Good afternoon, everyone, and welcome to the F-Secure Q4 2021 Results and Demerger Webcast. We have people here at the F-Secure offices and also online. Welcome to everybody. This session is estimated to take two hours, and the chat will be open the whole time. Questions this time will be taken at the end of the full presentation. Please keep sending those in. This is a special session that there are a few more speakers, and I will hand over to you, Juhani Hintikka, our CEO, to take it from here.
Thank you, Sini, and welcome on my part as well. Historic day, both covering the Q4 results but also talking about the demerger announcement from this morning. We have foreseen a two-hour session, and we will have here present with me Risto Siilasmaa, the Chairman, the Founder of F-Secure, Tom Jansson, our CFO, and then Timo Laaksonen, heading Consumer Security and the candidate to be the CEO of the new F-Secure Consumer Security. In terms of the agenda, we will first dive into our Q4 highlights as usual. That session will be facilitated by myself and our CFO, Tom Jansson, who will join me on stage at some point. We will discuss the partial demerger.
Risto Siilasmaa will start that session, and then he will hand over to me, and then I will in turn cover, after that also the WithSecure in more detail and then hand over to Timo Laaksonen, who will talk about the future F-Secure consumer. Let us get started on Q4 highlights, first of all. Key takeaways from Q4. As we say here, relatively strong performance to finish the year. Group revenue grew by 6%, driven by 18% growth in corporate security products. As a reminder, corporate security product encompasses the product portfolio called Elements, as well as our Countercept solutions, managed detection and response business.
Our annual recurring revenue, which is an important metric for us as we increasingly are moving towards a fully cloud-based, SaaS-driven business, grew by 34% year-on-year, amounting to EUR 60.9 million in terms of revenue. We're very pleased with this development and clearly see that we have momentum here. We would like to accelerate the rate of this growth further, and we'll continue to invest in managed detection and response and Cloud Protection for Salesforce in particular. The revenue of our cybersecurity consulting decreased by 6%.
It's been a challenging year for cybersecurity consulting, both in terms of the overall market, where there's been lots of, first of all, challenge initially by the pandemic, and later on, we've seen a lot of movement in the industry, a lot of attrition that the companies have been tackling, and that we haven't been immune to that either. On a full year basis, our cybersecurity consulting was still growing. Our consumer security continued the good performance that we have seen. Revenue grew by 5%, largely in line with the market growth, and we have seen a steady development there, and we will cover that in more detail a little bit later. As said, today we announced a demerger plan. That is, of course, a major event for us and in the company's history.
We dive deeper into that, but in short, of course, the reasoning for that is based on us being able to serve our customers and partners even better, and of course, we want to support our shareholder value creation by this move. If we then look at the revenue in Q4, and here you see the comparative figures in the left-hand side from 2018 all the way to 2021, and you see a nice growing development there and 18% growth on a year-on-year basis between the quarters, as I mentioned earlier on. I would especially like to mention here also, in terms of the Elements portfolio that we have talked about before, in our Business Security business, the EDR offering is developing nicely and has contributed well in the overall growth.
In terms of our Countercept business, several important deals were signed in key verticals. That, as a repetition, is a business where we take our own detection and response platform, and we manage it for our customers. Those are typically larger enterprises, but still enterprises that require external help in terms of their overall cybersecurity operations. We complement their team, and we there made good progress continuing the momentum we have had been increasing towards the end of the year and continue to see strong sales performance, especially in Germany, U.K., and the U.S. As said, consulting was impacted by attrition. Here you see the whole year figures, and here you see also the historic development of that business, since the majority of that business of course dates back to the acquisitions we made back in 2018.
In Q4, revenue decreased by 6%, and of course, here, as said, the attrition has been a factor. We have been, on the other hand, very successful in our recruitment efforts, and that has been a clearly successful mitigating action. This of course continues to be a focus item here. Here specifically, I would like to mention that we have also done a bit of focusing in this business. We have divested a specific public sector business handling a specific group of customers in the U.K. We haven't stopped serving the public sector in any way, but this concerns a certain customer group there. Then we have also announced that we have divested a subsidiary in South Africa that was handling consulting business.
Reasoning for these changes is the increased focus that we also want to have in this business. In consumer security, as mentioned, 5% growth on a year-on-year basis in Q4. Whole portfolio contributing to the growth, new partners signed up, and I would especially like to mention the progress we have made with our Total offering, which, as you may remember, is an offering that comprises several applications underneath with making it easier for the consumer to just select and activate the needed applications and thus enhancing our security experience as a whole. We have also signed two new SENSE deals. SENSE is the router product you may remember we ramped up, and that is one of the new areas where we are foraying providing this security solution together with our partners.
Revenue from our direct sales business was at the previous year's level. I will now hand over to our CFO, Tom Jansson. Tom will walk us through the numbers, and then I will continue again after him. Over to you, Tom.
Thank you very much, and good afternoon from my part as well. A short recap of the numbers we announced today. You can see Q4 growth, as Juhani also already mentioned, 6%, and that was really accelerated by our development in our corporate security products that had a good performance in Q4. Then if you look at the full year basis, we grew 7%, EUR 236 million in revenue. Adjusted EBIT on a similar level than last year. We continued to have quite a bit of IAC cost that you can see also from the non-adjusted numbers. As you can understand, today's announcement has generated quite a bit of those as well.
If you look at the net debt, continued to be strong or improved from last year, and that's obviously due to a fairly strong cash flow development as well. Cash flow some deviations to last year due to some larger deals in at the end of last year, which affected the comparable numbers quite significantly. Personnel on a similar level than at the end of last year. This is what we have shown historically, the deferred revenue. Maybe a good reminder though that we said that we had a record order intake that doesn't fully reflect in the deferred revenue. Deferred revenue is only the part that we have invoiced so far, so our order backlog obviously is better than this.
Just a reminder for those who model our numbers. Our last slide on this part, so just a recap on what we had promised the market, and obviously we fulfilled all the outlook criteria that we had put on the market. Some of you probably remember that we also gave a positive adjustment on the corporate security products in December, and that was also at the end, we came in at 11% growth compared to last year. Finally, as it's very natural in this situation, we will not give a guidance for the group for this year at this stage. We will come back to that later in the year when the demerger process has gone a little bit further.
With that, we will close the Q4 part of today, and we will come back to the questions then at the end within the Q&A section. Now I would invite our Chairman and Founder, Risto, to the stage to talk about the demerger news.
Thanks, Tom. It's good to be here on this, what I feel is a very historic day. I have been in the company for over 30 years, and when we started with our product business, we had the same product for our consumer customers and our corporate customers. The world was pretty simple from the cybersecurity threat point of view back then, almost 30 years ago. Since then, the markets have diverged significantly, and especially the corporate market has very, very challenging requirements, and they are facing very challenging threats. The common ground between these two businesses have grown significantly smaller. The two businesses also look very different, and I'm actually very proud of the work that has been done in the company over the last several years to create what I feel are sort of two hidden diamonds.
Two hidden diamonds. On the corporate side, we have an ARR business, a SaaS cloud business that is growing rapidly, and the growth of which has increased over the past few years. We have achieved a level of EUR 61 million ARR at the end of last year with easily over 30% growth. On the consumer side, we have a Rule of 40 business. Business that is highly profitable and growing. You could say that on the corporate side, we have a growth engine with capacity for profitability, and on the consumer side, we have a profitability engine with capacity for growth. They are, in a way, reflections or mirror images of each other. The opportunity for us internally is to have full focus on the requirements of each business, and those requirements are quite different.
We believe that we'll be nimbler, faster, simpler, and those are all important drivers for this decision. We have been contemplating for years when would be the right time to do this, and you can ask, why now? Two reasons. One is that both businesses are sizable enough. We are over EUR 100 million in revenues in both, and we also experience very good traction in both businesses at the moment. We believe that we can benefit from the added focus and faster pace and simplicity in both businesses right now. We can serve our customers and partners better through this demerger. We can really focus on the growth potential and create the right brands for our customer groups. We can execute faster, we can achieve better competitiveness, and we can do capital allocation in the way that fits the needs of those businesses.
We can explain what we are doing to our shareholders and our employees and to our customers in a much more clear way. On the corporate side, we have business with a revenue of EUR 130 million, and in that business area, the key metric for valuations is EV/Sales. That's a good reflection of the growth characteristics of that business area. Again, on the other side of the fence, on the consumer side, people typically don't value the peer group based on sales multiples, but they use profitability multiples. This is again a good example of the difference of the two businesses.
Having them in the same corporation has sort of made us look as an average of an average to the outside, and now we can be very focused on the business model that we have chosen on both sides of the fence. The timeline going forward is such that we expect to be trading as two independent companies on the first of July. Before that, we'll have an extraordinary shareholder meeting during the spring, and we expect to be able to explain further what we are going to do over the next few months and look forward to answering your questions and having discussions with our shareholders on the opportunity that we foresee ahead of us. With that, I'd like, for the first time ever, to ask Juhani to introduce WithSecure, the corporate side of the business to you.
After that, Timo will then introduce the consumer side. Thank you very much. Juhani.
Thank you, Risto. It is a great pleasure to be here now in the capacity of the future CEO of WithSecure and to be also talking about the new brand that we are so excited about. This is brand itself is a result of a process that started already around last summer or even slightly before that one and we are very pleased with the outcome and pleased with the ability to introduce that. We will officially launch the brand name after the decision to change the name has been taken, which is foreseen to happen in March. Let's look at the company. What does it look like in a nutshell? We share the same history with the consumer side, over thirty years of history that Risto talked about. We're very proud of our heritage.
It's something that is a good foundation, both in terms of our technology, but also in terms of culture and the things that unite us also going forward. EUR 130 million of revenue. We believe that we're over the critical size, and it makes sense for us to contemplate this move now at this time. Over 1,300 employees, and which, of course, is explained by the fact when we compare the two parts with the fact that we are also having lots of consultants at our company. Of course, consulting work is people-driven, so that constitutes that number. Over 7,000 partners, an important part of our network.
We work with our partners on a daily basis, and that, of course, has been a cornerstone of our success now, and we foresee it to be going forward as well. As said, getting to EUR 61 million of cloud solution ARR, that is not our total ARR, which is higher. It's around EUR 90 million. But this is the ARR that is coming from those solutions that are natively cloud, as we say. EUR 150 million of order intake and 1.28 book-to-bill ratio. Healthy numbers to be opening up the year 2022. In terms of the products versus services, here you see the division. We have 64% of the revenue coming from products, 36% coming from consulting, and then followed by the geography. We are, as you see, a very European/Nordic company.
Over 70% of our revenue is coming from that area. Outside of that, we have North America, 8%, and rest of the world, where I would highlight, for example, Japan, which is an important market for us already. WithSecure as an investment, well, if we look at the market where we operate, and we specifically talking about the corporate market here, we operate in a large and fast-growing market. The market is huge, and it's so big that actually we like to look at the market in terms of the categories and segments that we serve. Our strategy clearly is to focus on certain segments where we aspire to have a leadership position.
It is also a crowded market in a sense that there are lots of players in there, lots of big companies, and we think it's even more important from that perspective to carve out our own niche where we can have a strong value proposition, and that also creates the high retention we have been enjoying over the past times. We see fast growth already with our cloud solutions as described, and very importantly, I would like to highlight the connection there is between our consultants, consulting capability, and our product portfolio. We think it's imperative in this business that you actually have the visibility to what is going on in the market, what are the most complicated, most challenging cybersecurity problems that we go after and our customers are facing.
Distilling that knowledge forwards to productize services and parts of our product feature roadmap are important ingredients that we believe will help us make even more competitive in the future. We have the plan. You have heard about our ambitions in our statements. We have a growth strategy. Clearly, this is a growth play, and we want to take it now forward with even more momentum. The market in itself, coming back to what is driving the market growth and why is it so large? Well, clearly, as we speak in industry terms, we talk about the wide attack surface. It basically means that there's just so much data that is connected. Our customers are moving also in terms of their IT infrastructure. Many of them are in the process of transferring their operations to public cloud environments, for example.
That creates questions about the cybersecurity, and we are addressing those questions. We are addressing that complexity, and we also recognize that there is a competence gap in the market. Not everybody understands the intricacies of cybersecurity, nor should they. Many of our customers have totally different business priorities, but increasingly, all of them need to, one way or the other, tackle this, which is even more prevalent today than what it was yesterday, the increased threat that we see out there. We have the leading security technology and importantly combine it with our external expertise. Also, the reason why you actually need to have the expertise in the company is the fact that, well, simply there is not a ready product for every problem there is out there.
You need to also be able to be flexible and tackle problems also in a customized manner if needed. As said, the market is large. I mean, we're talking 2020 numbers, EUR 35 billion total market, and we are using here an estimation where we are looking at a 12% CAGR, taking it to EUR 61 billion. These are, of course, so large numbers that it's very difficult to kind of say something regarding that marketplace as a whole. We need to really look at what are the drivers for the different segments and what are the interesting different segments for us? We look at some of those drivers. Well, clearly, this market also is built on people talking about the cyber threats. Successful cyber attacks create, unfortunately, more cyber attacks.
We've seen the exponential increase in data volumes, facilitated also by the increased and improved network connectivity and the number of devices. That landscape is expanding, that landscape is becoming bigger, and that's the attack surface we talked about. Our clients, our customers require more assistance in these complex matters. We also see, as a consequence, there is an increasing willingness to pay for this cybersecurity solution engineering, if you like. Looking at our portfolio, this is describing now what we do at WithSecure. As said, we have the different Elements here. We have the Consulting, we have the Countercept, and we have the Elements, and then we have the Cloud Content Protection. With Consulting, our profile is to tackle the hardest security problems. These are the people you call when really, really difficult things need to be solved.
We have the Countercept business, which essentially is our detection and response platform managed by our own people as an annex to our customers' own security operations. That market is growing, and it is shaping. We have the Elements. That is our product offering, which is especially geared towards serving our partners, addressing the mid-market opportunity. It's not just the product, it is also the whole business system. It's complemented by the automation, the portals, the user interfaces that make it easy for our partners to operate, and also sometimes operate even without human assistance. We also have the business models that complement this, allowing, for example, a customer to pay on demand for the cybersecurity product.
We have the Cloud Content Protection, a very interesting and exciting part of the portfolio, which is growing fast. This is where we operate within the Salesforce ecosystem primarily today. It is the world's largest software ecosystem, and here we are clearly taking a forerunner position in serving customers in terms of their third-party content that they have brought into the platform, and we are doing this in partnership with Salesforce. Of course, all of this is based on the foundation we have in our company, our ability to process data. This is increasingly a data processing industry. We have also been investing in AI. Many people talk about it today, but we have been investing in AI for the past 15 years.
Of course, many other things that are now related to the technology development that has gone into our portfolio. Those cloud solutions that we're so excited about, couple of words about them. The Elements Cloud, which is the product portfolio, this clearly is something which has been designed for our partners and recognized as such by a leading analyst such as Forrester. We have the Cloud Content Protection, and there, our target audience increasingly has been the Fortune 500 companies, and we clearly see ourselves as a category leader in that space. We have the Countercept, which according to some externals like MITRE, is clearly demonstrating industry-leading capabilities in detecting advanced attacks. What does it mean in plain speak?
Well, it means that the focus has shifted from pure prevention of attacks into actually detecting and preventing attacks happening in the first place. Some of the figures you saw already, 34% growth in the cloud solutions ARR figures, very nice development. Would like to retain that momentum and even accelerate that. Here you also see the on-premise part. When you count both of these together, you get over EUR 90 million of ARR revenue for WithSecure. On-premise simply means that our software is run locally, not in the cloud as the rest of the portfolio. Here we clearly see also a shift from on-premise towards more natively cloud solutions we provide our customers and partners. Here also still breaking it down into what do those figures mean in terms of these three growing areas.
We have the Elements Cloud, we have the Cloud Content Protection, and we have Countercept. All of this powered by the world-class expertise we have, especially within our managed services and consulting organizations. To sum it up in terms of advantages, we have the cloud-native platform. We provide it as a service to our customers. It's backed up by the award-winning software and the value-adding services we have for our partners. We see ourselves as the top choice in terms of Cloud Content Protection. We have the unique combination of technology and highly skilled people that we deploy with Countercept. The deep insight gained through delivering proven security outcomes through consulting.
Now, there is a connection which is very concrete regarding this last one also, that in many instances, of course, we gain the trust of our customers through a consulting engagement, and then we quite naturally move into a more recurring business relationship with them over time. One of the questions that, of course, is related to WithSecure financials is the profitability. We have made an investment in terms of the technology itself, and now we are gaining momentum in terms of driving the top line, and we believe that this momentum with the advantages of scale will also then start impacting the profitability. We have foreseen to be profitable by the end of 2023.
To sum up our midterm financial targets, double the revenue organically by the end of 2025 and have adjusted EBITDA breakeven by the end of 2023 and adjusted EBITDA margin of some 20% by 2025. That concluded my part. That, ladies and gentlemen, was WithSecure world premiere for the first time, and happy to take your questions after Timo Laaksonen's part about the consumer security. Over to you, Timo.
Thank you, Juhani. Maybe not a world premiere presenting F-Secure, but maybe a world premiere for me presenting myself to this audience. A little bit about myself. I've been with F-Secure now for nine and a half years. Previously, I've run content cloud services, our consumer business in Americas for four and a half years based out of the U.S. The last two years, I've been working as the commercial head for our managed detection and response business unit. Now since September, I've been running the consumer security business unit. In my prior life, I've been working for startups, for bigger stock-listed companies in different kinds of executive positions in software business, mobile service platforms, predictive analytics, cloud services, and now most recently in cybersecurity. I spent 12 years of my life outside of Finland.
I consider myself to be a Finn with a Latin heart. Let's see if that works. On with F-Secure. We're a highly profitable and growing cybersecurity business. Here, F-Secure at a glance. On top of the line, you can see in a way the nature of the business that we are. We're a very service provider-centric in our go-to-market model, which has turned out to be an excellent choice for us in terms of being financially solid. We have about 170 service provider partners across the world, out of which 130 more or less are communication service providers, so mobile operators or fixed broadband operators.
We have about 16 million subscribers across the world, and our business is extremely stable in the sense that, you know, we have a solid foundation to build on with 97% retention rates in our service provider channel. That's providing us a very good foundation for growing the business further. In terms of numbers then, how does this look like? EUR 106 million in revenue last year, as you heard. EUR 47 million of EBITDA, 44%. I would dare say that is quite strong. 98% of our revenue is subscription-based already today. The rest is services. We have over 90% of cash conversion. We have practically nine-tenths of our profit available for dividends, growth investments into our people and technology, as well as potential M&A activities in the future.
Our channel split, 80% is coming from service providers and about 20% from our e-commerce business. Geographical split dominated by Europe, but seeing fastest growth actually over in Japan, Asia Pacific, and North America. F-Secure as an investment, the same way as Juhani just presented WithSecure, even the first bullet point is the same. We're operating in a very vast market, and it's growing. That's the good news, naturally. Being a company that made EUR 106 million of revenue last year, our growth potential is practically limitless. Secondly, we are the undisputed leader in the communication service provider market, and it is growing. It is growing at a steady and healthy rate. We're expanding our position within our partners, and we're gaining new partners.
As Juhani mentioned earlier, we, for instance, won new partners in quarter four in all of our geographies. We are now in a position where we see that the CSP business model that we've built works very, very well, and it is actually very portable and replicable into new markets and new service provider partners, which allow us to grow our business. More about that a bit later. Finally, as you could see, our business model is truly scalable as we're outperforming both market growth and the Rule of 40. We might even call for Rule of 50. Now, how is the market developing then? What are the kinds of underlying trends that we're seeing?
One is that, also with the emergence of COVID and the pandemic in the last two years, we've seen that practically every moment in our days is now digital. This means that there's much more, many more moments to protect compared to what used to be the reality just a few years ago. Secondly, we have much more to protect than before. We have our homes, which are becoming smarter. Smart means vulnerable. We have our privacy, our identity, credentials, and we have our families to protect, which calls for new types of security solutions that people don't necessarily have in use today. That provides us with an opportunity. The emergence of the fact that practically all moments are digital, and there are more things to protect, this is causing complexity.
People have lots of devices, lots of different kinds of needs in security, and according to our biannual study, as many as 72% of tech-savvy people are finding it practically impossible to secure themselves because of complexity. Now, that's an alarm clock or a red flag going off right there, that if these people are having difficulties with it, think about the people who are not as tech-savvy. We feel that that is what is most broken in consumer security today, providing an easy, relatable consumer security experience to people out there. That is why our vision is to become the number one security experience company in the world. If we look at the market, you know, once again, these are numbers from Gartner, EUR 5.7 billion in size in 2020, growing to EUR 7 billion in 2025.
As said, you know, our current revenue is EUR 106 million. We have not only that 4% compound annual growth rate to go for, we have much more market to win. The growth drivers, as I mentioned on the previous slide, the security experience in our view is broken. In hockey terms, we would say that the hero's cape is waiting for somebody to solve that problem for consumers out there. Secondly, a similar development as what Juhani referred to, consumers' willingness to pay and the businesses' willingness to pay for solving the problems related to cyber threats is growing. The increased awareness is obvious. I joined F-Secure in 2012, and, people who heard that I had joined this company were not quite sure, you know, what is the relevance of all of this. It's antivirus, right? No longer so.
Everybody understands because of the media headlines practically daily that this is very relevant, and that has, in our consumer surveys once again shown that several percentage points of increase in willingness to pay compared to before. Finally, relating to the same survey, about two out of three consumers out there are turning to their service providers to solve their security needs. It seems that we're in the right place. We have a heavy focus on service providers, and that's what consumers are looking for in terms of who helps them. This is what we offer. On top, you can see the services that our consumer customers are enjoying. In the past and leading to this moment, we've called them FREEDOME for VPN, SAFE for endpoint protection, ID Protection, protecting your passwords and credentials, and monitoring for identity theft.
We're now converging those all into one single all-in-one app we call Total, creating a much simpler experience for people to get what they need. Secondly, even an easier way to secure smart homes is to embed capabilities into a home router. We call that solution F-Secure SENSE. That then makes sure that all the devices in the smart home are secured, as well as the devices and individuals in the home. When they leave the home, we want them to deploy Total to stay safe. Many companies have very good consumer cybersecurity products. We're not alone by any means. What is the second layer underneath those products is our security business platform, which we believe is completely unique for us. We've been perfecting this for about 10 years, and we will continue perfecting it and expanding it further in the future.
Those are the services that allow our service provider partners to become successes in consumer security business. We are their engine and support and promoter to help them become better successes in consumer security than what they've ever seen before. Services including, you know, system integration of their billing and CRM, us helping them with the customer lifetime management, customer care, and data-driven business services, all run based on modern digital analytics of how the customer journey is working out and where are we potentially needing to make improvements in that journey. All of this is based on a delivery platform, which is scalable, cloud-based, running globally, which is based on our technology platform, which we develop in F-Secure and complement with third-party threat feeds, which is common in the industry. We're now expanding our market reach.
I mentioned earlier that we are the leader in the communication service provider market and, you know, we could grow our business solely by staying there. We're actually starting to feel much more demand coming from other areas than communication service providers, yet they talk about similar topics to us. About that a bit more on the next slide. Businesses like banking, insurance, even retail, where we already have a good number of partners, which you may recognize from the logos on this slide, we are expanding our market access to that huge global consumer market by getting new partners in these areas. What we are providing to communication service providers is a possibility to expand their core offering with trusted services related to endpoints, identity, privacy, smart home.
Similarly, for instance, insurance companies are now looking for ways how to, for instance, expand their home insurances with cyber insurance. Banking companies looking how to expand the functionality and capabilities provided in their banking apps. Retail companies looking for ways how to expand value or add value on top of the merchandise that they sell and provide ongoing services such as support, help desk, and cybersecurity. We have our direct channel, e-commerce, where we are developing and validating our offering, our go-to market models, how our messages resonate, and how our customer journeys are functioning. That in itself is focusing on a certain number of markets, for instance, the Nordics, Germany and the UK, and then that feeds into our service provider business as best practices of how to do things successfully.
Why are these new partners coming to F-Secure and asking for value added that we could provide them? One is that some of them are suffering from relatively low Net Promoter Score and customer satisfaction scores, so they want to boost retention rates and gain trust, and we have very high loyalty, as you've seen, with our consumer security services, so they want to see that same effect for themselves. Secondly, they may be in a relatively transactional and low margin business model, and they want to increase their margins from recurring revenue streams. Typically, our service provider partners can make anything between 60%-80% margin on the services that they provide using our capabilities.
Finally, they have increased competition and limited differentiation, which then gives them a chance by adding consumer security services to grow and protect their core business by being different. These are the kinds of needs, and these are very similar as we've seen over the years from communication service providers now happening in other markets. I can expect that finance or banking, insurance and retail are not the last verticals that we will see as potential partners to ourselves. Key competitive advantages, actually, our phenomenally strong team of people. We're not thousands of people, we're hundreds of people, but extremely committed. We have a strong purpose, very capable team, who works in tandem with our service provider partners and runs a very successful e-commerce business.
Our suite of solutions and product is relatively wide, so we can solve the needs that the service provider may have, you know, depending on what kind of an angle they want to start with or what are most relevant services their customers need. Secondly, we're naturally banking on our wide skills and experience and offering and services that were built for CSPs, communication service providers, to expand our business in that area and go into then new verticals. Our security business platform, as I call it, is also unique in the way that we are not just providing products to our partners, we are providing them with a business model that here is a business that we can help build together with you. That's exceptional.
Finally, we couldn't do this without a fantastic own direct business team who creates the value propositions, who finds the words for the first time how to present our value proposition to end customer, who tests constantly through A/B testing, what are the kinds of messages that people understand and relate to. Also in terms of the customer journeys, what are the best ways to get people to take the services into use, even discover them before that, and then how do they see value out of those services when they already have them. All of that best practice is then not only benefiting our direct business, but is lifted onto the service provider side and helping them to create their business.
In terms of numbers, both our direct channel and service provider channel are growing at a healthy rate, so that's going along very well. Our profitability is consistently very high. If you look at our EBITDA, it was 44.4% last year, EUR 47 million in terms of money. Very strong. We're consistently outperforming the Rule of 40. In 2020 and 2021, we've even been above 50. Our strategy for continued profitable growth, because we will be growing, and we will be profitable. The first one is about Total. That all-in-one security solution is going to be helping our customers, end customers, solve more of their needs with a single product, but also exposing them to more value within the product compared to when they have been using individual products.
That will most likely help us increase our ARPU, quite significantly, and in itself can be the major growth factor for us for the next two to three years. We are developing new products, and by the way, increasing ARPU through Total is naturally also thanks to the easier user experience. Secondly, we develop new products, such as SENSE and ID Protection. ID Protection is one of those areas where, it's still very fast evolving and developing as an area. What should the solution be? What are the needs? There's constant development ongoing, even though we already have it as part of Total. It will still be under heavy further development and research.
Similarly, SENSE, smart homes, it's a moving target, and we need to be developing not only our solution by ourselves, but also combining it with network solutions, router solutions, and smart Wi-Fi solutions. Constant development of that area. SENSE is very important because of easing the consumer experience, as people don't necessarily even need to deploy an application. We have new research programs bubbling under that will be introducing new products into our portfolio. Finally, we're seeing growth from new channels. We already have about 40 partners in these areas, and we're looking forward to adding more as we move forward. We see that the model that we've created in terms of offering and business model on the CSP side is clearly portable to these new channels.
Finally, our growth target is, in the medium term, to achieve high single-digit organic growth in our revenue. We've now been at 6% last year, but we will be aiming for more. Secondly, our profitability target, we will naturally be making certain growth investments and investments also into our independence in the next couple of years. After that, we see that we can consistently deliver an adjusted EBITDA margin of above 42% and consistently outperforming market growth and Rule of 40. That's the medium-term financial target for our business. With that, I finish off. I hand over back to Sini, I believe, and we can run the Q&A. Thank you.
Thank you, Timo. Let's start with the questions from the audience. We have to say that we haven't prepared for four speakers in our internal setup, so if Risto will address a question, I will then hand him the mic that I'm holding at the moment. Any questions from the audience? Please state your name also as well.
Hi, it's Atte Riikola from Inderes. I'm a little bit curious about your using Rule of 40 for consumer business. I think typically the metric is used for high-growth SaaS businesses, so why you are not showing the same numbers for WithSecure?
Well, as said earlier, by Risto, the profiles of the two companies are different. Of course, we try to reflect that also in the metrics that we are using.
Hey, it's Veikko Silvasti from Danske Bank. Thank you for the presentation. Very interesting. First of all, let's start with the corporate or the WithSecure business targets. It seems like you aim to double the size of the business by end of 2025, which basically implies an organic sales growth of around 18%-19%. Can you just describe how you aim to get this kind of acceleration in organic growth, and also how do you aim to basically win market share, because I believe the total market wouldn't be growing as fast.
First of all, I think we said 2026 in terms of the timeline. Just looking at the growth potential there, of course, the market is huge, but inside that market there are segments that are growing faster than the overall market. Of course, we have a very segment-focused strategy and we are of course taking advantage of the faster growth in those segments. At the same time, we are also seeking category leadership position and essentially growing faster than the segment is growing.
Okay. Basically finding these growth pockets where you have advantage and winning in there.
Yes.
Great. If everything goes according to your plans, can you describe what kind of sales split would this WithSecure have, divided by MDR and then pure software, meaning Elements and Cloud Protection for Salesforce and then consulting?
At this stage we are not dividing the revenue numbers in more detail than what we have already disclosed, but what I can say is that the cloud solutions portfolio where we talk about this 34% year-on-year growth, of course, is an integral part of the growth plan.
Cloud solutions includes also Elements?
That includes the cloud native part of Elements. Elements also has an on-premise part, which we call Business Suite, and that is not included in this native cloud part.
Great. Well, maybe then moving on to the order book. It was quite interesting. I believe you said you have order book of EUR 150 million. Can you describe how this will turn into sales in the future?
Maybe I hand over to Tom to cover this piece.
Yeah. I mean, that will always turn out to revenue over the duration of the deals. If I try to give some more color, we haven't seen a big change in the duration of the deals so far compared to the history. You can probably assume quite similar pattern.
Okay. The deals would be maturity of around three years from that view?
That depends on the business.
Maybe finally on this WithSecure business. At the moment it's cash burning. What kind of investments you need to do in order to reach these growth targets and how you may be financing those investments?
At the moment, as said, we are growing, we have momentum, and we have already made investments to get us there, get us into this position where we enjoy the momentum. Of course we will over time also get the scale benefits out of this. Having said that, we're of course monitoring the situation carefully and if we see opportunities where further investment would further accelerate our growth, we would certainly consider that.
Okay. Basically no need for equity issue, at least, during 2022.
What we're also considering, and that of course that question is also for the board of directors is that we are considering a share issue that could potentially then be bringing proceeds that could be used to accelerate the growth as an example.
Great. Sorry for taking so much space here, but continuing on the F-Secure consumer business. Sales growth high single digit and the market is growing at 4% and you've been historically growing at below mid-single digits. Where do you get the confidence of guiding this kind of faster growth?
We look at the past two years and we've actually been able to beat for two consecutive years already the market growth rate. Secondly, we're just about to come out to market with Total on the service provider side. We've already seen very good development of increasing ARPUs on the direct business side from moving from individual products into Total, and we're expecting to see a similar kind of development now happen on the service provider side. That will give us a lot of increased growth momentum. We've also been signing up new service provider partners at a good rate in the past years, and those will only start generating actual subscription revenues in the years to come. We have a lot of potential from those initiatives.
We're coming out with new products and, you know, SENSE is maybe best compared to network type propositions where the sales cycles are relatively long, but then once you get it in, actually the customer numbers or user numbers can be very large.
Very interesting. I believe we will hear more about SENSE maybe in later presentations. Clear. Well, I assume that majority of the R&D unit of F-Secure, current F-Secure, will be going with WithSecure. So how do you aim to invest in your R&D teams to stay relevant in these competitive markets?
Can I maybe say and then hand over to him and say something about the R&D team. First of all, even today, already today, we have distinct product portfolios and also two separate R&D organizations. That is already in place. We do share some technology that is common, and it's commonly used by both parties, and there is a plan to ramp up that capability over the next 18 months on the F-Secure consumer or F-Secure side in the future and further kind of allow for fully independent development of the two entities. Anything you wanna add, Timo? Yeah.
I would just say that it's really about three things. There is a security cloud service that we both depend on, and we will be developing our own, and I can see that we will be exchanging information between our own security clouds until the end of time. You know, it is in the benefit of both companies. But we will be enriching our own security cloud with capabilities which are more relatable towards consumer needs, like smart home threats, like identity threats, and privacy threats. But we will have transitional service agreements in place so that we can build our own capabilities, and we're also entering into employee consultations of moving certain common roles into the F-Secure side of the business so that we have a team to start not only maintaining, but developing those capabilities further.
The second thing is the software we've developed in common services. We will both have rights, full rights to all of that software, so we will have our own software to work on. Finally, the people element, which is most crucial, and like I said, we're going to get certain roles transferred after employee consultations into F-Secure, which will help us get started, but we will need to clearly invest even more to make sure that we're fully independent.
Clear. Basically, the ambition is that maybe by the end of 2023, there will be two completely independent R&D teams.
Except that we will continue to have the security cloud feeds going from one company to the next, which is a very common practice in the industry.
Clear. This is the final one from me. Can you just describe the competitive landscape? It seems like large players like Microsoft and maybe HP also are already providing free cybersecurity software for consumers. Can you just describe how do you aim to compete with something that's free and how the market looks at the moment, and has it changed, too, compared to maybe two years ago?
Yeah. I'd say that the key word here, if I would just say one word, is experience. There are lots of good products out there. Some of them come for a fee, and some of them are for free. To actually get a full consumer experience covering the needs that you have, all the needs, and there are new threats, it is the complete holistic experience that we need to be able to provide. I doubt that even these major companies are able to do that. They are solving certain bits and pieces of the full needs, but then the capability to provide that holistic easy experience is not necessarily there.
Thank you.
Atte Riikola from Inderes. Maybe a question about the Cloud Protection for Salesforce product. It has been growing pretty fast, so can you say anything about the average deal size on those big Fortune 500 customers? What's, like, the revenue potential per customer?
We don't typically disclose that, but what I can say to kind of give you an idea is that first of all, we look at those as recurring contracts. Typically they are over a longer period of time and, on an annual level, we easily talk about hundreds of thousands.
All right. Just to be clear about the growth target for WithSecure. You're aiming like doubling the revenue till the end of 2025 or is like run rate there should be like double compared to 2021?
I think we need to get this fact now straight from the presentation. I think we said 26.
No, it says 25.
Sorry, 2025. My mistake. 25. We haven't given a specific date for that. I think you should read it, of course, as our aspiration and ambition where to take the business.
All right. Thank you.
Hi, good afternoon. It's Matti Riikonen, Carnegie. Couple of questions. Firstly, you mentioned on the consumer side that you would have EUR 4 million-EUR 5 million additional costs invested. Is that a permanent cost increase that you're looking for, or is it going to be first that and then something lower?
It's going to be a permanent cost increase that we see when we develop all the independent capabilities that we are now enjoying as common services. We will be deducting allocations that we have now been allocated from Group. What the final balance will be. I expect it to be slightly higher, but not by EUR 4 million-EUR 5 million.
Right. Thank you. Does that EUR 4 million-EUR 5 million include the kind of technical platform costs that you mentioned, that at least in the beginning, the other side will basically provide the services to the other side, and is that number including those costs as well?
Yes.
Right. Good. On the consumer side, you talk about 97% retention rate in the presentation, and is that gross retention rate or net retention?
Because we're working through a service provider channel, that was referring to the service provider channel, so we can see the gross only because we can't see it on a user-by-user level who is coming in and who is going out. The gross is 97%.
Okay. Fair enough. Finally, when you talk about the cloud-based revenue growth, which was, I don't remember the percentage now, but it was, let's say 30% or something. Something, yeah. Is that coming from net new customers only, or does it include some boost from customers who are basically shifting from on-premise to cloud?
It is a combination of both.
Okay. Any idea what it would be on just on the net new business side?
Well, we don't break it down like that, but what I can say is that we've been quite successful with the increased momentum of adding completely new customers into our base, and of course, that is really positive.
Okay. All right. That's all from me. Thanks.
Veikko Silvasti, Danske Bank. One more question, maybe a bit more detailed, but Project Blackfin, what's the role of this basically project in the future of WithSecure?
Project Blackfin is a capability we have developed in the company that allows us to process information at the edge, meaning that edge can, for example, be a device where we process information, and it means that we don't need to send everything to the cloud to be processed. Now, that has several advantages, one of them being cost, because processing information in the cloud costs us money when we use, for example, AWS Cloud for that. And that of course, on a continued basis, has a role in our overall product structure, where we of course will take advantage of this in the future as well.
Okay, there's no revenue from Blackfin yet?
Blackfin is not a separate thing that we sell. It's a capability within our product portfolio that is helping us, for example, be more cost competitive and also giving us some more technical advantages.
Okay. Great. Now that we have two separate entities, easier to compare and so forth, would you be able to give one or two key competitors who to benchmark each of the separate entities to?
We don't typically compare ourselves to other competitors by name.
Fair enough. It was worth a try. Thank you.
Sini, do we have anything over there?
We have. I'm just scanning the room if there are any more tries left here live, but I think we have to go to the online questions. Majority of them are from Felix Andersson, so I will start from those. What gives you confidence on such market share gains? Why do customers today choose your product versus competitors?
Was that specific to WithSecure or F-Secure?
WithSecure.
WithSecure. What's the confidence? Why do they choose us? I think there are several reasons, and I would like to maybe say first it is about the people, and it is about the way we interact with our customers and partners. Then of course, it is about our ability to solve in a focused way certain problems in a very good way. Of course, this is an industry also where the reputation, in a way, is important, how you're able to kind of gain references and gain momentum through that, and I think we're well on our way regarding that one.
All right. Next question. Please describe the main investment needs for WithSecure and sources for capital to drive growth. How does the roadmap look, going forward in terms of expansion speed? Near term will be unprofitable, but what will happen 2023, 2025 when margins should go from break even to 20%?
As said, we are benefiting already from an investment that has been made into the F-Secure, WithSecure portfolio. Of course, over time, the scale, the revenue will impact the profitability positively, just mathematically speaking. At the same time, we're of course continuously assessing needs for accelerating that growth. Also, of course, we haven't ruled out, for example, looking at M&A opportunities where we see that that would clearly accelerate our growth or fill a certain hole in our portfolio.
That maybe answers the question, does M&A play a central role in either of the new company's strategy?
It is in the toolkit.
Where do you see biggest investment needs in consumer security? Is it fair to say that business has been under-invested in past years?
We see that we will have now more capabilities to invest in consumer-centric research and technology development, clearly. Without any kind of responding to the under-investment, we are going to be also investing more money into marketing as we're creating a new proposition or brand for F-Secure as a consumer-only company. You will see that we will be putting more emphasis on that side. You know, definitely on research and technology development side, we will be investing more.
Then Jaakko Tyrväinen asks, "Could you give some indication on the consulting unit profitability in 2021 and prior to the COVID pandemic? Also, is it reasonable to expect that WithSecure consulting should reach typical IT service consulting margins, i.e., 10%-20%.
Sorry, it's hard to hear you from here.
Oh, sorry.
So if you could.
I will step forward.
Just stand a bit closer.
I have a mic, but I know that it doesn't help you, actually. Start from the beginning. Could you give some indication on the consulting unit profitability in 2021 and prior to the COVID pandemic? Also, is it reasonable to expect that WithSecure consulting should reach typical IT service consulting margins, i.e., 10%-20% going forward?
We don't give out consulting profitability, but what I can say is that we're fairly pleased about 2021. Overall, of course, our consulting activities in terms of what we provide our customers and where it is a blend of different things. At the other end of the spectrum, you have something which is more regarded as something that you do in volume. Then also you have certain things which are maybe more complicated, require more senior consultancy. I would say that typically you need to have both in the portfolio because that is how the industry works, that is how our customers expect it from us.
Some consumer questions. I may repeat the M&A question also for consumer part.
Okay. It's in the toolkit.
Good to know. Will F-Secure Consumer use the common tech stack via some licensing agreement at first?
Our common tech stack, we will both have full rights to the tech stack. We will own our own version of it, and then we can develop it further as we see fit.
Thank you, Timo. We are running out of questions online. Do we still have some brave souls here? Yes, we do.
Yes, I'm Veikko Silvasti, Danske Bank. Just thinking about the short-term profitability of both businesses. First of all, on the F-Secure side, you said you're going to invest more in marketing and then also boosting R&D and so forth. How big of a dip in margins we are going to see from the current levels of over 40%, before, you know, reaching this kind of midterm targets of over 42%?
Okay. We unfortunately can't give you guidance on that right now. The time for that will come once we have reached the point where F-Secure is actually listing and starts providing guidance to the market. Unfortunately, can't say anything about it now.
I probably shouldn't even ask, but what about WithSecure? Is it going to be a lot of investments now in the short term, or is it going to be at the pretty much same level?
Regarding WithSecure, what I could suggest is this, we are planning to have a capital markets day for WithSecure independently, and I suggest that we dig deeper into these questions then later on. Preliminary plan is to have this in June.
Clear. Thank you.
No questions from the room, and I see no new questions online either. How would you like to proceed?
I think if there are no more questions, then we would just like to thank you for attending this event. Apologizing for my mistake on the numbers. Somehow remembered six, not five. It was in my line of sight. But other than that, I hope we gave you quite a comprehensive picture of what we're all about and how we're going to take this forward. Needless to say, we are super excited about all of this in a typical Finnish manner. Thank you very much.
Thank you.
Thank you.