Full year results

11 April 2019

Corero Network Security plc

("Corero", "Company" or the "Group")

Full year results

Corero Network Security plc (AIM:CNS), the AIM listed network security company, announces its audited results for the year ended 31 December 2018.

Financial Highlights:

· Group revenue of $10.0 million (2017: $8.5 million) of which 51.1% is recurring

o SmartWall revenue up 23.1%

o SmartWall recurring revenue1 up 43.2%

· Significantly reduced EBITDA2 loss of $2.1 million (2017: loss $5.0 million3)

· Adjusted operating costs4 13.3% below 2017 

· Loss before tax of $5.2 million (2017: loss $8.5 million3)

· Loss per share 1.4 cents (2017: loss per share 3.0 cents3)

· Successful equity fund raise in April 2018 of $5.3 million (after costs)

· $2.0 million investment from Juniper Networks (NYSE: JNPR) secured in October 2018

· Strong balance sheet with net cash at 31 December 2018 of $4.4 million (2017: $1.4 million)

Operating Highlights:

· Signed global resale partnership with Juniper Networks (NYSE: JNPR)

· Increase in average new customer order intake value:

o Perpetual license sales orders $275,000 (2017: $250,000)

o As-a-service contract value $55,000 per annum (2017: $40,000)

· Follow-on orders from existing customers up 57% to $4.4 million (2017: $2.8 million)

· Continued high levels of customer satisfaction

o Services renewal rate remained strong at 98.5% (2017: 97.5%)

Outlook

· Entered 2019 with a growing new business pipeline from both new and existing customers

· New Juniper resale partnership now set to deliver incremental revenue growth, with first revenue generating order secured in March 2019

· DDoS mitigation market fundamentals remain strong with market analysts forecasting double digit growth

· The Board continues to believe the business is well-placed for further growth

Ashley Stephenson, CEO of Corero, commented: 

"2018 was a year of continued strategic progress for Corero, culminating in the signing of a landmark resale partnership with Juniper Networks, a US-based industry leader in automated, scalable and secure networks. Not only does this agreement provide an additional route to market for our products but it also serves as a significant endorsement of our SmartWall technology. Securing the first Juniper resale customer win in March 2019 was a significant milestone in the development of the Juniper go-to-market channel for Corero.

"Corero continues to be well positioned to deliver on its goal of becoming the leading player in the real-time DDoS mitigation market, with over 100 customers and a growing number of go-to-market partners.

"We remain focused on delivering strong revenue growth and committed to achieving our stated goal of being EBITDA positive and cash generative by the end of the year."

Enquiries:

About Corero Network Security

Corero Network Security is a leader in real-time, high-performance DDoS defense solutions. Service providers, hosting providers and digital enterprises rely on Corero's award winning technology to eliminate the DDoS threat to their environment through automatic attack detection and mitigation, coupled with complete network visibility, analytics and reporting. This industry leading technology provides cost effective, scalable protection capabilities against DDoS attacks in the most complex environments while enabling a more cost effective economic model than previously available. For more information, visit www.corero.com

Operational review

2018 represents another period of strategic progress for Corero. Revenue for the year was $10.0 million (2017: $8.5 million), comprising almost entirely of sales from SmartWall, Corero's market leading DDoS mitigation solution, which grew by 23.1% in 2018. Recurring revenue, comprising security maintenance and support services and DDoS protection as-a-service revenue, increased to 51.1% of total revenue versus 47.1% in the prior year.

Corero closely managed costs in 2018, with adjusted operating expenses4 of $9.9 million, 13.3% below the prior year (2017: $11.4 million3). In addition, the EBITDA2 loss for the year reduced to $2.1 million (2017: loss $5.0 million3).

Revenue growth and progress towards EBITDA break-even was impacted by the longer than anticipated time required to secure contracts and develop revenues from new go-to-market partners in the year. However, we expect this to ramp-up in 2019.

The loss for the year reflects the continuing investment in Corero's technology and sales and marketing activities. Management is focused on delivering revenue growth, adding new customers, and targeting being EBITDA positive and cash generative by the end of 2019, by focusing on:

· Executing on a strong and growing pipeline including opportunities arising from the recently announced Juniper resale partnership; and

· Leveraging the growing demand for Corero 100Gbps SmartWall technology from the adoption of faster and more economic 100Gbps links in the Company's target markets.

Corero continued to make good operational progress during 2018, delivering against the 2018 strategic objectives which included:

Expanding routes to market: Signed global resale partnership with Juniper Networks in September 2018; partnership enabled with product SKUs, sales and support training. Both Corero and Juniper are now actively engaged with a number of prospects and trials with a strong pipeline of Juniper customer resale opportunities developing.

Growing customer base: Progress made in the year, with new customer acquisition to be accelerated with ongoing demand for Corero's SmartWall solution (over 100 SmartWall customers at year end); over $1.5 million order intake for SmartWall 100Gbps product in 2018 (2017: $0.4 million from initial orders following product release in December 2017); Juniper global resale partnership is expected to increase customer numbers in 2019; sales order intake from Digital Enterprise customers grew by 53%.

Maintaining competitive advantage in real-time DDoS mitigation: Delivered two new major SmartWall software releases to customers; developed the SmartWall Threat Defense Director ("TDD") product, a market leading DDoS mitigation software solution for large Tbps scale networks, for the Juniper global resale partnership; released fully integrated 100Gbps DDoS Appliance - the SmartWall NTD1100, a market leading solution for migration to 100Gpbs connectivity.

Financial Summary

The Group reported revenues of $10.0 million (2017: $8.5 million).

Total operating expenses were $12.7 million (2017: $14.9 million3).

· Operating expenses net of capitalised R&D costs and before depreciation and amortisation of intangible assets were $9.4 million (2017: $12.0 million3). Capitalised R&D costs were $1.7 million (2017: $2.2 million). 

· Operating expenses include an unrealised exchange gain of $0.4 million (2017: loss $0.6 million) arising from an intercompany loan.

· Depreciation and amortisation of intangible assets was $3.3 million (2017: $3.0 million).

Losses before taxation were $5.2 million (2017: loss $8.5 million3) including amortisation of capitalised R&D of $2.9 million (2017: $2.4 million). The reported loss per share fell to 1.4 cents (2017: loss per share 3.0 cents3).

Corero had net cash of $4.4 million at 31 December 2018 (2017: $1.4 million), comprising:

· Cash at bank of $8.0 million as at 31 December 2018 (2017: $1.4 million), having raised $5.3 million (after costs) in April 2018 from an equity placing and subscription, $3.9 million (net of costs) from a bank term loan concluded in April 2018 and drawn down in May 2018 (the "Debt Facility"), and $2.0 million from an equity subscription by Juniper Networks in October 2018; and

· Debt of $3.6 million (2017: nil) comprising the Debt Facility. The Debt Facility replaced an existing accounts receivable financing facility of $1.5 million.

The net cash used in operating activities in the year ended 31 December 2018 was $1.8 million (2017: net cash used $6.0 million) reflecting the loss for the year and increase in working capital investment in the period of $0.3 million (2017: increase in working capital investment $0.7 million).

Market Dynamics

Technology continues to promise significant enhancements to business models in terms of both driving competitiveness and revenue growth through the deployment of digital strategies and technology platforms. However, as reported in the World Economic Forum Global Risks Report for 2019, technology also continues to play a profound role in shaping the global risks landscape, with cyber attacks remaining one of the top 5 global risks in terms of likelihood.

Along with email spam, phishing, and malware, DDoS attacks remain a persistent blight on the Internet. Technically sophisticated attackers using automated methods for launching attacks have escalated an occasional but often severe nuisance into a widespread, ever-present and constantly worsening threat. Corero's Full Year 2018 DDoS Trends Report shows the average number of attacks per customer was up 16% over 2017.

Financially motivated criminal organisations and nation state actors bent on cyber warfare have combined forces with malicious hackers to pool knowledge and experience to launch increasingly complex, multi-vector attacks that are more difficult to detect and mitigate. The vast majority of DDoS attacks are still either volumetric in nature - consuming a high percentage of network bandwidth - or focused on exhausting protocol-processing resources in the host systems under attack. Both types are highly effective in knocking out Internet applications and services, for minutes to sometimes hours and with negative consequences for service providers, businesses and consumers.

Attacks are often launched utilising large-scale botnets that attackers create by hijacking poorly secured endpoints, including servers, PCs, laptops and, in recent years, consumer IoT devices such as webcams. The majority (according to Verizon, over 75%) still leverage amplification techniques that jack up attack intensity by exploiting vulnerabilities in Internet services and host systems to increase the flood of traffic directed at targets.

The vast complex of public networks spanning the globe is constantly growing and evolving, reaching into every corner of society. New users, endpoints and networks come online every hour of every day, presenting bad actors with a constantly expanding surface with new targets potentially vulnerable to attacks or exploitable for launching them.

Internet evolution is shifting the DDoS battlefield in two directions: out towards the rapidly growing IoT edge and up into the hyperscale datacentres supporting the ever-expanding cloud.

Rapid IoT adoption is driving a proliferation of intelligent devices that will ultimately exceed the number of user endpoints. Machine-to-machine connections from the edge will power a wide range of IoT applications, healthcare, environmental sensing and "smart" infrastructure - cities, buildings, homes and vehicles. Cybercriminals have already hijacked consumer IoT devices to create large-scale botnets and emerging mission-critical IoT networks will become targets for potentially catastrophic DDoS attacks.

Cloud-based services supporting mobile apps, streaming video, e-commerce, SaaS and enterprise IT are growing at an astounding rate, deployed in massive hyperscale data centres consisting of thousands of servers, which are both targets for attack and potential launch platforms. Content delivery networks that are instrumental in scaling cloud service delivery, are also targets for crippling attacks that can disrupt services for millions of users.

Bandwidth at the Internet edge continues to scale up. Gigabit consumer broadband is here, now. Multi-gigabit wireless over 5G networks is just over the horizon. More bandwidth at the edge is driving more capacity in the backbone. Service provider Internet connections are moving from 10Gbps to 100Gbps. A faster edge enables higher intensity attacks, and fewer endpoints are needed to launch crippling volumetric attacks.

DDoS defence is still a never-ending battle. Attackers discover and exploit vulnerable hosts or services to launch attacks. Defenders monitor network activity to compile a catalogue of attack profiles that are then used to generate rules to detect and identify attacks to take the necessary mitigation actions.

Opportunities for Corero

Adoption of faster 100Gbps links

As transit providers start pushing tenants towards using fractional committed data rates on 100Gbps connections for cost and efficiency, versus two or more individual 10Gbps connections, we expect increased adoption of 100Gbps links. The challenge with faster 100Gbps links is that tenants can then be hit by up to 100Gbps of attack traffic, even if they are only subscribing to 20Gbps of regular capacity.

We anticipate demand for Corero's SmartWall 100G technology to accelerate as a result of this and increasing end-user service-level expectations resulting in the requirement for Service Providers, Cloud Providers and Enterprises to deploy DDoS mitigation technology upgrades. Corero's 100Gbps line-rate appliance ensures each 100Gbps connection can be automatically protected from DDoS, without impacting legitimate traffic.

5G will increase DDoS attack risk

Telecoms providers are in a race to rollout 5G services that will empower smart devices, IoT. The new telecommunications infrastructure required to enable 5G will bring a huge leap in the available bandwidth. This will enable end-users (both machine and human) to experience much faster access and downloads, and share more data across more devices.

Along with the benefits and opportunities come new cybersecurity risks. For example, as more powerful smart devices come online, the networks hosting these devices will have an increased attack surface, which makes them bigger targets for DDoS attacks. It also increases the opportunity for those devices to be harnessed for the purposes of launching damaging DDoS attacks against other targets.

5G will power more virtual reality, artificial intelligence, remote surgery and automated machinery, all of which will rely on highly available and low latency connectivity. Downtime or service disruption for networks that support these critical applications will become increasingly disastrous (or, at the very least, much less tolerated).

Any organisation which relies on the Internet for its business, needs to be prepared for the increased cyber risks that 5G brings. In particular, Internet Service Providers now face a significant challenge, securing their increasingly complex and exponentially faster networks in an era where DDoS attacks have grown in frequency and sophistication. It will be critical that they prevent DDoS traffic from disrupting their own network-based service offerings, as well as those of their customers.

Super-scale DDoS protection

Carriers and other Tier-1 Service Providers have traditionally adopted a bifurcated approach to DDoS protection, for reasons of cost and the practicalities of deploying the available protection solutions. This two-tier service results in only the smaller DDoS attacks being filtered out, with larger attacks being addressed by blocking all traffic headed for the target, taking them offline for the duration. This may have been more accepted in the past but, as organisations increasingly rely on their internet presence being available 24/7, this presents an increasing challenge for the providers.

Recent advances in the inherent traffic filtering capabilities of network routers, from vendors such as Juniper Networks, is enabling a new generation of protection. Security solutions can now leverage next generation router filtering to deliver super-scale protection directly at the perimeter of a network.

We believe that Corero is the first DDoS vendor to effectively leverage real-time infrastructure-based traffic-filtering, which is enabling protection to be extended to an unprecedented tens-of-terabits scale. Combined with Corero's highly automated approach, providers can deliver this super-scale protection at a price-point that was not previously possible.

Strategy

Corero's focus is to scale its revenue by focusing on the following priorities:

1. Scaling the business towards profitability

· Three-pronged go-to-market focus:

o Direct sales: Corero sales team focused on the SmartWall target market to leverage success to date

o Indirect sales: channel partner proposition

o Partner sales: close engagement with go-to-market partners such as Juniper and GTT Communications and development of additional relationships

· Channel leverage: Utilise Juniper channel partners given close alignment between Corero and Juniper's customer focus (service providers, cloud providers and digital enterprises)

2. Investment in sales and marketing to drive growth

· Sales investment to support growth plans

· Marketing spend focused on new customer sales lead generation

3. Maintaining competitive advantage

· Incremental product enhancements with stable R&D investment

o New DDoS attack defences

o New machine learning and artificial intelligence capabilities

Outlook

Corero enters 2019 following a year of solid growth in revenue and order intake and with a significant resale partnership agreement in place with Juniper Networks. The Board is confident about Corero's prospects in the short to medium term, with the DDoS mitigation market fundamentals remaining strong and market analysts forecasting double digit growth. Corero remains well-placed to capitalise on the market opportunities and generate future growth.

1 Recurring revenue comprises maintenance, support services and SaaS recognised revenue

2 EBITDA loss is defined as loss before depreciation excluding DDoS protection as-a-service assets depreciation which is charged to cost of sales, amortisation, financing, tax and unrealised foreign exchange differences on an intercompany loan

3 Restated as a result of a change in accounting policy related to the implementation of IFRS 15

4 Adjusted operating costs is defined as costs before depreciation excluding DDoS protection as-a-service assets depreciation which is charged to cost of sales, amortisation, financing, tax and unrealised foreign exchange differences on an intercompany loan

Consolidated Statement of Comprehensive Income

for the year ended 31 December 2018

Consolidated Statement of Financial Position

as at 31 December 2018

Consolidated Statement of Cash Flow

for the year ended 31 December 2018

Consolidated Statement of Changes in Equity

for the year ended 31 December 2018

1. General information

These consolidated financial statements are presented in US Dollars ("$") which represents the presentation currency of the Group. The average $-GBP sterling ("GBP") exchange rate, used for the conversion of the statement of comprehensive income, for the 12 months ended 31 December 2018 was 1.33 (2017: 1.29). The closing $-GBP exchange rate, used for the conversion of the Group's assets and liabilities, at 31 December 2018 was 1.28 (2017: 1.35).

The principal accounting policies adopted in the preparation of the financial information in this results announcement are consistent with those that the company has applied in its financial statements for the year ended 31 December 2017 apart from new standards which give rise to a change in the Group's accounting policies comprising IFRS 9 Financial Instruments and IFRS 15 Revenue from Contracts with Customers.

The financial information set out above does not constitute the Company's Annual Report and Accounts for the year ended 31 December 2018. The Annual Report and Accounts for 2017 have been delivered to the Registrar of Companies and those for 2018 will be delivered shortly. The auditor's report for the Company's 2018 Annual Report and Accounts was unqualified but did draw attention to the material uncertainty relating to going concern.

The Directors have prepared detailed income statement, balance sheet and cash flow projections for the period to 31 December 2020. The cash flow projections have been subjected to sensitivity analysis at the revenue, cost and combined revenue and cost levels. The cash flow projections show that the Group and Company will maintain a positive cash balance until at least December 2020. In addition, the projections and sensitivity analyses confirm that the bank loan covenants will be met for a period of at least 12 months from the date of approval of these financial statements.

On this basis, the Directors have therefore concluded that it is appropriate to prepare the financial statements on a going concern basis.

However, the ability of the Company and Group to achieve the future profit and cash flow projections cannot be predicted with certainty. Failure of the Company and the Group to meet these projections and deliver revenue growth may adversely impact the achievability of the bank loan covenants which may result in the bank loan being required to be repaid before the maturity date if the revenue covenants are not met and cannot be renegotiated. This would adversely impact the Company and the Group's working capital position and would require the Company to raise additional funding, with no guarantee such funding would be secured.

Taken together, the achievability of the projections and availability of additional funding if required indicate a material uncertainty that may cast significant doubt on the Group's ability to continue as a going concern for the foreseeable future.

The financial statements do not include the adjustments that would result if the Group and Company was unable to continue as a going concern.

The auditor's report did not contain statements under s498(2) or (3) of the Companies Act 2006.

Whilst the financial information included in this results announcement has been computed in accordance with International Financial Reporting Standards (IFRSs) this announcement does not itself contain sufficient information to comply with IFRSs.

The Annual Report and Accounts for the year ended 31 December 2018 are available on the Company's website www.corero.com/investors.

The information in this results announcement was approved by the board on 10 April 2019.