Falanx Group Ltd (LON:FLX), the AIM listed provider of cyber security services, has announced its audited results for the year-ended 31 March 2022.
Financial highlights
| • | Revenues £3.54m (2021: £3.12m), an increase of 14% |
| • | Closing Monthly Recurring Revenues (“MRR”) 25% greater than prior year |
| • | Gross margin increased to 41% (2021: 33%) following the rationalisation of cyber security monitoring technology platform and much improved professional services utilisation |
| • | Reduction in adjusted EBITDA* loss to £1.27m (2021: £1.35m) |
| • | Loss per share from continuing operations 0.37p (2021: 0.75p) |
| • | Overall profit of £1.48m (2021: loss £3.55m) following the disposal of the Assynt Strategic Intelligence division (“Assynt”) in October 2021 |
| • | £2.5m of debt raised from BOOST&Co |
| • | Cash balances at 31 March 2022 £3.5m (2021: £0.55m), the vast majority of HMRC COVID-19 backlog paid down in the year |
| • | Shareholders’ funds £4.35m (2021: £2.73m) |
Operational Highlights
| • | Strategic focus on the high growth cyber security market including expansion of sales and marketing capabilities, product development and automation capabilities |
| • | Restructured sales function with the creation of dedicated team focussed on winning new clients, channel growth and creation of further recurring revenue streams |
| • | Initial launch of mass market Cyber Security Assessment tool – f:CEL (Cyber Exposure Level) |
Post Period Highlights
| • | Strong growth in sales pipeline (**) to £6.0m as at 22 September 2022 (1 April 2022: £4.1m), including MRR pipeline increasing in the same period from £1.7m to £4.0m |
| • | 18% growth in sales orders for core offensive and defensive services in the first five months of FY23 compared to FY22 |
| • | Ongoing investment in focussed and controlled sales growth |
| • | Launch of new Retained Incident Response (“R-IR”) and Continuous Vulnerability Scanning (“CVS”) services |
Mike Read, Chief Executive, said:
“We are delighted that the demand for our cyber security services continues to grow. In addition to the recent high profile cyber security concerns, we are seeing even more attacks on Small to Medium size Enterprises (“SMEs”). These SMEs often receive initial support via their trusted IT providers (who are not Cyber Security specialists) and hence these are the channel for our cyber services. Therefore, we have added some key new partners to our existing base to expand our reach into these IT providers. This, together with strengthened marketing, increased PR and hard work from the sales and marketing team, has resulted in a significant increase in our pipeline and today it is in excess of £6.0m – 2/3rds of which is for our MDR Services.
“Within the Company, it has been a challenging backdrop as we came through the pandemic, sold our Assynt strategic intelligence business and raised our first significant round of debt. This has allowed us to focus on the cyber business and reposition accordingly. The Falanx team is very focused on growth in a buoyant market and, whilst H1 of FY23 revenues are expected to be similar to the same period in FY22, orders for our core services are already up by over 18% and we are expecting further growth in orders for the second half of FY23, and with ongoing significant growth thereafter.
“We are well financed and expect our existing financial resources to be sufficient to see us through to profitability.”
(*) Adjusted EBITDA is a non-IFRS headline measure used by management to measure the Group’s and divisional performance and is based on operating profit before the impact of financing costs, IFRS16, share based payment charges, depreciation, amortisation, impairment charges and highlighted items. IFRS16 is excluded so that the underlying rental costs of the premises are reflected in this metric.
(**) Pipeline is the total contract value of all current sales prospects with a potential to close in the current financial year.
The Company will post its report and accounts onto its website (www.falanx.com) for the financial year ended 31 March 2022 together with its notice of AGM shortly and these will be available to download in accordance with AIM Rule 20.
Chairman’s Statement
I am pleased to present your Company’s Annual Report & Accounts for the year ended 31 March 2022 (“FY22”).
I am delighted to report that the high growth cyber sector market became Falanx’s sole focus through the successful disposal for cash of our non-core Assynt business intelligence division in October 2021 for an enterprise value of £4.6m. I am also pleased to report that our cyber revenues have resumed their growth trend in the period under review, along with improved gross margins. We are also now well financed with the cash resources needed to fund our organic growth plans.
In last year’s annual report, I highlighted the enormous opportunity for Falanx in cyber security, with its powerful social, technological, economic and regulatory drivers, especially with the growing threat of ransomware attacks and data thefts. Cyber security attacks have increased by over 30% in the last year and are showing no signs of receding. These factors, combined with recessionary pressures, create an environment where cyber-attacks and cybercrime will become even more prevalent, and organisations must step up their defences or suffer the potentially devastating financial and reputational consequences. Whilst inevitably exposed to the issues of the wider UK economy, we expect that this growing threat will require organisations to further invest in cyber security services and technologies.
Falanx is very much a service, as opposed to a technology development, company. Our focus is therefore on delivering client solutions as opposed to investing in the development of new technologies.
Falanx has become a trusted cyber security corporate advisor. This has been achieved by providing incisive and objective assessments of an organisations’ cyber resilience position. In turn, this often results in us providing clients with monitoring services on a recurring basis under long term contracts thereby increasing the Company’s contractual monthly recurring revenues.
The successful disposal of the Assynt division has provided us with the capital to fulfil our expansion plans for our cyber security business, specifically investing in our sales and marketing capabilities, product development and infrastructure to support this high growth opportunity. Our cash position has been further strengthened by the £2.5m loan received from BOOST&Co in October 2021, and all of this has been achieved without shareholder dilution.
Whilst our underlying cyber business is fundamentally solid, the significant investments we have been making and will continue to make, as outlined above, are already making a difference in terms of additional sales, creating a wider and more effective partner base as well as innovative service developments. We are optimistic that this investment will generate significant growth in the next year as sales momentum builds.
Approved by the Board on 28 September 2022 and signed on its behalf by
A Hambro
Chairman
Chief Executive Officer’s Report
Falanx is a provider of Offensive and Defensive cyber security services, which protect around 400 customers worldwide. Customers include Managed Service Providers (“MSPs”), IT providers, public sector organisations, large multinationals and SMEs.
Attack
These are our Offensive Services and are primarily centred around Penetration Testing / ethical hacking (“PT”). Our comprehensive portfolio of PT services covers a wide range of skills and techniques which we use to emulate potential attackers looking for vulnerabilities in our client’s infrastructure. These services are provided under a traditional professional services business model with a mix of day rate and fixed price contracts. This service benefits from a high level of repeat business, long term relationships and has negligible churn. We have provided these services to nearly 400 customers over the last four years, many on an annual repeat basis.
Defend
Our Defensive managed services are provided by our Security Operations Centre (“SOC”) based in Reading. The SOC operates a 24/7/365 service, continually watching our customers’ IT estates, looking for unusual items which may be a sign of a cyber-attack or data theft. To achieve this, we monitor billions of client’s log events, such as a user logon, each week and distil this down, via AI and our assembled skills, to the few actionable items which must be alerted to the client. Our growing client base, and the move to the online world has grown the number of log events by over 150% compared to previous years. This service is supplied on a monthly recurring basis and has a largely fixed cost base of people and infrastructure with some licence fees as a function of client volumes.
Protect
Through both our Offensive and Defensive services, we help our customers to protect themselves against cyber-attacks. Through the use of either or a combination of both Attack and Defend, we inform our customers as to their strengths and weaknesses, so that they can be better protected against hostile threats. To help SMEs understand their exposure to these threats, we introduced our Cyber Security posture scoring, f:CEL (the falanx Cyber Exposure Level). Through this self-service evaluation tool, customers can understand their weaknesses and see recommendations as to what they can do to improve their posture, all in a matter of minutes.
Sales performance
Our sales performance in FY22 was achieved with a smaller team than in previous years, and despite this, sales orders were broadly similar at £3.3m (2021: £3.4m). Individual sales productivity increased by over 15%, and average spend per customer grew by 5%. In total, the Company received 369 (2021: 384) individual sales orders from 205 customers (2021: 225) out of a wider active client base of around 400. This includes 45 new clients won in the year. We have increased the number of clients who have been using both Offensive and Defensive services, and this remains an opportunity for significant further contract wins for monthly recurring revenue (“MRR”) generation. The team was expanded towards the end of the financial year, and this is discussed below in the sales execution strategy.
Operational performance
Following the development of our XDR / MDR service (“Triarii”) last year, we migrated our client base to it from previous platforms during the first half of FY22. This, combined with a stronger sales performance and much improved utilisation levels, enabled our cyber security business to record an adjusted EBITDA profit in the first half of FY22 following a loss in FY21. Since then (and as a result of the proven baseline profitability model for cyber) we are carrying out our planned investment in the cyber business.
The SOC experienced some managed churn during the year, typically from older contracts which required on-premises solutions as opposed to our cloud-based strategy. This technology consolidation enabled both a much more efficient service and a greatly enhanced client experience. We have now moved to a predominantly cloud-first environment, and we continue to develop our offering as the market evolves. We are now both well aligned with the market and able to push ahead with our high growth plans.
Cyber security growth strategy
The solid base that we have built for future growth is fully supported by the financial resources generated from the disposal of Assynt in October 2021 and the facility provided by BOOST&Co. This has allowed us to invest in the high growth phase, with significant additional resources across the business, but particularly in sales and marketing. Our goal is to more than double the size of our business organically, and we have adopted the strategies set out below to achieve this goal.
Sales execution strategy
We have operated two functional sales areas – the pre-existing team as Business as Usual (“BAU”), which is predominantly direct business, and a new team assembled under the Net New Names (“NNN”) designation. This team is dedicated to winning new clients via both channel and direct models and their key task is to grow our Defensive SOC services leading to enhanced MRR. Nicola Hartland, an established cyber security entrepreneur, joined us towards the end of the financial year, to lead the NNN team and they have been solidly building an incremental pipeline of opportunities.
Our Partner Engagement Model has been restructured with the objective of generating regular deal flow across the mix of our Tier 1 and Tier 2 partners. Tier 1 partners generally require a higher level of attention, and our aim is to target £1m business per annum from each such client, limited to six overall. Tier 2 partners provide us with similar sales opportunities, but these are likely to be smaller in volume. We are actively trialling the use of co-funded resources within partners to demonstrate their commitment to expanding Falanx, thereby creating a larger and more diverse sales team dedicated to selling Falanx services. Through this restructured partnering model, we are no longer dependent on a single channel opportunity to drive our growth, instead spreading that opportunity across a broader network.
NNN’s focus on partners is specifically to grow MRR from SOC and associated services with an approximate 75% / 25% emphasis on Defensive (SOC & MRR) versus Offensive (i.e., Penetration Testing) services – almost the exact opposite (and therefore complementary) to our BAU team.
The use of f:CEL as an on-ramp tool, as well as a revenue opportunity in itself, is being well received for its completeness, ease of use and digestible output and recommendations. We have begun development of f:CEL ‘2.0’, in which we will bring together all customer feedback from engagements so far. This will create an even more complete product and compelling use-case across a variety of industry sectors, including insurance and IT services and the sale of our cyber security offerings through channel partners.
As we focus in on our core offerings (SOC and PT), we have chosen to exit from any low-margin, non-core legacy consulting contracts and we expect to replace their margins from further SOC sales.
Service Innovation Strategy
As a service business, we focus on service innovation and delivery excellence and not on the development of proprietary technology. This allows us to use the most appropriate technology to deliver for our clients, whilst not carrying the development overhead. This means that we can invest in client delivery as opposed to developing solutions which are already provided by (often much larger) technology companies. We will develop functionality in certain niche areas (for example f:CEL), although this is built on standard technologies. As we are technology agnostic, we can explore additional managed services with new, strategic partnerships as well as opportunities to generate significant returns.
We are further expanding our services portfolio based on customer demand and feedback to drive incremental revenues. This includes the previously announced Continuous Vulnerability Scanning (“CVS”) service and the Retained Incident Response (“R-IR”) services. These complement our ad-hoc IR service and provide SLAs and guarantee our availability to support our customers when an incident occurs.
Our targeted MRR growth is planned to move the SOC to being cash generative on a stand-alone basis, and this will improve our overall margins. Our SOC currently has the necessary infrastructure (typically with a fixed cost), and therefore significant operational leverage, and we expect incremental sales to further improve performance. We are looking to make further automation investments aimed at improved client delivery and margin improvement.
As a knowledge-based business, we continue to attract and retain experienced and expert resources across all functions of the business. All attracted by the attractive growth opportunities in front of us as well as our excellent culture which offers support, training and career progression opportunities to people with much sought-after skills.
Post Period update
The NNN team is now established and consequently the overall cyber sales pipeline is now building on a weekly basis, and it is already at a record value of £6.0m (£4.1m on 1 April 2022). This also represents growth of 46% in the current financial year, and very significantly the pipeline is now 66% MRR compared to 40% in April 2022 (and 17% in April 2021). Our team has a high energy level and a strong execution focus and as well as building new partnerships, our existing relationships have been revitalised and expanded. Sales orders for our core services in the first five months of FY23 were 18% ahead of the same period in FY22. This includes five new MDR deals which we sold, with a total minimum contract value of over £0.2m, with the potential for significant expansion and extension beyond this. Three of these MDR deals were signed in August 2022 when we also signed up two new Tier 1 partners. Furthermore, we have also won our first four clients for CVS and also sold more than 1000 f:CEL licenses.
Outlook
Our previous investment in Triarii has transformed our customer delivery in the SOC. We have a highly relevant set of services which are well aligned to client needs in a growing market. Our focus is now on growing market share, and we are achieving this through indirect and direct routes. Since Falanx became a pure play cyber business in October 2021, we have invested in an expanded sales and marketing capability, and this is now starting to deliver results. We have new partners on board and they are already generating sales from a strong pipeline of potential business. Our penetration testing business remains strong, and we have a growing customer base of around 400 organisations, which provides us with a good basis for cross selling of MRR generating services. With the conversion of this pipeline, which is now underway, and the planned cessation of certain spends incurred in the first half of FY23, we expect an improving financial performance in the second half of FY23.
Falanx is now firmly in growth mode, and our objective, which we are confident we will achieve, is to generate very significant, organic growth over the coming months and years. We are well financed and expect our existing financial resources to be sufficient to see us through to profitability.
Approved by the Board on 28 September 2022 and signed on its behalf by
M D Read
Chief Executive Officer
Chief Financial Officer’s Report
Financial Review Continuing Operations
Revenue
Group revenues increased by 14% to £3.54m (2021: £3.12m). This was partly due to the recovery from the COVID-19 period and the consequential significant increase in professional services revenues which benefitted from much stronger utilisation levels. Recurring revenues from monitoring contracts were consistent with the prior year at £0.86m. Contract wins for monitoring business increased towards the end of FY22, with monthly recurring revenues growing by approximately 25% across FY22. This was despite a deliberate move away from legacy ‘on premises’ contracts serviced under the previous monitoring platforms to an all-cloud delivery on Triarii.
The pipeline of potential sales increased from £2.8m in August 2021, to £4.1m at the start of April 2022 and is now approximately £6.0m. The pipeline is the total contract value of all current sales prospects with a potential to close in the current financial year.
Cost of sales
This comprises of both people cost related to the delivery of customer services related to penetration testing, SOC monitoring and consultancy, as well as external software licencing and data services related to their delivery.
Gross margins
These strongly recovered in the year to 41% from 33% in FY21. This reflected much improved professional services utilisation following the end of COVID-19, and the benefits of moving to a single monitoring platform with lower external licence fees.
Operating costs
| £’000 | 31 March 2022 | 31 March 2021 |
| Gross margin | 1,443 | 1,017 |
| Underlying operating costs* | (2,715) | (2,367) |
| Adjusted EBITDA loss | (1,272) | (1,350) |
| *Analysed as | ||
| Sales and distribution | 1,706 | 1,463 |
| Corporate | 1,009 | 904 |
| 2,715 | 2,367 |
Underlying operating costs, were £2.71m (2021: £2.37m). The prior year benefitted by approximately £0.2m from COVID-19 related cost reductions (including salary sacrifice schemes and furlough), and the balance of the increase arose from investment in sales expansion post the disposal of Assynt in October 2021. Average headcount was 51 (2021: 55).
Share option charges
Share option charges were £0.02m (2021: £0.18m) with the comparative period reflecting the issue of share options under the COVID-19 salary sacrifice scheme.
Adjusting income items
As in previous years, highlighted items to credit adjustment on rental costs to exclude the impact of IFRS 16 on the Reading lease of £108,000 (2021: £108,000), with the prior year reflecting some restructuring which was mainly as a result of COVID-19.
Adjusted EBITDA
Adjusted EBITDA loss for the year was £1.27m (2021: £1.35m) after adjusting for the items highlighted above. Overall reported EBITDA loss (excluding share option charges) was £1.16m (2021: £1.34m) after adjusting for highlighted income.
Depreciation, amortisation, and impairment
This charge was £0.6m (2021: £1.9m). Customer intangible amortisation was slightly reduced to £0.25m (2021: £0.29m) following the completion of the amortisation of Securestorm. The impairment of goodwill (£0.13m) related to that acquisition of Securestorm being impaired in full, and the prior period reflected the £1.44m impairment of the investment in Furnace Technologies which was spun out of Falanx in December 2019. The amortisation of the right of use asset represents IFRS16 charges arising from the Reading office lease and was £108,000 in each year.
Operating loss
The operating loss reduced to £1.78m (2021: £3.45m) with £1.44m of the reduction arising from the impairment of Furnace which was reflected in the previous year.
Financing costs
Net financing costs were £0.2m (2021: £0.03m) of which £0.17m represented interest payments (including amortised costs) on the £2.5m loan drawn down between August and October 2021, with the remainder representing financing costs associated with IFRS 16: Leases.
Discontinued operations
On 6 October 2021 the Group disposed of the Assynt strategic intelligence division to focus on growing the cyber security division. The division recorded revenues of approximately £1.03m during the period (2021: £2.12m) and an adjusted EBTIDA loss of approximately £0.05m (2021: profit £0.10m). The purchaser was an organisation backed by US private equity investors. The terms of the transaction were an enterprise value of £4.6m payable in cash, adjusted for approximately £0.5m of working capital (mainly related to deferred incomes). Of this £0.35m is held in escrow until October 2022, and as of the date of this report the board is not expecting any claim against this. Overall, following advisory transaction costs including contingent success related items based on value achieved, the transaction produced a profit of £3.46m.
Result for the year
The overall result for the year was a profit of £1.48m (2021: loss £3.55m) due to the gain on the disposal of Assynt. Earnings per share were 0.28p (2021: loss 0.77p). The loss per share from continuing operations was 0.37p (2021: 0.75p).
Statement of Financial Position
Non-current assets
Goodwill arising on the acquisitions of Falanx Cyber Defence, First Base and Securestorm was £1.72m (2021: £1.85m) with the difference relating to the impairment of the entire balance of £0.13m related to Securestorm due to its small customer base and non-core nature of consultancy services.
Customer relationships from First Base were carried at a total of £1.42m (2021: £1.68m) with the reduction mainly arising from the 10-year straight line amortisation of this asset. The Group’s non-current assets also include the future value of the five-year lease (commenced July 2019) of the Reading premises of £0.25m (2021: £0.35m). A creditor of £0.15m (2021: £0.25m) is carried to reflect future liabilities and £0.10m (2021: £0.09m) are included in current liabilities. Fixed assets which include furniture, plant and equipment were £0.10m (2021: £0.16m).
Working capital
Trade receivables fell from £0.68m to £0.52m with the prior period reflecting Assynt balances. Cash collections were strong, and average debtor days for that division were 31 vs 47, and no bad debts were experienced in the year.
Other debtors (including prepayments) increased to £0.67m (2021: £0.39m) due to the £0.35m held in escrow till October 2022 relating to the disposal of Assynt.
Trade and other payables fell to £0.80m (2021: £1.59m) mainly due to the repayment of £0.62m HMRC deferred payments from the prior year in response to COVID-19 as well as the impact of the disposal of Assynt. HMRC is fully in terms on all liabilities, both current and agreed deferred payment plans, with only trivial amounts remaining outstanding on the latter.
Contract liabilities (deferred incomes) fell from £1.11m to £0.53m due to the disposal of the Assynt, which had a high level of advance payments from larger customers which were received before the year ended 31 March 2021. Contract liabilities in the ongoing cyber security business increased from £0.46m to £0.53m reflecting the growth in business volumes.
Non-current liabilities
Between August 2021 and October 2021, the Group drew down a loan of £2.5m from BOOST&Co. The principal terms of the loan are:
· 11% interest rate, secured over Group’s assets fixed and floating charge
· Amortisation commencing over 4 years from October 2022
· No covenants or equity components
It is recorded at amortised cost under IFRS, and this increased the overall non-current liabilities from £0.31m to £2.25m.
Capital structure
During the year approximately 0.5m employee share options were exercised and consequently there were approximately 526m shares in issue at 31 March 2022. No other equity issues took place during the year.
Following the general meeting held in February 2021 and the reduction in the share premium account, a special non distributable reserve (the “2022 Liabilities Reserve”) was credited with £1.0m. This is expected to be released back into retained losses in December 2022.
Overall, on 31 March 2022 the Company had approximately 76.7m (2021: 83.9m) employee share options and warrants outstanding representing approximately 14% of the issued capital.
The Group continues to rationalise legal entity structure to best align it with the current opportunity as well as to reduce costs and streamline tax management. The Group’s incorporation status as a BVI entity is a legacy of its pre 2013 IPO business plan and the Board will review moving it to a UK status at an appropriate time, considering the significant professional fees which would be associated with such a change. The Group’s memorandum and articles of association were revised in March 2019 to align with UK incorporated entities more closely. The Group is fully resident and registered in the UK from a tax perspective. Since the disposal of Assynt, the Group only operates through two main legal entitles as opposed to seven before, including four overseas companies.
Total equity
The profit on the disposal of Assynt enabled the total equity position to increase to £4.35m (2021: £2.73m).
Statement of cash flows
Cash balances were significantly strengthened to £3.48m (2021: £0.55m) by the disposal of Assynt for cash and the drawdown of the loan from BOOST&Co referenced above. This enabled a return to a normalised working capital position following the COVID-19 period and the repayment of HMRC liabilities. Overall cash performance remains closely correlated to operational EBITDA.
Post Balance Sheet Events
On 22 June 2022, the Company signed a deed of variation for the lease for the premises in Reading. The lease was varied to delete the break option and reduce the principal rent by 50% for the period from 1 August 2022 to 31 July 2023.
I R Selby
Chief Financial Officer, Falanx Group
