NCC Group has revealed its FY20 accounts. They show an increase in sales, despite around £15 million being lost or deferred due to COVID-19. Luckily for the company, global sales growth for cybersecurity services means it has been able to sustain that lost income and still show a slight increase in operating profit. However, the company has still not made any statement over the CREST exams debacle, which could yet have a serious impact on its business.
Presenting the result, Adam Palser, Chief Executive Officer at NCC Group, also warned of future challenges in the cybersecurity market. He pointed out the rapid increase in connected devices pointing to the growth of Smart Cities, IoT and intelligent transport. He also highlighted the proliferation of remote working and its impact on cloud technology adoption. Both areas, he warned, are increasing the opportunity for bad actors.
Palser also had a message for the boardroom saying the: “The regulatory environment is bounding along, trying to catch up. As regulation increases so do the consequent costs of compliance failure.” NCC Group also points out that global online security breaches continue to rise at more than 20% per annum. These bring associated reputational and financial losses.
Risk is not always bad, and for NCC Group, those risks have driven income. Palser said: “The shuddering financial impact on so many companies has brought the resilience of their software supply chains and other supply chains right up to the front of mind, which has driven direct benefits into our software resilience division.”
What risk does NCC Group see from Work From Home?
Like many cybersecurity companies, NCC Group has not had to put anyone on furlough during COVID-19. Instead, it has given staff time to improve their skills which will give it a greater technical capability and greater capacity as organisations go back to the office.
However, COVID has had a significant impact on the market. Palser identified the cyber risk created by companies having many employees working remotely. He also highlighted the logistical and financial challenges along with the general uncertainty that many parts of NCC Groups customer base are facing. Of more concern was his comment that: “Understandably, certain segments have chosen to deprioritise cyber risk as they worry about other things.”
There is a risk with that. Palser warns: “We absolutely believe this is just building up a wealth of compliance debt that has to be paid down if those firms are to operate safely for years to come. As the economy normalises we expect to see a continued bow wave of demand, as people have to pay down that compliance debt.” It is another warning to the boardroom that it must not ignore compliance challenges.
How well did NCC Group do?
Given the impact of COVID, it has done better than many. Revenue for FY 2020 is up by 5.2% to £263.7 million. Gross profit was up by 2.6% at £104.4 million. The biggest increase came in operating profit which saw a 7.2% jump to £20.9 million. The latter is likely to be through reduced costs for office space and significantly reduced travel and accommodation costs due to COVID.
Shareholders will also welcome the fact that the dividend is the same at last year at 3.15 pence, especially as many companies have reported much lower dividends.
The results were also welcomed by the market and drove the share price back to a six month high. In March, the company watched its share price drop by over 100 points (37%) over three weeks. It has now clawed back just over half of that and Palser appears positive that it can continue to recover.
Palser commented: “I am pleased with our trading performance for the year. Thanks to the stunning way in which my NCC Group colleagues have risen to the challenge we have weathered the impact of the COVID-19 pandemic to date and emerged with a stronger balance sheet whilst preserving the technical capability that makes NCC Group so distinctive.
“The investment and progress we have made through our Securing Growth Together transformation programme underpinned our recent resilience and the Group is well placed to thrive when the economy recovers.
“I would like to thank all my colleagues for their continued resilience and professionalism during these challenging times.”
That CREST debacle
Hanging over NCC Group is the debacle over CREST exams. In August, The Register revealed that cheat sheets provided by NCC Group to its own staff to get them through CREST exams had been posted online. Since then, CREST has appointed an independent investigator to examine what went wrong and the impact it has had on the integrity of the CRT exam.
There are a lot of possible outcomes here, including CREST suspending the qualifications of everyone who might have had access to the NCC materials. NCC Group has already faced reputational damage on cybersecurity forums, and any suspending or resit of qualifications will only add to that. At present, NCC Group is not commenting on the likely impact of any investigation. Given it is a public company, that is a surprise as it is a material risk to the business.
Enterprise Times: What does this mean?
These are solid if unspectacular results from NCC Group. Unlike many companies, it took action early when COVID hit its customer base in Asia. In doing so, it was already prepared when Europe and the US were forced into lockdown. What will be interesting will be how well it has managed the first half of FY 2021. Those results are likely to be released in November. Given the share price rally based on these results, the market thinks that Palser and his team are on track to reverse the recent decline.
The elephant in the room is the CREST situation. Whatever action the independent investigator decides upon will be closely watched. NCC Group has been a staunch supporter of the accreditation body and will hope that this all blows over.