WithSecure Oyj (WITH) Earnings Call Transcript & Summary

Very good afternoon, and welcome to WithSecure Finland. My name is Laura Viita. I'm the Investor Relations Director of WithSecure and very warmly wish you welcome to this Strategy Update. In the end of October, we published a revised strategy for WithSecure. We have been receiving a lot of questions and wanted to provide this opportunity to talk to the management and get a little bit of insight of what the revised strategy means for WithSecure. So today, we have our President and CEO, Juhani Hintikka, who will first present the revised strategy, what it means, what's the background and the motivation. And after that, the CFO, Tom Jansson; and Juhani will be ready to answer questions. We will take the questions both from the room and from online through the webcast. So you can send your questions to the webcast any time. So with that, I welcome Juhani to the stage.

Thank you, Laura. Good afternoon, everybody. Nice to be here and to talk about strategy. We will be concentrating on strategy in this session. So that means that we will not be commenting on Q4 performance or any of related short-term things, but rather put our focus into what's going to happen in the future and where we are heading. And as a company, as we have mentioned before, we have been ongoing quite a significant transformation first from becoming two companies almost 18 months ago now and then taking further steps into focusing our activities and finding the best future opportunities for growth. And appropriately, we think we are calling our new strategy, the Focal Future. So let me walk you through what that means in practice. So first, I would like to say that our purpose, which is to build and sustain digital trust, that hasn't changed in any way. We are still here to do that. We are still here so that people who rely on us can do so with confidence. And we expect that those who partner with us do not experience a serious loss from a cyber attack, which is a fairly lofty goal in today's world. However, this purpose is also something that we feel that our people are getting a lot of their motivation from and this for many of our employees is the reason they come to work every day. The environment is not standing still either. So what we are kind of experiencing out there and what you can read in the papers almost on a daily basis, are incidents related to cybersecurity. But there are also certain key topics that we would like to point out that we are experiencing and observing. First of all, the cyber-crime is industrializing. We have seen that there are quite well-organized criminal groups that are treating cyber-crime as a way of making money in a relatively systematic manner, and they're also making investments in terms of their tools and ways of attacking and breaching companies defenses. And of course, the latest addition to this has been the advent of AI, which very much has been used by the defenders. But today and tomorrow, we expect to see that also in the hands of the attackers. The attack surface, which is, as the name says, the surface that we should be concerned about. That is where we will find or the attackers will find the potential vulnerabilities, the ways into the IT environment, the landscape, which we are protecting. And we are, of course, all the time also evolving our IT landscape and the environment. That means consequently, that the attack surface is also expanding. And we need to be aware of this, and we need to develop our defenses and capabilities to match this evolution. This, of course, is a well-known phenomena related to cloud computing, Internet of Things, automation and so forth. And this is an evolution that will not stop. And that means also that the way we look at cybersecurity needs to evolve as well. And then finally, we're all connected. This is an interconnected world. It means that businesses are also interconnected. So very often, you're operating in an environment where things are connected, there are dependencies. There are dependencies that relate to vulnerabilities and that means that a single security bridge can actually become quite severe indeed. So what is the opportunity then? And what do companies like us and specifically what does WithSecure aim to do about it? So first of all, we recognize that cybersecurities is an area where you can almost invest as much as you would like. There's actually no end to it. There's always somebody who will come up with a new proposal as to what you should be doing. At the same time, this industry is not immune to economic realities and macroeconomic circumstances. And oftentimes, the investments in cybersecurity are actually a fraction of the investment that is generally done on IT. So I think what is emerging and what we are experiencing in our customer base is a demand for minimum effective security rather than piling security solutions on top of each other, we actually think that there is space in the market for minimum effective security, taking care of things that are critical for you, taking care of things that relate to your business outcomes. And that is what we are proposing is the new opportunity. At the same time, we see that there's quite a widespread discussion around regulation, data privacy and other related factors. And we can clearly identify globally that there are actually geopolitically speaking, three bigger areas. There's the China-related domain. There's the U.S.-related domain, and then there's the European domain, and they are all different, and they tend to look at security, privacy, cybersecurity in different ways. In the U.S., it's very much about the market, deciding what the right course of action is that and if that is contested, that usually happens legally. There's the Chinese way where there's the basic assumption that the state is able to control and monitor things and you give up a lot of your privacy in order to gain some benefits and access to certain tools and platforms. And then there's the European way, the continent that has pioneered the GDPR legislation where we generally can say that we put more emphasis on privacy -- digital privacy and cybersecurity related to those. And there's, of course, regulation related to that, that will -- is actually now coming into effect in this year and next year related to NIS2 and the cyber resilience that have been driven by EU. And we believe that this European way of approaching cybersecurity can actually be something which is potentially quite attractive also to many of the end users and companies, where they can clearly feel that working with a company that embraces these values is actually placing a trust in somebody that seems trustworthy when you're emphasizing and advocating these values. It doesn't mean that we would only operate in Europe, but it does mean that we look at things from a European perspective. And we believe that for many customers, this is attractive going forward. About 50% of the current attacks are directed against midsized businesses globally. This is not well known but less well known even is the fact that these companies are not investing in proportion. So it means that these companies, these midsized businesses are very much targeted, but at the same time, they oftentimes are overwhelmed and under-resourced. They lack the capabilities, they lack the resources and funding to effectively counter these threats. And of course, we believe that that is an area where we can help. And our vision is to become a flagship of European cybersecurity that cyber adversaries hate and our partners love. And this, in a way, says it all. We feel that we are out there still against the cyber adversaries that we've been battling for the entire time we have been in the business and emphasizing the fact that we put our partners first, and we continue to be successful together with our partners when they are successful. More concretely, we are basing our strategy on these building blocks. First of all, when we look at things from a technology and portfolio perspective, we talk about the Elements Cloud, and we specifically talk about it for security outcomes. We like the things think about security in terms of outcomes. What is it that we actually are after, what is the outcome that aligns with the business outcome that our customers want? And for this, we have the Elements platform, which has now been complemented also with so-called co-security services. These are services that we build on top of the software that actually allow us to better and our customers to better take advantage of the platforms and of the technology. So they can be very simple things, and they can scale up all the way up to managed services. But the important thing is that all of this is packaged, it's modularized and it's easy to deploy, easy to order and easy for our partners to get the benefit out. We put our channel partners first when addressing the mid-market. And our definition of mid-market is companies between 200 to 2,000 seats. That is where we are focusing our efforts. Now of course, we have customers that are larger than this, and we have customers that are smaller than this. But moving forward, we think this is the best opportunity for us to grow. And many of these characteristics that I mentioned under-resourced, overwhelmed are very true for companies of this size. And then winning with the European way, as discussed earlier, a key part of this differentiation also moving forward, we look at things from a longer-term perspective. Then we have some underlying capabilities that are important. We believe excellence in co-security, the fact that we have software, but we have supporting services, we believe, makes a big differentiation -- gives us a good differentiation against some of our peers in the industry and also very much fulfills a need that clearly is out there because of the inherent complexity that is related to these solutions. Artificial intelligence, who wouldn't talk about it today but for us, of course, this is something that we've been investing in almost for 20 years already. I think as mentioned earlier, the new thing is that the attackers now will be using these tools as well. And of course, the new thing is the popularization of AI and some -- the advent of some of the tools that have been made available, and we will be incorporating those also into our products and into our operations. And then finally, the human expertise. This is very much still about the people, the competence, the capability that we have in this company. And as you will remember, these capabilities, competencies are hard to come by globally, and there is still a great demand for talent in cybersecurity. A little bit deeper look into the portfolio then. So this is the vision for Elements Cloud. And if we look at it from the left -- we have -- initially, we have the protection-detection response, very much the market there is today, very much centered around endpoints, but also started to cover the cloud space with the cloud detection and response capabilities. That is complemented with this co-security services on the extreme right that I talked about. These are services that you then pile on top of the software platform. And depending on the need, they can be very extensive, comprehensive or there can be simple co-monitoring services where we complement our partners offering. And then there is the part in the middle, the green part, make market and attack. So one of the interesting new spaces in this industry is called Exposure Management. And it can be simplified by saying that what it means is we're taking a proactive approach to cybersecurity. When historically, we've been trying to first prevent things from happening, then we have said that, okay, we couldn't prevent everything. Then it was about detecting something happening and taking some action. That is the world we live in today. But tomorrow, this will be increasingly about taking proactive action in understanding what is happening with the attack surface, finding vulnerabilities before they become problems and taking general action related to that. We will be launching a new product in May at Sphere around this one, and that will pave way for our development into this new space called Exposure Management. If you look it up, some of the analyst houses that are following our industry like Gartner are actually talking quite a bit about this one. It is still a market that is not fully developed, but it has great promise. And that's where we are gearing our future investments into. Then another picture, and this maybe illustrates better what I said about complementing the software platform with services products. So on the left-hand side, you have the endpoint protection products, starting with EPP, then moving into endpoint detection and response and then adding co-monitoring, incident response readiness and intelligent threat exposure. So you see that how does it behave on an annual basis when we look at the per user pricing, so EPP being at the level of EUR 20. But if you're able to kind of go up to EDR and then complement that with co-monitoring you're already talking about EUR 60, 3x the amount. And of course, then moving onwards to the proactive side where we can expect higher revenues per user on an annual basis all the way up to 6x. And as said, intelligent threat exposure, this is about 360 visibility across digital risks. It is about the active discovery of vulnerabilities, attack path simulations. Many of these things have actually been done already, but as a consulting service. Now this is emerging as software, software products that can be deployed automatically. And if you recall, we said that we want to bring the minimum cost-effective security. We want to bring it to mid-market that doesn't necessarily have the capabilities to invest in a similar way than large companies that have been doing consulting, for example. Coming back to the definition, mid-market 200 to 2,000 seats, co-security minded. And co-security, of course, means other things than bringing services there. It also means that we're looking at the business from our partners' perspective. We are looking at the business from a partnering perspective also when we talk about the end customers because our thesis is that nobody can actually solve these security challenges alone. This is a collaborative effort that requires working together. We believe that some of the things that have made us famous and some of the things that have made us successful are still valid tomorrow. Always just seconds away. Our responsiveness is there. We have the footprint. We have the global presence to answer to our customers. And we can also help our partners with accelerated time-to-market and healthy profits because we will together device solutions that make it easy to deploy, easy to buy, easy to deliver for our partners. And that alone will set us apart from the competition. And we will, as said, put our partners first. We let them define what the success is for their customers, we will adapt, and we will differentiate by putting our partners always first. This is a user interface. So we don't only supply products to our partners or to the end customers via our partners. We also give our partners tools where they can run the business. So this is an example where the partner can monitor real-time what kind of revenues they are generating from the software they have out there, how many customers they have and what kind of capabilities and characteristics they are out there. We're continuously developing this. This is a window into that world. And of course, it's a channel also for us to communicate and interact with our partners in terms of ordering, delivering, supporting them with their business. We're also becoming more focused in terms of the geography and our presence. So we have identified five key growth markets, Finland, the German-speaking area, DACH, France, UK and Japan. These markets are partly chosen because of our current presence there, the current opportunities we see. And we are now in 2024, putting most of the emphasis now in developing these markets for fast growth. And then we have a number of other markets that we call the challenger markets here. We'll take care of the customers we have there, take care of those partners we have there. But relatively speaking, we'll invest a little bit less there in 2024. And we are, of course, then aiming to grow some of these countries and markets to the left, where they can be characterized as focus markets. A couple of words about consulting and then Cloud Protection for Salesforce. So what I just presented to you represents the so-called unified company strategy. It is a strategy where we are all focusing on the same thing. We're all focusing on the mid-market in these given countries with these Elements, cloud portfolio and doing that together with partners. But as you're aware, in addition, we, of course, have a significant consulting business as part of the group. And we have said that we are conducting a strategic review that is ongoing regarding this business. As part of this transformation that we're undertaking now and fine-tuning our organization, we are also making this a completely independent unit within the group. So we will be running the consulting business with its own sales organization, own delivery organization. And there are, of course, certain connection points to the rest of the group. But for all practical purposes, it's a fairly independent business unit. And here, we are, of course, taking advantage of the presence we have, the good clientele we have in the financial sector, especially in U.S., UK, Nordics and Singapore. And we continue to differentiate this business by being research-based by providing top of the range, technical skills and expertise in terms of leading-edge solutions and understanding of also of the most complex and evolving cyber threats. And this continues, as I said, as part of the group. And then we have Cloud Protection for Salesforce which has been run separately. So we continue to do that. Here, we're also conducting a strategic review maybe from a slightly different perspective. We are more thinking of potential avenues to find more capital for accelerating the growth rather than thinking of divesting it as an entity. And here, we continue to believe that this is a significant opportunity on its own. Its customer base is enterprise and large enterprise. So if we look at, for example, the U.S. market, half of the customers are Fortune 500 companies. That continues to be the focus. And of course, that, in a way, also dictates the sales approach, which is an enterprise sales approach. It is directly to these large companies. So in summary, we aim to become the golden standard for mid-market in cybersecurity with those characteristics that I outlined. This requires that we continue to be a leader in co-security, meaning that our products, our leading products, meaning our portfolio is comprehensive, fulfills the needs with the services it offers. And we aim to be the flagship of European cybersecurity, which is a space where there are not that many contestants actually because most of the players in the European cybersecurity market are actually coming from outside of Europe. This, ladies and gentlemen, concludes my presentation, and I think we're happy to take some questions from the audience.

Right. So we'll start with the questions in the room.

Felix Henriksson, Nordea. I have a few questions. I can go one by one. First, starting with the consulting business. I just wanted to hear your thoughts about the impact of a potential divestment to the rest of your business, the software business. How much sort of overlap has there been in service delivery? And will, for example, your incident response capabilities suffer as a consequence of this action.

Yeah. The impact is fairly limited. So the businesses from a customer base or go-to-market perspective are completely separate. So there's no synergy there. We have certain capabilities that we will continue to have even after potentially divesting consulting business. For example, incident response readiness or Threat Intel, that is a capability that is required, both on the consulting side, but also on the product company side, and we are taking steps to establish two teams to that effect.

Right. I think in the past, you've sort of described that the sort of consulting business and the frontline insights that you get from that business is a competitive advantage for you and also that sort of cloud content protection is something that you differentiate yourself with. So could you perhaps clarify with a few bullet points, what are the sort of key competitive advantages of WithSecure that will differentiate you from competitiveness going forward?

Are you talking about now the new mid-market company.

The new company.

Yeah. So of course, when we said to go back a little bit and to go back to consulting, actually, we have said that consulting has given us a lot of insight as to what's going on in the world, and that's helped us craft completely new products. That has been true. And I think there is a recognition of the fact that we also need consulting-like capabilities in the new unified company as well. We will have them because we continue to track the market closely because we need to implement into our software capabilities that respond to threats that are out there. So we have similar capabilities even in the product company going forward. As to what will differentiate the mid-market focused partner company, I think there are a couple of things. One of the things, of course, is in itself the fact that our portfolio is leading. You could, of course, argue that all the good players have a solid product portfolio, maybe so, but very few have actually supporting services as part of the portfolio. And then we have a very credible and exciting roadmap for moving forward into exposure. I think that alone will also provide us differentiation. Then the fact that we are placing our partners first that we always say that their business comes first, and we are very close to them. We think that is a big differentiator. And finally, we do believe that taking the European approach towards privacy, cybersecurity and embracing some of the potential aspects of the related regulation will help us differentiate moving forward.

And then a couple of financial questions before I let others ask as well. You also announced a new cost savings program with targeting EUR 20 million of annual cost savings going forward. So could you perhaps provide a bit more clarification on the areas that you aim to cut costs? And how will you be able to cut such a large amount of cost without sacrificing your growth outlook?

Yeah. I mean that is a process that is ongoing at the moment. And of course, the aim is that we ensure that we have a healthy cost structure going forward also with this new strategy, and it's a big task that our organization is going through and very unfortunate. But we are making actions to secure profitability also going forward. And this is impacting the entire company in a way or another.

Okay. So no rough split between sort of sales and marketing, R&D and admin cost lines, for example, which will witness the largest reductions.

Like I said, I think at this stage, we are -- this will impact as we have announced the entire company in some shape or format.

Maybe I could add, still here that, of course, we are looking at best practices and benchmarks in the market, and our aim is to be within those brackets. And I think there was some room for improvement also in terms of getting there, which we will now do.

Right. And then just finally, I guess, you're also will be booking sort of some kind of restructuring charges related to the cost savings program as well as the strategic review. So can you give us any guidance on what to expect in terms of one-off costs for both of these sort of initiatives?

Well, we will announce those when the process is complete. So -- but as we have said before, we are expecting this cost to be booked in Q4.

It's Matti Riikonen, Carnegie. A couple of questions, and I will continue with some of the topics that were asked previously. If we think that previously, you had some synergies between the consulting business and the product business. I mean that is part of the strategy that you talked about many years, then we would naturally assume that there would be some costs that you will now take for the kind of company that will be left after the consulting business is sold. So could you give us some kind of idea of the cost increases in the remaining business that are related to capturing the basically the same knowledge to develop the, let's say, Elements portfolio modules further. So what's the kind of cost increase that will be generated from this divestment?

Well, like I said, I think this also relates to current process. So we are making sure that the future cost structure is appropriate for also the new company. So that is kind of taken care of in this ongoing process.

So in a way, you're saying that the EUR 20 million cost savings are somewhat dependent on the divestment of these other units that you plan. So it's not quite clear cut what costs will actually be triggered and what then needs to be saved.

Well, I think it's very difficult to say what would be the dis-synergies. I think we are forming a new unit. And at the same time, we are then looking at the entire company and making sure that we have a cost structure that supports our belief of the future and the strategy. So I wouldn't maybe characterize it that way that you put the question.

Okay. Then if we think about the new Elements modules that you described in the presentation, do you think that you will maintain the same R&D cost per sales so far or do you think that you would need to increase the R&D spend to make those happen.

So we have used -- like I said earlier, we have used some benchmarks in the industry. And of course, our target is to be competitive. And our target is neither to overinvest, but neither underinvest either. Of course, as you saw from the portfolio picture, we have future plans. We plan to launch Exposure Management in May. That means that we need to maintain a good level of R&D investment there. And just to complement Tom's earlier answer, of course, when we are doing this restructuring as announced and targeting this EUR 20 million cost savings. Of course, that is the vehicle for us to get there. And we will report in due course then what the portion of R&D cost is to sales and that will become visible.

Okay. And then further related to costs and not just R&D cost, but total costs. Should we assume that the EUR 20 million cost savings are net, so that part of that amount saved will not be used for other types of cost increases elsewhere in the organization or is the EUR 20 million gross savings that you will take out from the current cost base anyway, and there will be no kind of slippages to other investments in the company.

Well, I think there is always cost that's moving around. There is inflation, there is salary increases and so on. So it's -- you can say that it's a net number from that perspective, but it is a saving from what we see as current run rate.

Because if we just think that the kind of margin improvement path that you have had so far leads to some, let's say, estimate for 2024 and it would be kind of very easy to just add EUR 20 million run rate on that and then we would have a new normal. But often, it doesn't happen like that. So it would be kind of nice to understand that what would be the true saving after cost increases what will actually be left for shareholders to consider?

Well, I think we will return to this question after Q4 when we look at the guidance for next year. So I think that's a better way of looking at it.

Yes. It's Kimmo Stenvall from OP Markets. One question on the Cloud Protection for Salesforce. So can you just help clarify how this kind of unified this unit is -- is it easy to divest or did I catch up right that you are maybe acquiring also minority shareholders for this business or what is the plan on this?

So we haven't announced any kind of definite plans, but we have said that we are not primarily looking at full-scale divestment, but more an injection of capital or investment into it. And it is run as it is today as a separate unit, and it has its own go-to-market on separate customer base, etcetera. So it's fairly easy to identify if you take into -- in such investment where the money would be would be going there. The primary motivation there would simply be to accelerate the growth that we are experiencing there.

All right. I'll move on to the questions from the line. So it seems that there are people who have a flu and they are online. So first of all, there's Atte Riikola, our analyst. So which one is more important for your growth in the future, support your existing partners to increase sales or to find completely new partners?

Both are important. But I would say that we will probably put even more emphasis on winning completely new customer -- new partners going forward.

Why do partners choose WithSecure's products instead of some other vendors?

I think it's a couple of things. First of all, it needs to be a first-class product, which it is. It needs to be easy to use, which it is. And then I think you need to demonstrate that you are a true partner to your partners. So you give them tools, you give them training, you give them pricing, you give them a complete package as to how to do business and be successful together with us. And this latest addition, adding packaged services that support the software is actually very welcomed by the partners because it gives them further opportunity to differentiate.

Very good. What makes Japan an interesting market for WithSecure? How does the competitive landscape differ from Europe?

So we've been in Japan since 1998, and Japanese market is as many of you I'm sure know is a market where you need to take a long-term perspective. It takes a long time to build a reputation in the market, win the customers, win their trust, but we have that. So we have that gain that over the years -- they value quality, they value the technology that we bring in there. So that is the foundation that we have in Japan. The Japanese market has the usual suspects in terms of competition, but it also has strong Japanese players in the marketplace. So it is as competitive as many other markets. But I would say that in Japan, I think we are benefiting from our history, partly and then also of the partners that we have in Japan, we are fairly big partners in Japan that address the mid-market together with us. And of course, that I think is maybe the biggest difference compared to Japan and some of the other markets that our partners have very large companies there typically.

All right. And then about the cost savings program, how much do you think it is affecting your ability to grow in the coming years?

So we have tried our best to plan the restructuring activities in such a way that it wouldn't hurt our focus. And of course, I say this with reference also to the geographic focus, where we say that okay, we are going to focus our investment in these five key markets where we see the best opportunities for us to grow. And then the challenger markets more being supported with more moderate growth ambitions. I think that's part of the story as such as we are cutting costs, as Tom said, in all levels.

All right. Then there's a question from the audience. Is there a plan to sell WithSecure?

We are very happy with the current plan that we have, and we continue executing it as it is.

Good. Then moving on Waltteri Rossi, our analyst. How do you see the continuing cloud and software business at approximately EUR 100 million level in sales changes, chances of surviving against large competitors.

I think there is space. And I think this is, I think, the proof of this is that there are many companies that are smaller than us who are doing quite well in the market as well. But it's a question of finding your own place in the market, both in terms of geography, but also in terms of the product offering. And admittedly, when we look at the endpoint market where our majority of our product business is today, of course, it's relatively crowded. But at the same time, we are, as always, in technology business, we have our eyes already on the next opportunity or the next segment of market, which, in our case, is the exposure management space. And there, of course, our targets are ambitious.

Then just to continue on that, what is keeping Microsoft out of the mid-market? And how can you compete?

So Microsoft is a very large company, and I wouldn't make any assumptions about them being out of any market in general. But I think one thing that sets us apart from them is the fact that we provide services that help our partners differentiate against the Microsoft offering.

What about the profitability of the cloud and software business right now?

So this has typical software business characteristics in terms of the gross margin it commands. So basically, the primary cost item between the top line and the gross margin is the cloud cost. So we run our operations in primarily in AWS cloud and the biggest cost item is the cost we pay to AWS.

Direct channel and personal service has been your value proposition, but now you are shutting it down. Does this lower your value to customers?

So we are not shutting down the direct business that we currently have. We will continue to take good care of those customers. And of course, it's good to remember that while we have these intentions of focusing on partners via partners towards mid-market, some of these companies are still large enough to say that they want to buy directly from us. And that will still be the case. But I would classify it more as an exception than the rule. And then, of course, we have had fairly significant MDR customers that we continue to serve directly in many cases. And maybe something to mention here, if it hasn't been clear from the presentation that we are not divesting MDR in any way. We continue very much being a player there. And we continue to build our future MDR road map on top of the same software platform as we do everything else in the company. And by the way, that fact that we will have a single software platform in the company is a big source of savings also moving forward.

Is the Exposure Management something that current customers have been showing interest towards?

I think there are early indications of interest. But as always, in tech business, you will have then some forerunners, some people who are more progressive and some people who are, in a way, investing, if not immediately money but also time in thinking about the future and what is really required. And we are quite optimistic about the early indications we're receiving.

All right. Then I'm moving on to Jaakko Tyrvainen, our analyst. Could you give any further indication of what is, first of all, the profitability level of consulting and second, sales level of Cloud Protection for Salesforce.

We haven't published those, and we will look at it also then for next year and see what we come back with at that point of time.

All right. How many channel partners do you have now in Europe? And is the intention to increase the number of partners or to have deeper cooperation with the existing ones?

So the intention is to do both. But I think we will maybe be more visibly going after completely new partners because oftentimes, it means also completely new end customers. And in terms of our overall partner base, we have around 7,000 partners, 6,000 active, I would maybe say and Europe is the majority of those. I can't give you an exact number on them.

What is the addressable market in your sweet spot, i.e., European midsized company market?

No, we don't have that off the top of my head. We can probably come back to that because we derive that market figures from public sources.

What about the up-sales potential? Could you indicate how large share of your clients are still in EPP only?

Off the top of my head, no, but I think there's been significant progress actually during this year in certain markets that have been EPP only or even business suite only, which is still our on-premise solution. We reported as part of our ARR business, which it is, but its on-premise, and we are in the process of migrating these customers to our cloud-based offering, and that has gone well this year and will continue. One shining example, for example, has been France, where we have done tremendous progress during this year.

Have you analyzed what is the ballpark funding need for Cloud Protection for Salesforce in order to execute the planned growth strategy?

We are not disclosing that level of detail at this point.

All right. No, there are no longer questions in the chat. So if you have any question on your mind, [indiscernible], there are more questions here in the room.

Felix Henriksson, Nordea. Going back to the upsell sort of question that was asked earlier. Would you consider reporting sort of the average number of modules used in your Elements platform going forward? Because I think this is a pretty integral part of your equity story, and you also demonstrated it here today, and we appreciate if you could give us any further color on, for example, what has happened after the 2022 CMD when you sort of showed the progression in the number of products adopted by customers? So if you could give us any concrete numbers around that, that would be great either now or in the future.

We can certainly consider that. I mean, of course, it's in our interest as well to kind of help you build an accurate picture of our business. And as you said, it is in a way a function of how many customers we have and how many modules do we have out there and how much potential there is left to upsell.

Right. And then on the Exposure Management side, I guess this is to be thought as an additional module of your business. And just looking at the competitive landscape, I guess there is already some forerunners in the market. So what's the value proposition to customers? Is it sort of about selling these to existing customers who already have Elements or how do you expect to sort of compete with the forerunners out there in the market?

Yeah. There are many companies or several companies who have made announcements that they have this. But in reality, the market is still very early. So we are not late at all by going into the market in May. And it will be a completely new product because it's also tackling a different problem than the detection and response space that we cover with our current offering. But of course, it will integrate into the Elements Cloud that we have. Time will tell, of course, how this market will develop, but we believe that there's great promise in going after it. And hopefully, we'll be able to talk more about it. We will obviously get into the details of that in May when we launch the product that Sphere, which is our annual event.

And finally, going into the topic or theme of sort of vendor consolidation that has been happening this year in a softer market, these one-stop shops and best-in-class security platform companies have been sort of doing better. So a couple of questions related to that. Firstly, what do you sort of say that those who argue that this is sort of a winner takes it all market? And secondly, do you expect this venture consolidation theme to ease when the economy picks up a bit more?

Forecasting is difficult, especially about forecasting the future as they used to say. So it is true that there's been more pressure on consolidation. I think with the market slowdown and that there have been bigger entities as a result of that. But at the same time, I think this is similar to any technology business that kind of tends to happen. And then you turn your eyes into, okay, what is the next segment where you could again be operating with a little bit different characteristics. I think in our case, we recognize the fact that the endpoint market is a fairly contested space where we play and where we earn our living today. We think though that we are one of the few ones that has a credible services offering to actually complement our portfolio there, and we think that is differentiating us. And you can only compete there even in this contested space if you have a really good product, which we do. So I think pretty much bearing that in mind I think that is the current outlook for that.

Hi, Matti Riikonen, Carnegie. A couple of questions. We talk -- if we talk about the cost savings and how they kind of go forward in 2024, when would be the time when you have reached the 100% level of reaching the EUR 20 million cost saving rate during '24? I'm assuming that it will be in '24, but just how quickly do you think that you can ramp up those savings? And when is the time then when basically everything has been done so that after that, all EUR 20 million will be visible.

Well, they will start in Q1 and depending on different processes, but expectation at this point probably would be that first half, we would be done with it.

We have pretty much concluded the negotiations and there are communications taking place already this week regarding the fine-tuned organizational setup and responsibilities. So we're well in -- on time with that and with our plans.

All right. And then just a technical question. Now that you have said that Consulting and Cloud Protection for Salesforce will be kind of noncore. How do we see that in your reporting? Do you plan to change it so that we can basically look at what is remaining and what is not remaining as separate line items?

That is, of course, under review, which is clearly in this stage, and we will come back to that when we are in -- when we publish the Q4 results as well for next year.

Right. Because obviously, people probably are more interested in the parts that will stay and not any longer part [indiscernible] stay.

So we need to look at this.

The [ first ] quicker, the better.

Yes.

All right. There's one more question from Atte Riikola, our analyst. Five years ago, MDR, Managed Detection and Response was the next big growth pocket in your markets, but it became very crowded segment, what will prevent this from not happening in the exposure management?

We need to move fast. We need to execute faster than what we have done in order to capture the opportunity, and we need to enable our partners to execute fast and capture that opportunity. I think it comes down into a couple of simple things like that one.

All right. No more questions in the chat. No more questions in the room. So maybe a word of wisdom and then we can wrap up.

Now, I would simply like to say that this, of course, as I said in the beginning, is a company in transformation, starting with the demerger and then moving onwards into which we believe now is a very sound plan for the future. We have we have a focused end customer segment. We know how we are going to address it. We have a credible portfolio, and we have a good road map also to the future with some exciting opportunities to change the stakes completely. So I will leave you with that. Thank you.

Thank you.