multiple ways. But then if you look really at how elegantly you do it. And I mean that, for example, if you have this kind of a community cloud, for example, our partner portal works on a Salesforce Community Cloud. And if I look at a customer of ours, one of the big ones, they have 9,000 car dealers in Asia. So it's obviously a car manufacturer. So the thing is that what they need to do is actually just deploy the system and it does the rest. And you can use the Salesforce management to see what kind of security posture I have. So the reporting and everything is you can use the same management way how you manage your Salesforce environment. And if you look, does the competition have anything similar? I would say that there is one, but we have checked the system, and it doesn't really do what we do. And I would say that we are a little bit ahead of the competition because this is not the first year. We started with this one in 2016. And then it's been like wondering that there needs to be, what kind of things we need to look after, what kind of reporting we should have and so on. And now I would say that we've done also some investment to the R&D, additional investments, and we can see the results that we are well received by our customers. And we don't really see a competitive situation at the moment when we talk with the big clients.

Okay. And then final question for me, this is regarding the commissions you pay for the sales partners channel. So firstly, I would imagine that a partner sells, let's say, Elements for our clients. And then it comes, the renewal phase of the license. Then your direct sales force comes and sells that, the renewal, for the end user. So how does the commission fee go from there on? So does the partner basically lose those commissions from renewal sales now that you have in-sourced?

Yes. This is a very good question to ask. And I give you a crisp, clear answer as well. So we commit to the business with our partners. We never take business away from our partners, which means that when the partner is selling the stuff we don't pay any commissions to them. We actually give a discount from the list price. I mean, we have a list price and then partner gets a discount out of it. And then they can decide what kind of margin they want to put on top of that purchase price that they get from us. So we don't dictate the market prices. The second 1 is that when the renewal point comes, what do we do? We fundamentally call always to the partner that, "Hey, do you remember that you have this expiring license here? Please, let's renew it now. And if you don't know how to negotiate with the end customer, we can help you." But we don't steal the business away from them. We -- actually, what we want to do we give them as a service also this kind of a churn indicator. So we have AI built into our CRM. So it's actually predicting that you will be losing that customer. And we inform our partner that, "Hey, you might be losing it, so might be good to do this and that kind of thing so that you don't lose your customer." So we actually make sure that the partner renewal rate goes high. And we are also measuring in the Global Partner Program their renewal rate performance. And if they go well, we reward.

Felix Henriksson, Nordea. I think a key message that you've been communicating on a group level is that your margin expansion or profitability improvement should be driven by sort of operational leverage that you get on sales and marketing costs. So could you maybe describe how this applies specifically in corporate security products and how you aim to achieve a higher ROI for your S&M expenses and costs? Is it basically focusing on the larger channel partners? Have you already put in place the necessary investments in your direct channels? How do you expect to drive up sales and marketing efficiency?

It's a very good question, and I can take it from multiple angles. The first one is that we have focused a lot to the automation. So 70% of our purchase orders are coming 100% automated today through the partner portal. So there is 0 human touch. So we don't have any need to increase spend on the, for example, order services also. Then if you look at the sales part, I think we've done our work in seeking the scalability. So it means that we don't really need to increase the sales resources to kind of, I'm not saying multiply the business, but to have a significant growth and significant is not 20%. So we don't need to add sales resourcing. And then if you look at the kind of marketing costs, I think that, that is something that when the business grows, you always need to spend a little bit more. But then the direction of the spend might variate depending on the timing. For example, we have been shifting our funding for marketing from a traditional EPP business towards the EDR. And we have been shifting it quite heavily to the cloud protection of Salesforce from time to time. And when we see the yield, we actually squeeze the budget sometimes down or we even increase. And then if we look a little bit at the rest of the investment thing, of course, R&D will be an ever-growing topic. And how do we finance that? It's true the scalability, we have chosen our pedals with the partners. We have about 130, 140 focus partners that we work with globally. And then the rest, we have, in total, 7,000 partners we actually use the inside sales function to scale that up. So we actually can grow this business by just investing more or less to the R&D and develop new technologies and improve the existing ones.

Another 1 for me. Do you see any other cloud enterprise applications where you could expand your collaboration protection or cloud protection platform at the moment?

Yes. For example, I can say now that if you look, Microsoft 365, the next thing that we will be protecting is more or less SharePoint because it's a natural expansion. And then if you look at the other cloud platforms, might be ServiceNow, might be whatever, there are so many of those. We have been actively looking into those. And it might be that we expand into another one. But it's also something that when we look at the Salesforce community, it is by far the fastest-growing platform globally. And we have a very tight collaboration with them. And we see that there are many other clouds that we could be starting to protect. The usual suspect today has been the Community Cloud user, but the next one could be Sales Cloud or whatever. There are so many clouds with Salesforce, where we could actually expand by expanding like organically inside of Salesforce deployment. So the addressable market is there.

It's Matti Riikonen, Carnegie. Coming back to the cloud question, what kind of involvement do you need from the cloud partners, like Microsoft or Salesforce, when you are creating the cloud protection for their service? So is it kind of an arrangement where two of you think that what can be done? Or is it kind of open ground for all security solution providers to come up with the solution and then they just say that, okay, there's a bunch of these services available and you try to find a way where you have kind of most selling potential? How does it work?

It actually works the way that, for example, we as a company, we looked at how the people behave. If I look, for example, our company, my colleagues here, how they behave, I would say that, for example, Microsoft Teams is the new e-mail. If you look what stuff is going there, there are URLs, there are files, there are everything going in there and it's a chatter, it's everything. Then we looked at, "Hey, should we protect that one?" And then we discussed a little bit, of course, with Microsoft that this is what we are going to do. And then we get a little bit help from them that we get it working. But it's not a kind of, how you call it, [ RFP around ] or it's not too complicated. And that's the beauty of it, it's relatively easy and fast.

Yes. So basically, anyone with an idea and who is fairly ahead of the market can basically do a cloud service protection for all kinds of different cloud services that there are in the world. It's that simple.

Yes, theoretically, yes. But you need to remind that F-Secure has developed some 30 years of detection capabilities and protection to the industry. So we were virtually there before even the problem was existing. So we -- I can give you an example. A typical case is that when you have this big Cloud Protection for Salesforce deal at the front of you, the customers are identified, "Hey, we need to protect this one or that one." And then we explain how it all works and then we probably do a proof of concept, where we install it and then we show the results and the outcomes and how it works. And then it comes like a silence. And then we know now what that silence means, it's that the customer has decided that this is so easy, we will do it ourselves. But then we know that it takes about 5 to 6 months and then they call back and then they are ready to take the deployment from us. And that's because of us. That's our business, it's to secure the customers' environment. That's why we are good at that.

Jaakko Tyrvainen from SEB. With the F-Secure Elements, up-sell must be much easier, given the platform. Could you elaborate a bit more on your up-sell strategy on the Elements platform, especially given that you have the channel partner there as a middleman, so how you are planning to go deeper into the customers' pockets going forward?

Yes. Actually, the Elements Security Center offers us quite a unique way of doing also the marketing. We can enable, for example, a given partner for a part of their customers. We can have a promo that, "Hey, take the vulnerability management, you can use it 3 months as a service free of charge for your customer or with the EUR 1 price, a symbolic price or what." Or we can enable different type of services for them through that security center because it's all visible there. And that is the way how we can really promote our staff with 0 marketing costs. And that is something that we were not capable of doing before. And I believe that the second thing is that most of the, let's say, awake customers, they all understand that it's not good enough that you can protect against everything that you already know. If there comes a more advanced attack or there comes a zero day or something that has not been seen before, it means that there is no fingerprint or there is no identification for that piece of malware available, it means that it will not be detected. So it might be a good idea to have something that protects you against that is currently unknown. That's why the up-sell will happen and it's happening at the moment. And when it's really easy to buy and to provision, then it really happens with the Elements' easy way.

Atte Riikola from Inderes. One question about those cloud protection products. Is it possible that someday Salesforce or Microsoft develops their own solution for that product and it takes away your business in the cloud there?

It's a good observation. And everything is obviously possible. But then if you look at the nature of, for example, a CRM provider, they usually want to protect the environment that they give you, I mean, a [ buck-free ] software and so on. But they are not really interested in what is the customer data inside. And that's the kind of -- in a cloud, it's the business model. But it's also if you have an on-prem CRM, for example, the manufacturer doesn't care what's inside. And it's a little bit maybe the strategy that you don't care what's inside and you should not be caring what we do as a business. We want to know if the data integrated is there or not. And that's our only business is to make sure that the customer data is safe and it's clean. So I believe that we don't have too much of an aligned interest here. So it might be that it's a long shot to that to happen. But who knows?

I think that's it for Juha this time. Thank you for the insightful answers. Next up, I will be welcoming Edward Parsons, EVP of Cyber Security Consulting.

Hello, everyone. Great to be here in person and to be representing our hundreds of security professionals worldwide. I'm here to share how our expertise, our understanding of the threat landscape, our familiarity with enterprise technologies and our vertical focus leaves us well placed to capitalize on growth in the cyber security consulting market. I'll also share a couple of case studies demonstrating how our deep partnership leads to natural cross-sales opportunities, where we can use our technology to really deliver security outcomes for our clients. Let's start with the threat landscape. Of course, F-Secure has a long history of knowledge and understanding of modern attack techniques. It's baked into our products. But that's also true of our people, too. I know firsthand, from my own experience as an incident responder, how much that experience counts when you're helping to advise clients. And recently, we've seen that attackers are exploiting vulnerabilities in enterprise software products at Internet scale to increase the maximum number of potential victims. They're becoming less discriminate and more opportunistic. And that's led to a few significant developments. Firstly, we're seeing ransomware attacks targeting a wider range of verticals. Cyber criminals are going after companies that have high availability requirements, perhaps it's manufacturers or it's utilities companies or even health care providers. We're also seeing extortion attacks develop. So we're not just talking about business disruption here, we're also seeing the theft of data, not for competitive advantage but rather for extortion purposes, too, again creating new opportunities to monetize access to victim networks. And as enterprises become more connected, we're seeing more attacks focused on supply chains, particularly software supply chains that we rely on in our digital way of life. And as our clients move to the cloud and go through significant cloud transformation journeys, we're also seeing attackers exploiting new opportunities created, in some cases, by the mere misconfiguration of some of those new cloud services. No wonder perhaps, therefore, that we continue to see growth in the cyber security consulting market, forecast to grow at a compound annual rate of 10% for 5 years from 2020. But the threat landscape, the evolutions there and our understanding of it aren't the only growth driver that we can capitalize on. Perhaps the greatest security challenge that enterprise has faced are the fundamental changes to enterprise architecture that we're witnessing unfolding at the moment, and the technical complexity and pace of change that even the biggest enterprise clients are left foundering by. We all know that COVID-19 has accelerated the shift to remote working, that it's accelerated digitization and the rise of e-commerce for many enterprises. But that creates opportunities not only for cloud and SaaS providers but also for security consultants as well as the expertise required to overcome the most complex security challenges is really scarce commodity. To underline this, we've spoken to several of our clients this year, dozens in fact, across 17 organizations here in the Nordics, in the U.K., in the U.S. and South Africa. And they've told us that their security teams are struggling to keep pace. They are failing to capitalize on the opportunities for security improvements that the major cloud platforms bring, for example, enhanced logging and monitoring capability or more granular access control. They're also struggling to keep up with development teams that's taking greater responsibility for IT operations but don't yet know how to leverage the tools at their disposal to deliver secure code. And finally, most of our enterprise clients exist in this messy intermediate phase, where they're pressing ahead with cloud transformation, but they remain wedded to technologies that defy description as legacy. They're still running essential services on mainframes. They're still relying on technologies like ADFS to bridge organizational divides. And security teams are simply struggling to keep up. Some have the capacity, but they don't have the skills within the team to drive value from cloud security tools and to protect against new areas of exposure. And for many, therefore, zero trust approach to security remains an ambition but in practices is no closer and remains a rather abstract ideal. And these fundamental shifts are really driving demand those security expertise. But specifically, it's not just about understanding of the threat. It's about familiarity with those enterprise technologies and particularly cloud and cloud-native technologies. As an anecdotal example, I'm happy to note that last week, some of our consultants published their own security framework for organizations looking to move services to MS Azure. And that's just one of many examples of research and conference talks that we've given over the years, demonstrating our capability with new or novel technologies. Lastly, our vertical focus -- easy for me to say. Our vertical focus has helped us to create more value for our clients. It's driven deeper partnerships, but it's also helped us to win new business. And naturally, we focus on verticals that are highly targeted. But also, and increasingly so, we focus on verticals for whom technology really is core to their value proposition. And I wanted to share a few examples of this, just to bring it to life for you. In financial services industry, we work with a number of companies worldwide, including some of the world's largest global banking groups, some of the world's largest asset managers and some of the world's largest investment banks and insurance companies. We're helping those clients to build operational resilience and meet, and in some cases, exceed regulatory expectations. And for those clients, we are more than a security partner, we're a business partner. For example, recently, we helped one investment bank launch their own digital bank. And it's just a great example of how security consulting, when done right, can actually enable technology-driven business strategies. Therefore, we're seeing demand for our strategic advisory services in this sector. We're also recognized as an expert on payment system security, specifically on the interbank messaging services that many capital markets rely. In the technology space, we're helping cryptocurrencies fend off attacks, the impact of which can extend into the hundreds of millions. We're also working with companies with high safety or availability requirements, helping aerospace with hardware security, for example. And we continue our long relationship with gaming companies as well, who are rapidly investing in cloud and cloud-native technologies but also highly targeted. In the telecommunications sector, we've seen just recently from the T-Mobile breach just how much these companies need to improve their security in many cases. And I'm happy to report that recently, we helped a telecommunications and broadcast giant go through their own regulator-driven, ethical, intelligence-based red team assessment. We won that work because of our help and because of our track record in the financial services industry, helping other clients get through regular-based resilience assessments. We've also helped to identify and work with vendors to fix vulnerabilities in critical network infrastructure as well, helping to build the security of the whole sector. And lastly, we're focusing more now on manufacturing and companies that continue to run operational technology environments, which quite often contain legacy technology. We've seen increased ransomware attacks on this sector and also some success for attackers launching business e-mail compromise attacks. And we also know that cyber security maturity can vary and is relatively low compared to other sectors. But with so much at stake, with some of our clients facing millions if operations are disrupted just for a day, we see good growth opportunities in this market. And I'm happy to say that we've proven ourselves as a good security partner, helping manufacturing clients fend off ransomware attacks. So that's how our expert knowledge will help us to capitalize on growth in the consulting industry. But I also want to share how we can help across our whole portfolio and how our partnership with clients naturally creates organic cross-sell opportunities when our technology can deliver security outcomes. Before I jump ahead, maybe I'll just touch on this slide briefly. But sorry, I missed this in my commentary, but just to explain briefly to give you a sense of the penetration to some of the industries that we're talking about. Clearly, nearly half of our business comes from financial services industry. But we've managed to grow quite successfully technology and manufacturing as shares of our business as well. And also lastly, that our reputation within the industry has helped us not only to grow existing accounts but also to attract new customers, including during pandemic. So back and on to some of those case studies. The first concerns a client with a marketing company that we serve from our office in New York. Now in 2019, unfortunately, they became a victim of a ransomware attack. And the ransomware attacker demonstrated to the client that they had a privileged position within the environment and were in a position to launch a ransomware attack, taking down the whole domain. Now the business impact of this attack would have been considerable in terms of direct losses. But unbeknown to the attacker, this client was in the middle of a major M&A transaction, which would have been substantially disrupted, possibly threatened by a successful ransomware attack. That client engaged F-Secure's Incident Response team for systems. And when we started running incident response, the priority for us, as is often the case in attacks these days, was to make sure that we have sufficient visibility throughout the network to make sure that before we took action, we could be confident that we could find the attacker and kick them out wherever they might be. That was only possible at scale, leveraging F-Secure technology. And we successfully persuaded the client to deploy the technology rapidly to give us the level of visibility on which we could make a confident plan to eradicate the attacker. I was personally involved in this case. And I was asked to brief the Executive Board, our CEO included, on our remediation plan, quite simply because the IT team from the CIO down have never reset their domain and wanted comfort that they were working with a partner who had that experience. And fortunately, we did and we were able to step through a plan with them that gave them comfort and led to the go-ahead of a successful eradication of the attacker from the network before they could execute their attack. Now I'm happy to say that having demonstrated our credentials, our expertise and the power of our technology, the client was more than happy to sign up through our MDR service. And that service has been renewed at every opportunity since. And I'm happy to say that just recently, we've managed to successfully thwart another ransomware attack for that client. And hopefully, this serves as a great demonstration of how through our services, we can deliver security outcomes for our clients, in this case building resilience towards ransomware attacks. Lastly, to give you another example, because I'm conscious, we talk a lot about our incident response services and the cross-sell opportunities that arise from them. I wanted to share how our partnership with 1 global banking group has created cross-sales opportunities for our business security products as well. Now 1 global banking group, we've been working with since 2014, began relying on us for tactical assurance work. So generally speaking, penetration tests. Over time, and having demonstrated not only our technical competence, but a delivery track record, we have became trusted with tactical security challenges, where the client was more flexible about the type of project that we might run, and what our approach might be. Having earned that trust, we also have managed to expand globally, and we're recommended into the U.S. credit business run by the same banking group. And over time and through good partnership, we began to unlock more strategic advisory assignments, where we were making recommendations on the implementation of security technologies, in order to deliver strategic security goals. And on that journey, that naturally arose the opportunity for cross sales of our cloud protection for Salesforce business. Now I'm really happy to say that our business security colleagues were successfully in executing that and making this banking group 1 of the major enterprise clients. Since that successful sale, we've seen our strategic advisory services continue to grow within the account, and the cumulative lifetime value of that account, now stands at over EUR 15 million. So a really good example of long enduring partnership with clients, leading to cross-sell opportunities for our products business, too. So to summarize, we have see good growth opportunities in the consulting market, and we think our expertise in threats, enterprise technologies, and our vertical focus, leaves us well positioned to capitalize on that growth. We see that partnering will naturally create cross-sell opportunities where our technology can help to deliver security outcomes. And medium term, we see more opportunities to servitize security, bringing synergies and potentially new services, that will help to deliver better outcomes for clients. That's my presentation, and hopefully, we have some time for Q&A.

Thank you. Thank you, Ed, for the latest on threat landscape and also some great insights on the cross-sell opportunity within F-Secure portfolio. But before we take the question from the room, just a reminder for all the listeners on the webcast so that you can submit the questions to the portal at any time, and I will then ask the questions at the Q&A section. But now let's have the first questions for Ed.

So it's Veikko Silvasti from Danske Bank. So firstly, if I've understood correctly, F-Secure's consulting business is technology agnostic. Right?

Yes.

So could you please describe or help us to understand, basically the costs and benefits between the MDR solution provided by F-Secure, or for example, this kind of technology-agnostic providers like, FireEye's, Mandiant. So can you help us understand this landscape?

Sure. Yes. So I think the first thing to say, if we start from the customer's point of view, most of the customers that are engaged with their variety of needs, and current situation may involve in-house EDR, their own security teams, potentially they are already outsourced to an MDR provider, or they may have no capability in place. And we see clients from across that spectrum as well. We see, at the moment, the trend that we're seeing actually, which I think has been echoed by analyst comments as well, is that over time, I think as many as 50% of enterprises will outsource Managed Detection and Response. That's growth from now. And certainly, that's the trend that we see. And we think that F-Secure as a business is well positioned. Therefore, to capitalize on the growth opportunities that come with that. Really, I think the major kind of point of comparison for clients isn't between 1 vendor and another because I think as Juha has suggested, they will have their own strengths and weaknesses as when it comes to detection capability. It really comes down to the amount of control and configurability they want on the service. And that will dictate whether clients go for their own in-house solution or whether they'll look to outsource the whole capability. So I think most enterprises are actually facing a decision between whether they're in-house list or whether they outsource it, rather than the selection between 1 provider on another. What I will say, is that part of the competitive advantage that we have from our MDR service is also our incident response services, and the ability for consultants to help clients build security, maturity over time. And I think Juha mentioned briefly peace time value, which is where we use the data from our MDR services, to identify opportunities to improve security when a client is not under attack. And I'm very excited by the opportunities that, that creates not just to kind of enhance the value of our MDR services, but also opportunity for additional consulting services to be sold into those clients, too.

Great. And then finally, do you see that the MDR business, is it more mature in the U.S. or in Europe? And is it growing faster in which geography?

I don't know whether it's growing faster in 1 geography or another, perhaps 1 of my colleagues might be able to help with that question. The -- I think it's fair to say that it's still a relatively immature market. And we're seeing -- therefore, we're seeing growth opportunities in both. And certainly for us, as a European provider, there are pros and cons, okay? And I think 1 of the pros for European provider clearly is that where we have regional points of presence, where we're able to satisfy language requirements. And also align with things like local regulations as well that, that creates good opportunities for a European headquartered MDR business versus our global competition.

Jaakko Tyrvainen from SEB. Given that you're in people-driven business. How is the recruiting market looking currently? And how is it to find the top talent you need in your -- to deliver the growth ambition?

Yes. Thank you for your question. So recruit, I'm happy to say recruitment is going really well. And I know over the second half of the year, we'll be welcoming dozens of new consultants into our team, and I look forward to the opportunity to meet them. Recruitment is a challenge. And generally speaking, our approach has been to build rather than buy, although we will opportunistically look for expertise in the market. Across several regions, we run academies, where we'll take people who are graduates typically, we're looking to take their first step into the security as a career into the industry. And broadly speaking, I think we have to go upstream, and try and attract more people to computer science and then more of the best computer scientists towards our industry. And we've got a good track record, I think, award-winning in some countries and our ability to do that. So I have confidence that we can build -- continue to build the pipeline for future growth.

We still have some time for further questions for Ed.

I think maybe just if I can add another comment, actually to that question, if we've got time. Just a couple of other thoughts that come to mind. So 1 is we're in a great position in the wider company, to leverage our consulting business through technology, and that will be a focus for us going forward. And secondly, I'd note the way that we organize ourselves in terms of having a dedicated enterprise sales, actually kind of reduces the number of things that we're asking our consultants to do. And therefore, it maximizes our capacity within our existing headcount.

It's Felix Henriksson from Nordea. Fairly straightforward question. You're seeing above 10% market growth in cyber security consulting, but yet your ambition level is to target high single-digit growth. Any reason why you expect to be growing at a slower rate than the overall market?

Well, I think broadly, our ambition in medium term is to grow with the market. So we -- our ambition to medium term is to grow with the market. That's what we're targeting. We've had many discussions internally over the last few weeks about what the right kind of compound annual growth rate is for the market over that period. And I think when we're saying high single digit, we're talking towards 10% anyway very close. I'd note that many analysts as I'm sure you're aware, have moderated their growth ambitions for the consulting market down, over the last 6 months as we continue to see uncertainty created by the pandemic. And I think perhaps some of the, the spread within our targets reflects them. Also, I think for the consulting business and noting what the wider company is trying to do as well in terms of improving profitability over time. That's the responsibility on all of our business units. And therefore, we're not looking to grow ahead of the market. We're looking to strike that balance between growth and profitability.

Ed, we still have time for 1 question.

Atte Riikola from Inderes. The pandemic situation has affected the consulting in the short term, but do you see now in your customer base, that's like when they were scrapping project or delaying some projects last year? Is there now, like the short-term demand outlook picking up?

So the short simple answer is, yes. But uncertainty still remains across many regions. I think I read this morning actually that confidence in the economy between the U.K. and European economic areas varies as they navigate their way out of the pandemic situation, and we certainly still see that. I think it's a matter of public record that in Q2 this year, we saw a 19% growth year-on-year. Q2 versus last year was when we saw the most direct impact from COVID. But it's important to remember that many of the regions in which we operate are still under restrictive lockdown conditions. And in some cases ending only very recently. And also that the vaccination rollout, and the management of infections in countries varies. Anecdotally, for example, I know 1 of our consulting regions, only recently began inviting people, it's in the 20s or 30s to be vaccinated, which is basically all of our workforce, and many of the people that we work with as well. And therefore, our advice reflects that, that uncertainty is -- will continue this year.

Okay. For the ending, I have 1 question from the line. So could you elaborate a little bit on the employee turnover for the past couple of years. How is it developed?

Yes. An interesting picture generally, and I think what we've experienced is reflected in the sector, and perhaps more broadly as well. I think -- It's fair to say that attrition has gone up this year, but also I would note that attrition was markedly lower last year as well. And I think that's probably pretty normal, I think, is what we would expect in terms of during the pandemic, people focusing on keeping their jobs and staying in put. And then naturally, as the world's opened up, perhaps we've seen some deferred attrition as a result of that. But -- I think how do we tackle that. Well, I share Juhani's ambition to be the most loved place to work. We have to look after our people in order to keep attrition to manageable levels. Whilst supporting good levers where it makes sense, and also just double down on recruitment, and see that as an opportunity to refresh the team and improve leverage as well.

Okay. Thanks a lot then. And there was a follow-up question on the employee satisfaction. So how has that been for the couple of past years?

Yes. So the unfortunate timing of the question because I think, we do our employee satisfaction survey in a couple of weeks' time. So I don't want to speculate as to what it might look like now. But what I can say actually is that our client satisfaction remains high, and we recently polled last month, and we saw an improvement on our last survey, 6 months ago. So I sincerely hope that our employee satisfaction will be heading in the same direction.

And next, we'll move on to consumer security. And Timo Laaksonen, who will give us the presentation.

Good afternoon, everybody. Great to be the last speaker of the afternoon. I hope you're still with me. So let's start talking about 1 great business, which is consumer. We are all about partnerships. And if there's 1 thing I'd like you to remember after this, is that we want to be the absolutely best partner to anybody who wants to run a consumer security business in addition to their core business, we want to be the best partner. Already, Juhani talked about the best partnership in his speech. We have definitely subscribed to that 100%. We're also in the process of expanding that sales channel naturally, as it's all about partnerships. So reasons for optimism and happiness in consumer. Once again, 1 of the mega trends, that Juhani already referred to, is that distributed work is here to stay, and not only distributed work, but people are using their connected devices more at home. So there has been an increase in internet usage also in homes, both related to work and people's past time. So that's a mega trend underlying. But then we've also seen that security is not a one-dimensional thing anymore, which is only about device security. You go a few years back, and pretty much the only thing that anybody talked about was anti-malware or endpoint protection, or antivirus, whatever name you want to call it. That's not the case anymore. Now there are more needs for consumer security that I will come back to in a moment, and this has created a need and move towards all-in-one security suite. It's way too difficult if you're asking people to download multiple separate apps, which seem very alien from each other. So we have seen a growth in that percentage, who wants an all-in-one. Secondly, the willingness to pay for security is increasing. There are certain pockets of the market where free bee or freemium offerings have been quite common. But once again, people are seeming to be more ready to pay for services. They see the big headlines in the media, how people are being hacked, how identities are being stolen and that makes them willing to tackle the or address the problem. Overall market growth is 4%. And you may say but that's a small percentage but it's a huge market. We have currently, like you have seen, slightly over EUR 100 million out of that market, so there is endless growth potential for us in that market, in addition to the generic market growth. So we are about to expand our channel to market, it's already wide. I think that has been referred to a few times already today that we over 200 operator partners out there, and we have now started working on a new partner segment in the finance, insurance, and utilities sectors of companies, and to whose core value proposition. Security would be a natural fit and expansion. I'll give an example of insurance a bit later on. In our direct sales channel, we are serving our customers both through e-commerce, online, as well as retail. And to preempt your question, retail is actually doing fine against all others, it's doing fine, and that's how we want to reach the global consumer market. This is a very cost-efficient way to reach a large market as it's heavily partner-based. So it scales well. So we've got 2 channels, which we are separating here from 2018 onwards. You can see that our total business was very steady at about EUR 96 million or so for 5 years. And we have managed to break that stride and put a new gear in 2020. And we're seeing that same development, continue now in our last 12 months. So the market is growing at 4%. In full year 2020, we grew 6%, and that in the operator sector in the direct business, 5%. And as you can see in the last 12 months, the good development continues. This was not something that just happened once and went away. What's causing this growth? Well, a few factors. I already mentioned that there are good underlying factors for us, which are very positive. But 1 is that, when we are getting different kinds of consumer security products, and we're able to bake them into 1 single-user experience, it's going to be easier to sell more of that capability to end customers by our partners, through an all-in-one suite. And It is much easier for our end customers to actually adopt those services through a unified user experience. What you can see here in the screenshot is our mobile app, and we are a mobile-first unit. So our mobile app, which is covering malware protection, so device security. We've got a privacy and browsing protection, i.e., VPN. We've got ID monitoring, and we've got a password vault. All-in-one, plus we have a capability to connect parental control into the same app, and we're going to be introducing next year also connected home security into the same app. So all-in-one, very, very easy, both for our channels to take the market, and for customers to take into use. And actually, if you want to forget all about it, it's all there in a very simple package. It talks to you as much as you want to talk to the app. So I think that this is the core and perhaps the most important slide of them all for me. I already mentioned that we're all about being the best partner to channels. And on the top, you can see that it's not good enough to just provide some software to customers for consumer security, it has to work very, very well. Year after year, we get the awards for providing the best protection. So the technology is there. It is efficient and the outcomes are there. We can provide from the left there. We can provide device protection, which is safe. We can provide FREEDOME, VPN. We provide ID protection and password vault. And we provide connected home security. And you can get these within that same app that I just showed, as separate apps with their own user interfaces, if we want to combine them with your own, or you can even get this as an SDK or an API. So depending on the partner, and what is their end-customer strategy with regards to the kind of experience they want to provide. We can even embed our technology into theirs. In the lower left-hand corner, is the go-to-market partnership from our consumer business. So this is a big, big part of what we do with our partners. We help them engage with their customer bases. We enable them to send out the messages and to provision the services. And we naturally want to help them cross-sell, upsell and extend the scope of the service. So there is a whole host of marketing services and go-to-market services that we have as a support to our partners. Very much in the same spirit as Juha was telling about in the business security area. And finally, the service providers that we work with, are big behemoths, oftentimes, they have their own billing systems, their CRM systems, business intelligence and so forth. Our capability to integrate with their infrastructures is very, very strong. We've done way over 500 integration projects up until now. So for us, this is an integral part of our capability to be the best partner that we can work with the kind of environment you have. And we can make our services fit with those in a way that you like. So this is how we then protect consumers' connected lives in a model which has F-Secure, highly visible in the app, maybe service provider branded or maybe completely under the hood, being the engine that drives that security business. I would call this the ultimate security business engine. This is our business. How are we doing then in this business right now? I think we're doing very well. So our retention rate in the service provider business is over 97%, which I think is a great achievement for any company, and proves that the value of what we provide is appreciated. Our channel partners give us a 63 NPS, net promoter score. Once again, stellar, they stay with us. Our sales cycle can be months, quarters, even a year long. But once we get to the partnership, it's a very long-term partnership, and it's a very sticky value proposition, and we take good care of our service provider partners. We won roughly 30 deals for our new products in the last year, 1.5 years actually. And with regards to ID protection, the number is very big, but many of those services are still in their early phases of growth. When I look at why did we grow the way we did in 2020, quite a bit of that growth came from new products, the ones that you see here, but not all. We were also much more successful at expanding our footprint in the service provider channel that was already with us. So you have seen, I would say, only a fraction of the potential of the new products up until now. With regards to SENSE, we have 7 partners across the world. That's an even slower sales cycle than our typical consumer security products, because it involves an element of the network, which is the home router. And to integrate our capabilities into the home router, there is the sales cycle, there is the deployment and integration cycle, and then there is the rollout cycle. So that's slightly slower, thus smaller numbers, but we're not happy with this yet. And starting tomorrow, we'll be looking into ways, how we could accelerate our go-to-market in SENSE. It's a fantastic market that plays very well together with the rest of our consumer products. So here is the example of a new type of a partner that we're looking at. So this is an example. This is a Deloitte study, that we're sharing here. So roughly in about 3 years, roughly half of people who are looking for a new insurer, are looking more at the noninsurance propositions of these players than the core insurance offering. Which is a rather powerful message about the fact how insurance companies are looking to expand their core offerings with adjacent offerings, such as security. Gives us a good proposition to go and expand their offering. Secondly, they expect by 2024, 33% of the premium service volume will be coming from new propositions, outside of insurance. Our value propositions are very similar to what it is currently to our operator partners. Security and privacy is a natural fit with the core offering. It is about trust, boosting revenue growth, margins and profitability, and customer loyalty. We've seen time and again in our studies that operator customers, who have also adopted consumer security are more loyal to those operators. They get a proven world-class value-added service expertise, our business engine, and it is that same engine that has already been proven to work so well in the operator sector. Direct sales or direct business of consumer. This is an offering which, I would say, has 3 strategic narratives behind it. Then why? So the first 1 is enough. It's a damn good business. It's a very profitable and good business to be in. And that might suffice, and we could say that, that's good. But it has more functions for us, which are equally important. Secondly, it's a fantastic way for us to validate some of our new products and features because we have a direct interaction with end customers. So that we can see how the customer experience works. Because it is ultimately about customer experience, who people stick with and who they leave as a service provider. And finally, we're developing best practices in sales, and especially in marketing, cross-selling, upselling. We're developing practices over here that we can then extrapolate to our service provider business. It would be very hard to be that good in service provider business, if not outright impossible, if we didn't have the direct business. The way that we are seeing our business develop is that if you look at our stand-alone products versus F-Secure TOTAL, which is the combination of our applications under the similar 1 single app. The growth of the 1 suite app is growing consistently from 14% to 26% to 34% in the last 3 years. Which means that our average annual revenue per user is going up. Each customer, who takes our total versus one product makes more than 1.5x more revenue for us than a single product user easily. So this actually is a major impact in our capability to generate revenue and profit in a scalable manner from direct business. And as a summary, it's a story of good news. We've managed to turn the company, thanks to the fantastic team we have in place, the great partners we have. and a good product offering. and operational excellence, how we work, both in direct business as in service provider business. We've turned this unit into more than EUR 100 million revenue, a year and growing. We have very healthy fundamentals. So the house is in order, I'm going to be stepping into a new position tomorrow, where things are in excellent condition, but we have several future growth drivers that we can now play upon. Overall security market growth, consumers' willingness to pay, growing demand for all-in-one suite, expanding into new verticals, over 30 service providers as of today, with our new products, and about to launch them or recently launched, and direct business transitioning to a clearly higher ARPU offering. All of this through the best business engine that anybody can have if you want to get into security. That's all for me.

Thank you, Timo, for the exciting presentation. As always, when it comes to F-Secure's team, that partnership is at the core of everything.

You got it.

So as before, we'll continue with the Q&A. And before we take the first questions, just a quick reminder that you can send those questions in the portal at any time. But now. Do we get the first questions from the room.

Veikko Silvasti from Danske Bank. Can you describe the profitability? You said it's then profitable business, but can you describe it maybe compared to Avast, Norton, LifeLock? Do you maybe have higher cost of sales due to the partnership channel or how should we think about it?

Okay. So we don't currently share different profitability rates between the business units, and we are considering, doing so in the future. But we don't do that unfortunately today. So sorry to say that I cannot respond to that right now.

Okay. Fair enough. Worth to try though. And then secondly, how do your operator partners like it when you start using this kind of finance and utility providers as your partners also, saw multiple different partners selling the same product.

So each 1 of our service provider partners is addressing their end customers with a slightly different strategy, and message. So already today, we have several countries we may have 3, 4, 5, even 6 different operators, serving the same population in a way. I don't see that the difference is that big with utility providers or insurance providers coming into the market, they will have a most likely different type of total value proposition. The security offering will be tied into their offering, with different commercial terms, with a different kind of a customer experience, maybe with a different application altogether. So consumers will gravitate towards the 1 which feels right for them. There is lots of green pastures out there still for F-Secure to conquer.

Great. And then finally, can you just describe the business opportunity in the SENSE home security market?

If you I've now been with the MDR business unit for the past 2 years and today still. But 2 years ago, when I was still with consumer, we saw that practically every home will be connecting more and more smart devices into their routers. There may be a fixed broadband or there may be a mobile broadband in the home. But independent of that, practically all will need a layer of security. So I'm seeing that every single home is a potential user of connected home security. This is a slow process to roll it out because I said that in a way, the integration project into an operator's infrastructure is rather slow. The operating systems and firmware within home routers are quite complex and not very standardized. It takes time but we're seeing that the wave is growing, and more of the operators are moving towards that. So I wouldn't be surprised if 4 or 5 years from now, 2/3 of the world's operators are using some kind of a partnership like this, to provide connected home security services to their end customers. Some may be totally network-centric some others may be much more application centric, which talk to customers. So you can make it very quiet underneath, and people never know about it, or it may be in the home routers. So implementations will differ, but one way or another. And the game has started maybe from, let's say, the bigger end of the service providers, and mid-tier who want to be forward-looking and leaders in the market, but it's still very early stages, very early stages still. But I'd say a universal need.

All right. Then we have some time left. So please keep the questions coming.

Jaakko Tyrvainen from SEB. Another technical 1 on your numbers. You didn't share us the profitability you have, but could you elaborate a bit more on the geographical split, how much it differs from overall F-Secure, F-Secure's geographical split?

Relatively similar. So we are maybe 1 of the more global units in F-Secure. So we have significant business in Europe, but equally in Asia. For instance, in Japan. As well as in North America, also Latin America. So we are not, let's say, Europe only in any kind of way. We're a global business, but our strength is, once again, like for F-Secure is more in Europe. But we have very, very strong partnerships in Japan, which are growing fast, and North America for that matter.

Another 1, if I may. If we look at your kind of product range and portfolio, which you would describe, you have better position against the rivals out there.

Combination thereof. The combination of the products we have is very unique and strong. And bringing them under one single app and integratable suite. That is the strength of the portfolio.

So do we get any more questions?

Yes. So I will continue. So who do you see as your competitors? Would it be these kind of freemium offerings or maybe premium from Avast and Norton are?

I would say that there's 2 types of competition. First of all, big, big companies who are providing premium products. That's 1, and you know their names. And then there's a whole host of startups that are addressing potentially one product area, right? For instance, VPNs or connected home security. Some of them very, very small still. Some of them already raised quite a bit of funds. So those would be the ones that we're competing against, not so much the free bee players or freemium as the major business model. Also, if I may add, our partners want to make money with security. So we have to make it a very strong value proposition for their end customers, so that they're willing to pay. So we don't feel that scratch and sniff and try the product, is the right kind of approach for us. It's a long-term partnership.

Okay. And then if it should go that way. The consumer business would be its own entity. What kind of benefit would you see from that kind of structure compared to the current state of ...?

The same as -- for our business to business. Higher focus on creating a brand, that speaks to the needs of the customers and channels, that we're dealing with, the kind of value proposition that we develop. And in a way, company image proposition, everything optimized, both on the business-to-business side as well as on the business-to-consumer side. And also potentially a capital structure, which gives us freedom to put the resources and expand the resources where it need to be in these 2 businesses.

It sounds like in both business cases, it's about the customer perception. Maybe. So is this to help sales or do you see that you would have some kind of problems with the R&D organization? Do you have enough R&D resources if you would be your own entity?

Would we like to have more R&D, and sales, and marketing, yes to everything, please. I would say that being a growth-oriented team that we are now in consumer. We would definitely see that some more investment in all areas is going to be helpful, right? But we're already a very even keeled unit, which can manage very well with the investment levels that we have. But we just think that increasing both sales and marketing, as well as R&D to a certain extent, would give us better boost. I don't think we would be considering this kind of option otherwise.

Clear. And then finally, how do you see the merger of Avast and Norton? How does that affect the market? Does that have any implications on your business?

Naturally, it does. They will be a big player. It will take them time to integrate the offerings. And that's always a possibility for other players in the market for some time. I see that, especially on the e-comm side, there will be a power to be reckoned with. No doubt about it. But as I said, we're all about the partnership. So I believe that we can still be the absolute best partner in consumer security to service providers, but their power on the e-comm side. We'll see.

Thank you. I think we still have time for 1 question for Timo. All right. we'll save the questions for you. Juhani, for the later stage. So now bringing all this together in the numbers. Juhani Hintikka?

Well, thank you, everybody, and thank you for the audience. You're still wide awake. I can see you. And then Timo, a good job minus 1 day into the job. So I think you're starting to get the hand of handle of it. So good, good. Let me just recap a little bit about the day and what we've said. So first of all, we're in the fortunate position that all of our businesses are growing. All of our businesses are operating and in growth segments. So our plan is to grow and improve profitability going forward. We have done a transformation, and we are a beneficiary of that to a degree. So that is already visible in our number. And of course, we aim to continue the positive development. And you heard today about the different plans to further accelerate this development. Profitability has been on the rise. There are areas where we started investing earlier on. We are reaping some of those benefits. You heard about the elements launched from Juha. You heard about the partner program, partner network that we have done. We're starting to see that yield results and, of course, also equally the good work that's been done in the other units that you heard about. We're starting to grow the consulting business after some impacts from the pandemic, and we are in a good position to capitalize on our position in the consumer, and also there to explore new market opportunities, as you heard, for example, about the new verticals that we are looking into. And of course, fundamentally, we want to build scalable businesses because that will enable the profitability improvement, and that is especially true, of course, in software business. Wherein as you well know, we can provide repeatable products into the market, and we don't necessarily need to increase the investment because of that. And that, of course, over time, will then start showing on the bottom line as well. In Managed Detection and Response, as you can see from the gross margin figures or ambitions in this picture. Clearly, there is a technology component in all of that. It couldn't be otherwise possible. Here, we are talking about the use of automation and AI especially, and rolling out our platform into the customer base. And this, as I said, is ongoing. In cyber security consulting, technology also plays a role. But of course, as you heard from the presentation, this is very much about the deep expertise and understanding that we have into the customers and verticals in there. And that in itself will allow us to capture this kind of margins. Consumer security, of course, equally, as just described, technology plays a key role. Our recent investments into a common portfolio, 1 application underneath, which we can bring other many solutions makes it easy and attractive for the consumers. And of course, it is very sticky with the partner base that we have. As you have seen from our reported numbers, cost levels are normalizing. So we are now starting to see them come back to prepandemic levels. Of course, there's still difference, for example, in terms of travel cost. We are not traveling at the moment, almost that I would say. There are some exceptions like, Ed, being here from U.K. today, but that truly is an exception. We, of course, foresee that we will need to continue to maintain a healthy level of investment in research and development, and also sales and marketing, of course, with growth come certain requirements also for those. But as you can see from here, the development has been positive. And this is what we are saying about our guidance. The outlook for 2021 remains unchanged. And let me just reiterate what it is. So for corporate security products, we're expected to grow at a high single-digit rate. For cyber security consulting, for the revenue, were expected to grow, but uncertainty remains due to the COVID-19 pandemic. That is still a factor. In consumer security revenue, we're expected to grow approximately at the same rate as in 2020. And for the adjusted EBITDA for the F-Secure Group, we're expected to remain approximately at the previous year's level. As for the midterm financial targets, for the corporate security products revenue, we are expecting to grow at a double-digit rate, so accelerating. For cyber security consulting, we're expecting to grow at a high single-digit rate. For consumer security revenue, we're expecting to grow at a mid-single-digit rate. And regarding the EBITDA, we are expecting adjusted EBITDA margin improving towards 20%. These targets for the midterm are derived from our strategy. and they are presented, of course, here above. I want to make it clear that the financial targets are midterm ambitions, and they should not be viewed as an outlook for the ongoing fiscal year 2021. Coming back to the key takeaways, still. As you have heard many times over, good partnership is at the core of who we are as a company, as an organization, how we work together, how we approach the market, how we approach the customers and partners. We have 2 strong businesses and 3 different playbooks. We approach the market in 3 different ways. We have the elements, which is cloud-native and modular cyber security platform. Our consulting and Managed Detection and Response, serve enterprises with their hands-on experience. And they, of course, have the visibility from the latest attacks and from the threat landscape. And consumer security back on growth track. We continue to benefit from the shared technology investment, and these are, of course, key to improve profitability. We are able to leverage that investment across several businesses. We serve the growing markets, and we are seeking growth. Our ambitions are to grow all businesses while improving profitability. In corporate security products, this growth is driven by our cloud-native offering. You saw that presented earlier on. The threat landscape that is changing, it creates growth opportunities for consulting. And of course, the fact that we're deep into that. We understand what is going on. We publish research around that also helps as a foundation for our own service and product development. We continue to see that the growth in the consumer security business will be driven by the service provider channel. We continue to focus on expanding that 1 and especially with the help of some of the new products that we had discussed earlier on. And finally, as we have discussed now a couple of times today. We are evaluating strategic options to enable, capturing growth, and ensuring adequate resources for all of these businesses, to grow also in longer term. In practice, this will materialize now in 2 ways quite clearly. 1 is that we will have 2 distinctive brands. There will be a B2C and B2B brand separately, that we will use to communicate to the market the focus. And as I said, we are evaluating the possible listing of the consumer security business, as potential way to enable all of this. With that, I think we are done for the slides for today -- Thank you for your patience. I think it was a quite of many slides, quite many presenters. But maybe I don't know, time for some final questions.

Yes. Thanks a lot, Juhani. That was nice way to put it together all of the slides, and thanks for also to other presenters. But now it's time for the final Q&A. So please keep the questions coming.

Yes. So it's Veikko Silvasti from Danske Bank. Firstly, just to make sure you consider both your corporate and consumer security businesses as recurring by nature, right?

Yes.

Yes. So any plans to start giving some kind of SaaS metrics on these, maybe number of customers, average revenue per user, and so forth?

Yes. We intend to develop our reporting and the KPIs that we share as we progress. And of course, I hesitant to add that this is a process of becoming a SaaS company, not every single business that we have today, could be classified as SaaS. But broadly speaking, of course, our software businesses are on that track, and we will continue to develop them further towards that.

Sounds good. And then -- So there's basically no kind of legacy business, especially in the corporate products segment at the moment?

It's a question of definition, of course, what is legacy. I mean, 1 could argue that, it's a distinction between cloud-native and on-premise or such thing. We don't typically use that kind of distinction. Different products businesses have their own life cycles. And we, as most other companies have different businesses in different stages of the life cycle. And that's probably a better way for us to classify them.

Clear. And then finally. Is the corporate business at the moment, cash flow negative. And is it viable business on its own without the support from probably the higher-margin consumer security business?

I think we'll save the answers to that question for later. So we won't disclose more details on the profitability there.

Felix Henriksen form Nordea. Given your current thoughts around the strategy review, what's your thinking regarding acquisitions? Are you does that play a part of your strategy? And if so, what are you looking for in terms of candidates?

Yes. I think acquisition capability, if you like, is in the toolkit. And of course, we like many other players are continuously scanning the market, and making this kind of make buyer partner type of decisions. And usually, the outcome then is dependent on the required time to market, and deployment of resources and so forth, which is fairly routine for a company of our kind. So we will continue that work and potentially then have something to tell later on. But nothing to announce. And on that front, of course, what would be the candidate. I think it can either be a question of expanding the product portfolio. So finding something which is clearly complementary or something that is clearly complementary from a customer standpoint. The other way to look at it is to kind of gear more towards a services-driven acquisition, where there's a good customer contract in place, engagement, But it requires really state-of-the-art technology that could be the other option for us if we just classify 2 types of M&A.

That's clear. Then thinking about your decision to build or buy in general. Are there any sort of clear or obvious gaps at the moment that you see in your offering? Or is it more about putting efforts into your current businesses and current solutions, and investing in those and driving growth?

Of course, developing a portfolio is a continuing effort, and we will, of course, continue to do that. But as you heard, for example, from Juha. If we look at the customers I mean, on average, they're being served by over 3 vendors, all of them. So it just means that nobody has the kind of breadth of the -- or very few players have the breadth of the product portfolio that would cover it entirely. So you could always argue that if we had that, we could expand. But then there's also the question that it depends on what is the stage of that particular market? Is it attractive anymore? Or should we rather look at something completely new? And the information about the completely new is about understanding the threat landscape, and understanding where the market is going. And we're going to put a lot of emphasis also on that one.

Jaakko Tyrvainen from SEB. If we are talking of a consumer security market, and look perhaps 5 years from now. How do you see global market developing from a M&A point of view? Meaning that will it be more consolidated to the biggest ones or we'll have more players in the field or a few words on that plan?

Yes. forecasting is always difficult, especially forecasting about the future. I think what we can say today is that there is a consolidation, of course, already happening, and there are some really big players being put together that can come, and a customer base of 500 million customers. But then there's the question of business model. And I think the big question will be that how robust will the freemium model be. And if you have large companies, are they able to change that dynamic, large players. I think we are not in that business, but I think that will be 1 question to watch. I do think there is a difference on how you approach the market. If we look at ourselves being there with the partners and deeply embedded with communication service providers. I would say that's very sticky. And I would say that, that is a market where you are a part of somebody else's value proposition. And that is a different market than selling or even providing on a freemium basis or stand-alone solution. So I think it's a little bit -- maybe another clear answer, but I think there are -- even in that market, I think there are several fragments that behave differently.

I think at this stage, we'd have 1 question from the line. Also considering the numbers for our different business units. So the question is looking to give or get more insight to the sum of the part, valuation of different parts of F-Secure. So any plans that you could discuss? When are we going to give out more numbers?

We haven't announced any definite plans regarding that 1. So we'll get back to that when the time is right.

Yes. 1 more question came to mind. So regarding the possible IPO of the consumer business. Would there be any proceeds for the remainder, the corporate business? Would there be any proceeds from that operations? Or just why not just to find a buyer for the business? You would get a good amount of net cash to push your growth, and R&D, and sales investments and so forth?

Yes. Well, let's put it this way that we haven't ruled out any options in terms of what we are considering to do. But we have elected to say that, for us, the listing is an interesting alternative. And time will tell how the capital structure will look like, what will be the proceeds, and for whom, and those kind of details will simply need to cover later.

Clear. All right.

Atte Riikola from Inderes. Maybe 1 question about your consulting business and its profitability. You're operating in different markets and some are bigger and some much more. So could you tell anything about on those bigger markets? Are you already driving the business like profitable or wise? Or is it still like in the growth mode? Or is there some smaller locations that where you need to like scale to be profitable?

Yes. I think that it's fair to say that we look at that business also geographically differently. So we have certain geographic areas where we are more in growth mode or investment mode. And in other areas where we clearly are capitalizing on the position we have already built. And that's kind of, that is true. I think when you look at it holistically. And then I think the other way of looking at the profitability in that business to look at it through the offering. So there is -- there are differences in the range of services that we provide. And then, of course, we see different competition for different parts of the offering. And what we have found, for example, is that we are quite good at very complex and very demanding assignments, obviously, because they demand high expertise, and we have been, being able to play to our strengths. Then there are certain segments that are more driven maybe by a little bit lower value but higher volume. Sometimes you need also that as an entry point or as a complement to your other offering. So we're very customer-driven, I think, is the way to say that. And of course, maintaining the target to grow, but also, as Ed indicated, to grow profitably that, and manage it like a proper global services business should be managed. Where we also have the opportunity to do global deliveries that are cross-border rather than simply having the people in the country to provide all the services. And that's 1 example of that 1.

Okay. Then a little bit technical question. What is your definition for the midterm? I'm not sure if you said that already.

Yes. Broadly speaking, I think we're saying 3 to 5 years time period. And of course, what we are embarking on as the new strategy, we see that this -- we talk about episodes. So this first episode will be about building on top of the foundation we have, and accelerating, and we expect that first episode to be minimal 3 years.

All right. Now it's the last chance to ask any questions.

Until the next CMD?

Yes.

It's hopefully won't take 3 years to organize.

Okay. I'd like to thank you, all the presenters and the analysts here at the venue. So thanks a lot.

Thank you very much for coming, and thanks for the good participation and questions.