F-Secure Oyj (HEL:FSECURE)
Finland · Delayed Price · Currency is EUR 1.860
+0.096 (5.44%)
May 4, 2026, 6:29 PM EET
← View all transcripts
Investor Day 2024
Nov 20, 2024
Welcome to F Secure's 2024 Investor Day. A warm welcome to everybody online. Good to have you with us as well as here in the room. It's a warm welcome. We got our first snowfall in Finland this winter season, so it's not warm outside.
This is a much better place. Our theme for today is unlocking growth. I'll get back to that in a second. So today's agenda is here. The times that we're indicating are finished time zone.
So 1 hour ahead of Central in Europe. We are going to run-in 3 sections. The first one is about strategy and market dynamics. We'll be focusing on what are the market trends, where do we see our customers developing their business and why would we be the party that can win in this kind of market. We'll have a break after that, then we'll get to our portfolio.
How does that portfolio drive and create opportunities for growth? Then we'll finish off by going through financials and also covering certain aspects of sustainability. So that's the program for today. We have reserved roughly 3 hours and 20 minutes, 3:15, 3:30 depending on how quickly we will move forward, but around that time frame. So these are the presenters today.
In addition to myself, Bruno Rodriguez, our new Chief Revenue Officer, will be presenting the market dynamics and market trends section. Thjalviso Nathan, our Chief Product Business Officer. In that same section covering our portfolio also our Head of Threat Intelligence, Laura Kankala. Both of our Product Management Directors for Security Suite, Herakukko and for Embedded Security, Niko Kukkonen and then finishing off by Sari Sommerkalio, our Chief Financial Officer. Prior to moving forward, I would also like to use this opportunity to invite some of our other leadership team members who happen to be on location today.
There are some new faces and some familiar faces, but I would like to introduce everybody all the same who will not be on the podium otherwise presenting today. So we have Nina Lehta, our new Senior Vice President of Services, who joined us beginning of end of August. Toby White, several years in the company, our Chief Technology Officer Andres Nordkio, a veteran of war in F Secure, who is our Senior Vice President of Corporate Development and Kaisa Tikka Muustonen, our new Chief People Officer, who joined us in the beginning of September. So thank you. Now moving on, the disclaimer as always, we're making some forward looking statements.
We're not giving investment advice here. In your own time, I trust that you will read through this very carefully. A few words about practicality. So after each of the full section, so both me and Bruno presenting, after that we will have a Q and A, Then we'll have the break. After the whole portfolio section, there will be a Q and A.
And then at the very end, after Saris' section, we will all be here on stage and you can post questions on any of the matters that we have presented covering any of the areas. Then for those in the room, we have the regular practice of you just raising your hand if you have a question and there is the microphone that will be hurried over to you in no time. And then for those who are online, the chat is open already now. If you have any questions then just please post those into the chat and we'll cover those when we get to the Q and A. So that's all about the practicalities.
So why did we choose a topic such as unlocking growth? In a market which has been relatively difficult from the consumer trend point of view, sometimes you feel that you need a crowbar to unlock growth and it's not straightforward. We've made a major acquisition 1.5 years ago. We acquired Lookout Life. That opened up completely new avenues for growth for the company.
We had our previous Investor Day in September 23, very quickly after the acquisition. And since then a lot of thinking, analysis and learnings and experiences have taken place and that has quite substantially molded our strategy to what it is today. So we thought that okay, that's a good topic because now we are about growth. Also we've referred Sari and myself in several of our quarterly results sessions into driving growth, setting the foundations for growth. And we've only been able to scratch the surface, so we thought that okay, let's go through this properly.
Let's look at the market dynamics, the trends, what are the kinds of behaviors and needs that we see in our customer segment and why would we have the right to win. And also why is this the right kind of portfolio actually to then satisfy the needs and opportunities out there in the market. So those are the main themes and then Sari will naturally give the financial view on the same. So that's the reason for the topic that we have for today. So when we finished off our Investor Day last year September, this was my, I believe, last slide more or less.
We talked about growth fundamentals that we're putting in place in the company. First of them being expanding our addressable market. Prior to the acquisition of Lookout Life, we talked about especially going deeper into new vertical partnerships, not the typical communication service providers that F Secure had been working on for a long, long time, insurance companies, banks, payment brokers and so forth. But after the acquisition, the Tier 1 partnerships has been something that we have been vehemently focusing on as a new extension to our customer base that we've been serving. So I'll go through a little bit what kind of achievements we've made on that front.
In terms of value increase, we were talking very much about the need to bring new products to market. Embedded portfolio has been practically built from scratch in the past 15 months. We've extended total substantially. And also with regards to total, we have a new module that we've introduced. In aspirational culture, growing is not about only what you do.
It's a mental state. It's the kind of aspiration level that you set for a company. So these were the kinds of things we were focusing on. So just a quick recap of what we've achieved. So we've set earlier as a target for ourselves to be the undisputed leader among the world's largest communication service providers by 2026.
We may be closer already now at the end of 2024 of reaching that target than we even imagined. Naturally, the scope of our services may vary from relatively limited to a very, very wide scope. But now already 6 out of the top 10 by revenue in the world are being served by AirSecure. So excellent progress on that front. But like said, some of these start small, also naturally because it's partner business.
Our partners require time to actually grow the user numbers for our security services. The names that you have around the globe on the screen, I would want to say that these are all our partners. No, that's the target segment. When we talk about the largest CSPs, these are the kind of companies we talk about, these very names. They are the ones which are at the top of our target list.
A development that we're seeing and we're going to cover in much more depth in Bruno's section is that especially with these bigger communication service providers, they've started seeing that the road to push price and faster speeds, the best times may be over and growth needs to be found elsewhere. Not only revenue growth, but profitable growth. And security has now been identified by a good number of these players as the area to start investing in to expand what they have considered to be core. You know that actually voice and data for some even content has been core. But now security is starting especially with the ones who consider them to be true market makers in their own countries or geographies.
They are starting to extend security into the very core. AT and T brand promise, fast, reliable and somebody help me. Secure. There we go. The most important one, fast, reliable, secure.
So they have even on their tagline. So it's becoming a real difference maker. New verticals, we are now focusing on the bigger new vertical opportunities, especially insurance companies and banks. So bigger is better. And in addition to Europe, we're also exploring the market for these opportunities in North America.
Then when we move on to the next section, are we doing something about value? So I'll get back to this a bit later, but we have a completely new module in total we call scam protection. And just one of the capabilities in total, which is called shopping protection, we have prevented tens of 1,000,000 of potential entries by our users into dubious shopping sites, tens of 1,000,000 in just a year. So we launched shopping protection in November, December 2023 for desktops only, then during 2024 also for mobile devices. So already tens of 1,000,000 of 1 star ratings for shopping sites that people have tried to enter and we've advised them not to.
So it makes a big difference. This is value as perceived by customers in a big way. Now I start at the bottom. So first of all, we've talked about total conversion a lot. So 80% of our top 50 partners, I'm talking about the top 50 partners, 80% of them, so 40 have already committed to multi module total, not just total, but taking multiple modules in use.
And out of them, 70% are already live. I think that's 28%. So 28 of them are live. But as we mentioned in our quarter 3 results session, still roughly 75% of all users using F Secure security services either directly or through our partners are still using a single module or our previous generation product. So there's tons of value still to be unlocked over there.
Then next one, scam protection being the new module and obvious need in the market, it is resonating extremely well with our partners. I dare say that 100% is a closer number than 90% of who is interested in scan protection. They all are. It is addressing a substantial need in the market and naturally that offers a business opportunity both for our partners and F Secure. We've said already since 2022 that we aspire to become the number one security experience company in the world.
And we were super proud roughly 2, 3 weeks ago in the AI gala of the technology sector in Finland to win the best user experience built based on AI in our messaging protection. That really made our hearts warm up because that's precisely what we want to do, not only provide security efficacy, but provide a fantastic user experience leveraging AI. And then as I mentioned already earlier, in roughly 14, 15 months, we have built the broadest embedded security portfolio in the world among any consumer cybersecurity company. That's I am impressed with our team. And this brings me to the new culture empowering growth mindset.
So if you think of what does it take to grow, it takes good ideas, good technology, good salesmanship, good marketing, good partners, good value proposition and a team that is pumped up and aspires to become a leader in the market. And when I'm looking at what we've done, for instance, with embedded security in a record short time, how we've been expanding total in the past, let's say, 12 months or so and continue to do so at the speed. It's breakneck speed right now. And this is what we need and it clearly shows that our team is pushing the limits and is inspired to truly turn f Secure into a market leading company. It's not good enough to be an also ran, we want to lead the market.
And I think it's very visible now. And now as we are serving already so many Tier 1 partners, our technology, our services, every single aspect of our operations is getting to the next level. Not only Premier League, I would say Champions League. So now I'll just recap very quickly before I hand over to Bruno where we are with regards to our strategy. So this is just a recap, which in a way paves the way for all the presentations that you will be hearing today.
So first of all, we believe that we're taking head on the 2 biggest issues that are out there in terms of consumer cybersecurity today. On one hand, there's a scam pandemic out there. And I just read one single number from here. In the past 12 months, the global anti scam alliance based on their survey $1,000,000,000,000 has been lost to scams in the past 12 months. And I lose count of how many zeros you have in a $1,000,000,000,000 but it's a lot.
This is a massive problem, which by far shadows anything that we've seen in consumer cybersecurity in our past. It's a horrible problem that needs a very, very good solution. Secondly, complexity still unsolved. Still roughly actually more than 2 out of 3 users feel that this is just too difficult for me. It's too complex and impenetratable.
Now I've always said that the worst feeling that we could ever leave consumers with is a feeling of hopelessness, right? That I feel like there is no way that I can stay safe. So I don't I won't do anything because it's only a matter of time. So we need to get rid of that impenetratable feeling that people may have. And as I just mentioned, for our own user base, there's still 75% who haven't taken multimodule total.
Also when we have made our consumer surveys, consumers typically activate no more than 10% of them activate the security service from their partner. So there is a massive issue there that requires solving. So on one hand, we are solving the technology and scam problem through a research driven AI powered holistic scam protection. These are the three things that are crucial. Research driven, we have refocused all of our research around scam protection, scams, understanding them.
Laura Kankala will talk more about it. It needs to be holistic to make it easy for users so that they don't have to pick and choose from different kinds of bits and pieces and powered by AI to be efficient in terms of good security efficacy and secondly, provide a great and smooth user experience, which is the second point that we have made strides in providing even a greater user experience in our Total application. So if you have had the pleasure of using Total, you see that it's a much more engaging service than it ever was before. It talks to the user. It guides the user.
It tells more about what's going on in the world of security and threats. So it's helping you. Also our partner experience has been driven to the next level. And next year, I'll save it for later. Next year, we'll be making some great strides on that front even further.
But for instance, our partners who are using embedded security can now engage with us through an excellent developer portal that provides them with everything they need to be working with our technology. So that's on what we're working on as a company. And then secondly, what makes us different. We are the only company where every single thing we do, value proposition, business model, operational model, services, everything that we do has been optimized to drive partner success, every single thing, plus our skills and capabilities and experience in the company and that shows. Secondly, especially when I talked about the bigger players and how they want to turn security to become a part of their core services, they really want to make it look like them.
It's not enough anymore for them to have the same product as somebody else is selling directly to their customers. Why would they just resell something? They want to create something that is their unique value proposition. So it has a unique composition of capabilities. It has their brand.
It has their experience and is either integrated to an application they already have like a CSP app or it is a completely new app that has been built for instance from scratch to be their unique security service. So we need to be able to make it theirs. Secondly, total in addition to co branding can go way, way deeper in making it yours from a partner's perspective and Eero Kokko will be talking about that. And then finally, we work with the kinds of names in the industry that everybody would be envious of, who will be who are pushing us day to day to get better, who are asking for more, who are pushing the boundaries of where consumer cybersecurity should go. So we both work with them and co create with them.
So just some of the names out of the roughly 200 partners we have. So this was a quick recap of where we are as a company, how we've done in 2024 and what our strategy looks like. Now I would like to hand over to the people who will actually go much deeper into the details and provide you with depth that you will certainly appreciate. So thanks everybody for this. I will now invite Bruno to take on the clicker and start looking at the market.
Thank you.
Thank you, Timo. Okay. Hello. Good afternoon, everybody. So my name is Bruno Rodriguez.
I am the Chief Revenue Officer for F Secure. I'm a recent addition to the leadership team, been in the company for less than 2 months. So but have been have quite some experience in the cybersecurity and IT market. I've been in this market for more than 25 years, and especially in the cybersecurity and working with and through telcos. Okay.
So before I start my part of the presentation, I would like to show you a short video from 1 of the market analysts. I don't know if you're familiar with OMDIA. So OMDIA is a global analyst which is focused on telecom and technology. And they would Michael Philpott is the research director. So Michael is going to give you a few messages on why it's important for service providers to have a comprehensive cybersecurity solution.
Okay. So I'll leave you with video from Michael for less than 10 minutes and then we'll continue with my presentation.
In my view, cybersecurity has become the most important value added service that telcos can offer their consumer base today. However, many telcos around the world are not yet maximizing this opportunity, leaving their customers exposed to online threats in the process, which in turn hampers their own ambitions of moving into new growth markets. Omnia's service provider consumer research team is focused on helping telco consumer strategy teams make the right strategic choices to deliver top line growth. In recent times, the main growth has come from broadband and mobile data. However, the focus has always been on speed on the fixed side and largely on usage on the mobile.
As markets matured and became more competitive, the trend, however, was simply to give more and more for the same price. In both the broadband and mobile spaces, therefore, speeds and usage have grown exponentially, but global ARPU has remained static for the past 10 years. This, of course, was all relatively fine while subscriptions were growing. The issue comes as markets start to saturate. Then, without new ARPU growth, consumer revenues will also stall.
And we're already starting to see this in some countries. As shown in the chart, although consumer connectivity markets remain big, reaching $1,300,000,000,000 by 2029, it only has a 5 year CAGR of 2% at a global level now. And in some countries, this is heading towards 0. On the flip side, telcos have got to spend big, investing 1,000,000,000 into next generation fiber and mobile networks. Although peaked in 2022, global CapEx intensity was still 16.5% in 2023.
If telcos are to continue to drive a return on this investment, it is vital that they now look for new ways to grow their consumer ARPU and hence revenues. The key in my mind is to switch the marketing focus from basic speed and usage to this concept of quality of experience. This will both differentiate the brand and enable telcos to branch out into new areas between what some term digital lifestyle providers. The key element of this overall quality experience strategy is security. Consumers must feel secure using their telco products.
As one operator put it, 1st we must provide a quality experience, then we must provide a secure one. And we're now starting to see this appear more and more in telco marketing too, with AT and T's fast, secure, reliable stat line as one example. Cybersecurity is also the value added service that consumers are most willing to pay for. Based on Omnia's 2024 Digital Consumer Insights survey, 70% of respondents stated that they'd be willing to pay more on top of their broadband bill for a cybersecurity solution that protected all of their connected devices. From our survey analysis, it's also clear that some segments are more willing to pay than others.
Parents of younger children, for example. And as you can see from the middle chart, there's a very clear correlation between the number of connected devices in the home and willingness to pay. Finally, telcos are the most preferred provider of consumer cybersecurity services, which makes sense given that they're the ones supplying the connectivity as well as the key devices such as the broadband gateway. However, we know from our research that nowhere near this level of consumers do actually pay, suggesting that either telcos are not positioning cybersecurity correctly or they're monetizing it in other ways, or perhaps a little bit of both. Many telcos certainly offer cybersecurity as part of either their mobile or broadband offerings.
However, in many cases, this simply equates to offering traditional third party antivirus applications. A very typical telco offering is shown in the table. I'm sure that we're all fairly familiar with such services. However, these solutions have a couple of major flaws. Firstly, they don't protect consumers from more modern threats, such as online fraud, for example, which is now the biggest type of crime.
Secondly, they can't protect IoT type devices, such as security cameras, video doorbells, etcetera, which are increasingly entering our homes, but often come with little to no inbuilt security of their own. And thirdly, and perhaps the most important issue, is that they are completely up to the consumer to install and manage them. VositorTelco has little to no control over the end customer experience. Adoption of these solutions, therefore, can be very low indeed, even when provided for free. To provide a more comprehensive solution, it is in my view, therefore, that it is essential that telcos move to what I term total consumer cybersecurity.
This is a more layered approach, starting with network security, which provides a base level of security, including network based DNS. Then router security, which once enabled protects both the router and all devices connected to that router in the home, and also provides other functionalities such as device fingerprinting, which can also be used in other applications, such as application prioritization and parental controls. And finally, endpoint security, which then protects devices such as smartphones and tablets as they roam onto other networks as they leave their home. The first 2, from a consumer's perspective, are zero touch. So the telco is in full control of that experience.
Endpoint applications, of course, still need installing. However, this system can also be used to identify unprotected devices, provide guidance and assistance to the consumer to resolve it. Although very much a layered approach, it is then essential that telcos provide a single user interface that provides a simple control and management of the whole solution. In years gone past, telcos have tended to supply an application for everything. And now they're trying hard to aggregate that into a more joined up strategy.
By providing a single Cypress security user interface as part of that wider strategy, then not only will that simplify things for the end user, but also enable more sophisticated functionality, adding much greater value. One such functionality could be around security notifications, providing greater guidance and education to the consumer. Providing just a security product is unlikely to be enough to keep consumers safe. They need help, and telco's in a prime position to provide their education and assistance. It also doesn't hurt the telco to remind the consumer of the value that they're providing, as long as they get the balance right.
Applications are not the only channel for this, but they certainly can be used as one of them. To conclude, therefore, if telcos wish to monetize consumer security and position themselves better as a digital lifestyle provider, then they must invest in more comprehensive solutions that protects their customers from more modern threats across all devices and all networks. To do this, they will need to work with a vendor or vendors with solid track records in the telco industry so they can utilize that experience to create optimized go to market strategies, as well as utilizing the strength of their vendor brands where necessary. In that vein, it's important that vendors also offer professional services not only to help integrate solutions into the telco platform, but also to help them become more of a partner to the consumer when it comes to cybersecurity. And finally, it's important to look for solutions that can provide a single user interface with the flexibility to match the telco's position in the market and application and branding strategy, whether this is as a standalone app, a standalone app but under the telco's own brand, or as functionality integrated into a wider telco op strategy through SDKs and APIs.
I'm pleased to say that in Omnia's recent market radar in this area, S Secure is one of the leading vendors that scored highly across all these areas. And with that, I would like to thank you for your time and your attention. Thank you.
Good. So thank you very much, Michael, for the video. I hope it was useful. We want to get also inside of a third party analyst on the market, especially on the telco market or the CSP market, which is so important for f Secure. Okay.
I will start my part of the presentation talking about the total addressable market that we see at f Secure and the one that we want to penetrate. First of all, I'll talk about I think this was also covered by Michael a bit. I'll talk about how the consumer cybersecurity market is going to grow in the following years. So according to Gartner, IDC, independent market analyst, the market in the next years is going to grow around 6%. This is for the consumer cybersecurity market.
So we agree on this, but we take it a bit further. And I'll give you our view on this market. Although the market is going to grow between 5% to 6%, the overall market, this depending on how you address this market, either with a B2C strategy or a B2B2C strategy through partners, the market can actually grow way more or the addressable market that you can get to with a B2B2C strategy is way bigger. So the addressable market for B2B2C, we believe is going to grow 3 times more than the standard market, thanks to many of the telco trends and CSP trends that we're going to be seeing later in the presentation. So although the market will grow around 5% to 6%, we believe we will see a growth in the next 3 years of around 17%, mainly because of the reasons that Timo mentioned before, but we will get a bit more into the details now.
So why do we believe that B2B2C is the best way to address the consumer cybersecurity market? First of all, I think we've covered this in previous in the presentation. Omdia said that 53% of consumers choose their CSP as the provider of choice for cybersecurity and maybe around 14% were choosing their insurance company. So typically they would look at the service provider, be it communication service provider or insurance or financial institution to provide cybersecurity. We also agree with this number, but we've actually seen a bigger one in our own studies where 81% expecting are expecting their Internet service provider to provide security.
So big part of the consumers are actually expecting their Internet service providers to provide security. And not only that, but they are also willing to pay for it. We saw it Michael was also mentioning this. 56% are already paying for some or part of their security solutions and 71% actually would be willing to pay for a more complete scam protection. As Timo mentioned before, scam pandemic is a real issue right now for consumers.
They really don't know how to address this situation and they're looking for a trusted companion, somebody who can actually help them deal with this scam pandemic right now. And that trusted companion is their service provider. Okay. So as we mentioned before, f Secure is all about partner first and working through service providers. So let's look let's take a look a bit on the CSP market trend.
So what trends are driving the market for the service providers and for the communication service providers in particular. I think this quote is very, very powerful. So there was a study that PwC did when they interviewed a lot of CEOs from telcos. And 45% of the CEOs they interviewed said that in 10 years, their company will not be viable if they continue on the same path. This is a really bold statement for a CEO to make of their own company.
So they need to change. The CSPs realize that they need to change. And the reason they need to change is because of 2 things. 1 is commoditization, which we talked about before. And the other one is convergence.
And we will talk about those two trends and a couple others that we see as well. So these are the trends that we're going to cover today in the CSP market trends. So extending the core, how to avoid commoditization, how to establish convergence strategies, how the CSPs are building their own apps to unified customer experience and what's happening in the router. So Michael from Omnia was mentioning that there's more and more needs to protect the devices in the home. This has been a huge challenge for telcos.
How are they going to do this? What's coming up as a market trend that will help them or not do this? Okay. So let's look at them 1 by 1. So I think we've discussed this, Timo mentioned before, the core services for the CSPs have typically been voice and data that is commoditizing, has been commoditizing for quite some time.
And these CSPs are looking at other services that they could offer to move away from the core. So we could call this beyond the core strategies where they're trying to sell different services and give different services to users that are, let's say, different from their core. Why are they doing this? 1st of all, as we said, the core is getting commoditized. On the other side, the value added services or services outside of the core are expected to grow way more than what the core is growing.
So I think we are mentioning around 2% growth, Michael was mentioning, for the core or even 0 in some markets or even declining, where vast value added services in general are growing 13 more than 13%. Okay, but what about security? So first of all, security is from our point of view and what we're seeing, one of the key value added services. And it's so key that it's actually becoming core in many of the large Tier 1s. And we will talk a bit about that later.
But why is security so important? First of all, there's a demand for consumers. So we've seen that already. Consumers have this problem and they need help to fix it. And then also really important is profitability.
Not all value added services are created equal. A lot of telcos maybe are just reselling music, they're reselling content, they're reselling Netflix subscriptions. Are those really profitable for them? Also, consumers now know those services and maybe they go directly to the source and they don't have to buy it from Natalco. So they need to find value added services or services that are really profitable for us.
So what we've seen in working with all of these CSPs for many years is cybersecurity provides up to 75% gross margin for the telcos as a value added service. There's no other service that will give you that type of gross margin. So this is one of the trends moving, extending the core or I could say trying to find services that will bring them away from the core or beyond the core. The other one is convergence. This is another big trend that all of the telcos are talking about.
So typically CSPs have treated their mobile and broadband divisions as almost completely separate companies. In many cases, they were just acquired and become part of the same company. So they were not there was not really a strategy for the broadband and the mobile together. And this is changing significantly right now. I'll give you two examples.
ADT and Verizon, 2 of the biggest telcos in the world are right now in the U. S. There is what the analysts are calling a race to convergence. So both of these two companies are racing to see who gets first to deliver a full convergence converged solution or service combining broadband and mobile. And either they are combining or putting together their own divisions, like it's the case of AT and T, or even in the case of Verizon, they're acquiring other big players in their market to actually work in this convergence strategy that they're designing.
One of the examples is the acquisition of Frontier by Verizon in the U. S. Why are they doing this? What is the reason for the telcos to try to go for convergence? There are several points, but one of them, for example, is ARPU and the ability of cross selling.
So for example, AT and T were saying that 40% of their fiber customers also have mobile solutions from AT and T. So that's a big raise of the ARPU. If you have 40% of your broadband customers also having mobile from you, that's a big raise. And then the other one is reducing churn. What Verizon was seeing is that 50% of the sorry, there was a 50% reduction of the churn when you combined mobility and broadband.
So it's also really important for them. This is affecting their top line. So this is another strategy to go away from this commoditization that we were talking about. Okay. But for the telcos, we can really see the advantage of trying to go to a convergence scenario, convergence strategy.
But what's in it for the user? The user is still very confused. They're looking for very simple solutions. They don't really care about these convergence strategies. They just want to make it simple.
So how are the Delcos making it simple for the users in this convergence world? Well, it's all about the applications. So most of the big telcos in the world right now are building their own applications or have been building their own applications or enhancing the customer care applications that they have with more and more services. There's a couple of examples here Rakuten for example in Japan and one good one is this one from T Mobile, T Life. I don't know if you can see that, but this is actually a quote from Omar Tazi, who is the Chief Product Officer at T Mobile.
And he was saying 2 days ago in LinkedIn that T Life, which is T Mobile's application, is the number one spot lifestyle app on the App Store. Number 1, not telco app, lifestyle app. So even bigger than Pinterest and Zillow and Ring and Alexa and Tesla, way bigger than all of those apps. They're the number one. So clearly, the customers are looking for an app where they have everything simple.
And I know that telcos have been trying to do this via like super apps for a long time, but now they are I think they cracked the code and now they are really realizing how to do it. And in the case of TLIFE, this includes also security in that app. So it's really important to be able to fuel or supercharge those apps with security. And that's something that F Secure is very well positioned to do, thanks to our embedded portfolio that TL will discuss later. And then taking it even further, we have AT and T with ActiveArmor.
So AT and T Security is a big part of the core of their core. They're moving towards security and it was part of their motto, I think Timo mentioned before. And it's so important that they're building a security super app that includes all of the features of security that they are offering in a single app called ActiveArmor. And you can see there. So this is not only cybersecurity but includes like call protections and other types of security features and AT and T is pushing big time to improve this application in the future and you will see more things more more of this later on.
Okay. So what about the smart home? This is something that also Michael was mentioning before that the smart home, there's a lot of devices that are insecure and there's a lot of devices that need protection and there's not really a clear solution right now in the market to offer protection for these devices. What has been the main challenge here? F Secure has had a solution for router security for years now called SENSE.
But why hasn't this catched up? What is the reason why telcos or CSPs are not implementing this on all of their routers? The main problem here is that it's really difficult to deploy applications on these CSPs routers, on these CPEs. It's very difficult to do because all of them have proprietary operating systems. They're very closed systems.
So deploying an app is really, really difficult and not all of the companies can afford it. You need to work very closely with the router manufacturer. You need to build a specific app for that and it's not easy to do. This is another trend that we believe is going to change in the next year and 2026 as well. And the main reason is because of some initiatives that the really large telcos are putting on the table.
These are Purple, Purple Foundation and RDK. So Purple and RDK are standard operating systems that are driven by the biggest telcos in the world. In the case of Purple, it's AT and T, Verizon, Orange behind it mainly Frontier. And then RDK is Comcast, Deutsche Telecom, Vodafone and they're all pushing for the standard operating systems. And then we also have broadband forum which is across the line also generating standard protocols for these routers.
But I think it was the AT and T CTO who said this in one of the presentations I was, he said the home routers are going to have their Android moment. I really love this quote. So it's like the mobiles before and after Android. Before Android, the mobiles were difficult to have an application. You didn't have a store.
It was you need to have everything almost tailored made for the different operating systems. Once Android was out, everything changed. And now it was really easy to deploy applications in the router. That's what we believe is coming in 2025 and 'twenty six, this Android moment. And F Secure, thanks to Sense, is really well positioned to take advantage of this Android moment and deploy security in these routers.
And okay, so until now we're seeing things are going to change and we're going to be able to deploy applications in the router. But which applications are interesting for the user? Of course, number one application, number one thing the user want when they have a router is good Wi Fi. That's obvious. Right now, Internet equals Wi Fi.
If you don't have Wi Fi, you don't have Internet. So that's the best thing that the first thing that they're looking for, good Wi Fi. So Wi Fi management is going to be really important to be deployed on these routers. But the second thing and third is security. That's the next killer app that they're looking for in the routers.
So once this Android moment happens, security is going to be one of the most demanded applications in the router and we will be ready for that. Okay. So that's a bit about the trends. I will finalize my presentation talking a bit about F Secure and why F Secure is the best partner for these to help these CSPs, this communication service providers and service providers in general to transform their companies, taking advantages of these trends that we saw. Okay.
So I think one thing that we need to look at before we I give you a little overview of the strategy is, what are the service providers like? Are they all the same? Do they all have the same needs? The answer is no. Not all the service providers are created equal.
So we actually see 3 types of service providers in general right now. And of course we have the direct business. And I'll talk about these and why this is important. So first of all, we have the strategic partners. We've been calling this the Tier 1s.
This is the top 20 service providers in the world. This is not only Telcos, not only CSPs, but other service providers as well, like financial institutions or insurance providers. The features of this, these have really large base, very high ARPU. They typically are the leaders in their market. As we said before, they're not only delivering value added services to their customers, they're actually making security as part of the core.
And for them, one of the key things and one of the key questions that we get every time we talk to these service providers is how can I be different? How can I compete with the rest of my market? How can you help me deliver something unique to the market and security? I don't just want to take your app. I want something unique.
So the needs that for the strategic partners are very different. And on the other hand, they have high investment power and high maintenance power. They want something unique and they are ready to pay for it. And most of them, as mentioned before, these services that they want to offer, they're becoming part of their core. It's not that they're just adding security on the side like they will add music or they would add video.
Actually, they're adding security to all of their offering. The broadband needs to be secure. The mobile needs to be secure. Everything they do needs to be secure. So those are the strategic partners, very different.
Major partners, this has typically been before the Lookout acquisition, this has typically been f Secure's sweet spot. So we were addressing the major partners, they high ARPU, they need value added services as well, but they also value quick time to market and measured investment and reasonable operational costs. So Total has been a winner here for years and this is I think this is where we were coming from before the Lookout acquisition, the major partners. There's the top 100 service providers in the world. And then we have the commercial partners.
Commercial partners are the rest. So we're talking about top 100 CSPs in the world, but in the world there's actually thousands and thousands of communication service providers. So, how do we get into those? Those are kind of like the long tail of the partners. How do we address the long tail?
If we could find a way to actually address that market in an industrialized fashion with a SaaS model, in a self-service model, for example, where those companies could actually have access to a security solution in a very easy way and convenient, that will allow us to crack that long tail of partners like many other technology companies have done in the past. So that's also really important for us. The commercial partners, they are looking for quick time to market efficiency, a little bit of customization, but they don't need the full customized solution. And they have limited investment power. They will not be ready to pay a lot of front for a customized solution.
On the other hand, there is a lot of them and the addressable market that these commercial partners are looking at is pretty big. So this is another of the, we could say, segments that we were looking at. And then finally, we have direct business. Of course, you know that a percentage of what we do is for direct to consumer. This is a completely different business.
They're concerned about the scams. They want a simple solution. And of course, we will continue to address the direct business. But the focus would be on those 3. And the point is that we believe so much that these types of CSPs are different and they have different needs that we have restructured our company to actually better serve all of these customer segments.
So you will see changes coming up also in the company to better serve the strategic partners, better serve the major partners and better serve the commercial partners. Okay. And then to end, I will tell you a bit about, just an overview. I won't go in-depth on each of these because my colleague, TL will talk a bit about more about our portfolio and how we are going to address these customer segments. But I'll just give you a bit of an overview.
This could be right now how the customers for or the partners for F Secure look like. So we have strategic partners, which we don't have. We have 6 out of 10 of the biggest ones are here. We have the major partners and then we have the commercial partner, which is the long tail that we're addressing. So for the strategic partners, what are we going to do?
What is going to be the strategy here? The key here is to win new partners in key markets. And how we're going to do this is we're going to piggyback on their strategy of launching super apps and fuel those super apps with our smart SDKs, with our embedded portfolio that Timo was talking and that TL will talk a bit more later. Then for the major partners, I think Timo mentioned this as well. There's a huge opportunity still here.
A lot of our partners are not yet in total multi module. So there's a lot we can actually grow with our existing partners. But not only that, we have an amazing we could say an amazing proposition that we've tested traditionally for years in our markets like Europe. And we can still replicate this success story in other markets and other geographies like for example North America and Asia. There's a lot of major partners in North America and Asia that could benefit from all the experience we have with a solution like Total, which is very proven, very easy to deploy and the time to market is very short.
And then finally, we have the commercial partners. So it seems like they are the smaller CSPs and we shouldn't pay a lot of attention to those. But actually, I think it's not the case. So this is what we call the long tail of partners. So probably we cannot address them 1 by 1 like we do with these.
But there is an opportunity to actually come up with a SaaS platform that would allow us to address that long tail and escalate from 100 partners to 1,000 of partners. And that's really what we're going to work on 2025, building that SaaS platform and addressing that long tail for hyperskeling. Okay. And just to wrap it up, I'm going to repeat more or less what Timo was saying before. Why we win?
I think the key point here is partner first. So for me, this is one of the reasons I joined the company. That's really what I believe, partner first always. There is no conflict. Telcos or service fighters will always be the first in our priority.
If the telco is not successful, we cannot be successful. So that's the only way we can be successful is if we really understand the CSPs and we really make them successful. Then TL will discuss a bit more about this, but we have an amazing product portfolio that is optimized for this telco success, this service partner success with embedded, with SENSE, with Total. So we have a solution to actually match the need of every customer segment that we've seen so far. And then finally, we understand scams like no other company.
We don't only believe that scams are just another threat that we have to deal with another yet technology. It's all about scams now. Almost all of the threats in the market right now are designed to actually scam people. So you can't just add another technology on top. You need to actually stop the scams at every customer interaction.
And this is really important. And the telcos understand this and consumers actually want a solution to stop these scams. Okay. So that's all for me. So Timo, if you want to come up on stage, we can answer some questions.
Thank you. I'll get some water while the questions are preparing.
Okay. So first question is coming from the room.
Felix Henriksen from Nordea. Thanks for taking my questions. I have a couple. First to Bruno, personal question.
Okay.
What made you join f Secure? And can you expand a bit on your background with working some of the largest telecom operators in the world?
Okay. I knew that question was coming.
And it's the first question.
It is the first question. So let's get it out of the way. Okay. So as you probably know, so my background before joining F Secure, I was working at Bitdefender. So I worked for Bitdefender for 12 years already, where I was leading in the last years, I was leading the telco business for Bitdefender.
So we signed top service providers in the world there. And before that, I was also in charge of the OEM division or part of the OEM division for Bitdefender as well, dealing with large manufacturers like Cisco, like Checkpoint and the rest of these. And then before that, I was also working at Panda Security, which is another cybersecurity company. And before that, I was working on a telco. So I have both the cybersecurity and the telco experience in the past years.
Okay, that's the second part of the question. Why I joined F Secure? I think I've mentioned it during my presentation. I think what I really like was this partner first mentality. That hasn't that was not the case in my previous companies, where we there was a bit of a conflict between direct to consumer and B2B2C.
And joining a company where every single person in the organization except for our direct to consumer team, but every single person in the organization is thinking about the partners, how we can help them, how we can make them successful. Again, if they are not successful, we are not successful. There is no channel conflict. There is no problem. That's really what we want to do every day and that's what we talk about every day.
How can we help Telcos be more successful? That's the main reason I joined. 2nd reason is the product portfolio. So, TL is going to talk about that. The fact that we can that we have this broad portfolio of SDKs.
For me, when I was coming from an OEM background where SDKs were really important, I was really surprised to see what DevSecure was able to build in like 15 months. Amazing. So it's a really broad array of SDKs that will allow us to fuel these super apps from the telco. So that was the other. And of course, Total for me, looking at it from the outside, was really the crown jewel of F Secure in the past years.
The fact that it was so easy to rebrand, so easy to deploy, that for me was amazing. And I was really envy of Total when I was working at other cybersecurity companies, and that's another reason why I joined.
Thanks. That's a good background. Then I guess when we think of the European telco landscape, many operators are struggling with their ability to invest and ARPUs are very low when you compare to rest of the world. So if one were to buy into your value prop of higher ARPU, lower churn, it sounds like it's the perfect match for the telco. So my question is, what's the sort of main pushback from partners who haven't yet adopted Total or some of your other offers?
Is it the cost? Is it something else? What's holding them back?
I can do a quick one, then Bruno gives you the right answer. So from my point of view, what I hear is that many of the bigger players are indeed facing precisely what Bruno was telling, how their core services are facing headwinds. And they put a lot of management bandwidth and effort into resolving those. They are doing their absolute best to make sure that their broadband services and their mobile services would be in a better shape, in some shape or form. So they put a lot of focus on that.
And while they're at it, everything that has to do with billing, with customer management, product management and so forth focuses heavily on those aspects. And then there is less bandwidth left for what you could do with something like security. Whereas I would say that some of the other markets, they have already in a way emptied the bag with the core services and they are clearly looking forward now.
I completely agree with Timo. So that is the case. So we've seen some markets that are really advanced and they really get it and they are already there. And they have been working on their cybersecurity offering for years now with a lot of success. And they're really pushing the accelerator.
And we'll see a lot of things coming up next year also from those large markets. And then other markets that maybe haven't gotten that yet. And they're realizing that they have this problem. And many and some others are actually going in some directions which are not cybersecurity, like offering, for example, other types of services, like maybe even offering energy or offering other things in some companies. So they're all trying to go beyond the core.
That I think is almost everybody has realized that, especially for like the low, I mean, the markets where you have like really cheap telcos coming in with very low prices just to buy market share, the incumbent, the telco incumbent there is really suffering that. And they have to find ways to differentiate and add other services. And some of them are offering security, but maybe with not the right focus. And that's really what we have to work on. We have to really help them understand how security is profitable for them and how they will actually help them go beyond the core.
The onus is on us really to be able to convey these messages to C level of these very big companies.
Thank you. That's helpful.
Hi, Walter Ross from Danske Bank. Between Tier 1 partners, for example, are there any restrictions if, let's say, AT and T is your customer, can of their competitors be also your customers?
That has to be I mean, Richard Baterer really asked this from them. We are seeing that especially when you deal with embedded security, there are so many ways how you pull that together into an actual value proposition and user experience. There are so many ways that even from using the same components, the outcome can be drastically different. So from our point of view, you can differentiate and a lot.
But contractually, are there any restrictions in your deals?
We have no such contracts in place as far as I know. Sari can correct me if I'm wrong, but I don't believe there's anything that would stop competition. That's also regulation wise that would be very questionable.
All right. Thank you. Then on the addressable market, the figures you show, they kind of imply that there is also other players providing security services to these your partners or potential partners. So can you talk about that? Who are the competitors or what kind of players?
And how do you differentiate?
So depending on the geographies, they vary. Depending on the product segment, they vary. So if you're looking at readily available apps that can be co branded or white labeled, there are many different players from different gen digital brands like Avast, Northern LifeLock. There is McAfee, of course, there is in the U. S.
There is Aura, there is Malwarebytes, there is a whole host of players. If you go more into Asia, somebody like Trent Micro from Japan has been traditionally quite strong over there. Here in Europe, we have the luxury of meeting all of them. Then if you go to certain segments of the market like password management or you go into router security, then there is a sub segment of competitors. But if we then think of embedded, less competition over there, fewer players, names that we often bump into Bitdefender, McAfee, Bitdefender also in the app market by the way.
But Bitdefender, McAfee, our Trend Micro are names that we bumped into. Anything I missed?
So if I can be a bit more bold
How we win?
How a bit more bold there. If you look at what I like to call converged partners, so a partner that will have a solution for broadband on the router and mobile and PC or laptops, F Secure is the only one which is partner first. So you have other companies maybe like Bitdefender who have also SDK portfolio and they have a solution per router and they have a solution, but they're not partner first. So F Secure is the only one that is really partner first with that product portfolio that DL is going to talk to you about.
And that's the reason we win.
That's the reason we win. And that I think is really our unique value proposition.
All right. Thanks for a good answer. And last one from me for now. Again, AT and T as an easy example. If you look at their security portfolio, their security solution, How many other service providers are included in their portfolio?
And kind of because I'm assuming you're not the only provider.
We are the only provider.
Okay. So you can cover all the whole?
On mobile app, we are the only provider. We integrate also some third party technologies into the solution, but we cover the whole application.
All right. Great. Thanks.
Good afternoon. It's Matt Trejoek on Carnegie. I have three questions. First, when you talk about the consumer cybersecurity market growth of 6% and then the business to business to consumer market growing 3x, it sounds like a very high number. Because if we look at the listed companies and the known companies in the field, the usual suspects that you just described, actually many of them, we can't see that their growth would be that high.
So where does this market growth come from if it doesn't come from the largest players in the field, including you? And also going forward, if we look at the market estimates for these companies' growth, it's not even near the numbers that you're talking about. So there's a certain discrepancy there. Could you please explain that?
I'll just go ahead.
I'll go ahead.
Okay. So I think the main difference here is addressing that market with a B2C strategy or a B2B2C strategy. So addressing that market directly, which is Nordon and the rest, they are seeing a smaller growth. But what we are seeing is that if you address that market through partners, which is mainly what we do, the growth is much higher. And there's no other company that has this as their primary business model at this moment.
This is why we believe that there is huge potential to grow in that market with a B2B2C model.
Yes. So another look at this is that the big players out there in the CSP market have traditionally been reselling some of these B2C products. They've been reselling. They're not that interested in that model anymore. They are shifting to a model where they build their own product that competes against the big brands that we know from B2C.
So this is a different in a way new big, big players are entering the consumer cybersecurity market taking on the McAfee's and Gen Digitals in their own market by providing their own product. So that is the big difference. That market has not existed before. And it doesn't exist today, for instance, for Gen Digital. McAfee is doing its best naturally to play a role in there.
We try to make it as hard for them as possible and a fair game. But this is a new market and that's why you don't see it there. There are other companies who are more who have a partner aspect to their business and they are trying to go after that same growth as we are. But we are positioned, we believe, in a more ideal manner than they are.
All right. So you're basically saying that the market size and the growth is partly seen outside the traditional players' top line, it's the operators that are
showing it.
Precisely, that's it. That's it.
And because of that because of the what we mentioned before, because of the demand of the user to get cybersecurity solutions from the operator.
All right. Good. That makes sense. Now, your talk about this Android moment for home router business, I think it's a good term.
It's not mine. I stole it from the AT and T CTO.
Coffee with Stylus. So good. So would you have any practical examples of the names that are going to basically introduce that kind of services. I mean, when you say that most of the operators are doing it in 2025 and 2026, where can we see that?
I would love to show you those to give you those, but I'm not sure if I can. But you when you will see them, 2025. So 2025, you will see big operators launching in purple. RDK is already in the field. So Comcast is using RDK.
Charter. E
and T is using RDK. Charter, part of Comcast using RDK as well. So that's already there. But Purple takes it like at another level. It's even more open than RDK.
And the first deployments on Purple will come in 2025. So there's a lot of them there's some of them aligned already in the key markets, and we will see them in 2025, but I can't disclose the names.
The standardization happening in Purple, it's called Purple Foundation. And the founding members contain names like
What TNT, Verizon, Orange, Frontier, Vodafone. So all of the big players are behind that standard because it's in their best interest to make it really easy to deploy applications in the router because they would be able to go beyond the core and sell those applications in the router. So I think it's in their best interest. Until now it was very difficult for them because each operating each router that they had, had a different operating system, very tailored made solutions. And now they want to open all of that so they can deploy services in the router.
So that's the Android moment that's coming.
All right. Good. Then finally, when you talk about the penetration with CSPs, roughly 10% with cybersecurity services, How does that work? What's the penetration among these kind of new verticals like insurance companies, banks, etcetera? Is it kind of approaching the same levels, starting probably from a lower base, but how does it look it from your perspective?
Lower. Yes. Lower than
the 10% to begin with. It's a new market for them. There was a time, for instance, I moved to the U. S. In 2015.
And that moment in time, many of the big U. S. Banks were bundling for free like a one device antivirus product and those were not taken on actively and it became just a cost for these banks and then it was quickly discontinued. That wasn't a successful approach. Now the new propositions that especially insurance companies are coming up with, they are much more integrating some of their own products with a cyber protection type of a product.
And it's a new market for them. They're making very careful first initiatives, testing markets, training their own folks and learning the good habits in the industry. So they are starting carefully. Banks and insurance companies are not ones who bet the farm and go full speed right ahead. So the service take up rates are relatively low to begin with.
I think it's also a change in the consumers. As we saw before, I think Michael was mentioning and we had some data on that as well. Consumers see the CSPs as their natural provider for cybersecurity. So they are providing connectivity. So therefore, that should be secure.
So they see them as their natural provider. The insurance companies, maybe not that much. So I think we saw it was like 17%, if I recall, were expecting their insurance or 14%, we're expecting their insurance provider to that's way lower than what we're seeing on CSPs. So there's also less demand for consumers. They still don't see these companies as their provider of choice.
It could be that with certain plans, like for example, if they're offering some type of cyber insurance, it will make sense to bundle it with cybersecurity because they're related on the same thing. But that's not overall on all the insurances like your house or your car. They really don't see that their car insurance is going to come with cybersecurity. It's not that natural as your connectivity, for example.
All right. Thank you.
Good afternoon. Jorg Keturveinen from SEB. Given the importance of the security for the Tier 1 players or the large ones, security becoming close to their core, are you seeing risk them in sourcing their own cybersecurity? And how you plan to play the game against such kind of a risk?
Okay. So first of all, they've done this on business security side or corporate security side, enterprise security, whatever you want to call the market, they have done some insourcing. AT and T has acquired assets, Verizon has acquired assets, I'm sure. Well Orange has done that. Yes, yes, they've done that.
That's something where consultancy and the service element is much bigger maybe than the technology and the product element. In the consumer cybersecurity market, it's completely the opposite. These are not consumer cybersecurity technology building, app building companies. They are not built for that. And at least for now, I am not aware of any moves where major service providers in the CSP sector would have acquired assets in the consumer cybersecurity market.
I don't see that, that is a on our risk map, that's not one of our risks. It doesn't make our top 20 for sure. We don't have an active plan B because we don't get any indications of that. However, the CSPs are very careful at who do they choose as their partner. So you really have to be rock solid in your security efficacy.
You need to have research that drives the innovation and the efficacy. You need to have experience. And I would like to think working for F Secure that also the fact that we have hundreds of partners and they can draw from that experience pool of best practices or what works, that makes a big difference. If you have it in house, that's all you see. You have the they have a risk of becoming myopic.
But I don't see that risk. How about you, Bruno? No, no, I agree.
Yes. Good.
Thanks. Then Bruno showed the improving and rather high willingness to pay from a consumer side. Given this, why the growth has been so moderate over the past few years? Has it been because of the situation of the market or the stage of F Secure?
Yes. I don't know if I can talk about the past
F Secure. I think
you can talk more
about that. Yes. My sense. So there are partners who are decreasing in size from our perspective. And much of the good growth that we're seeing unfortunately is decreased by some of our declining partners.
We've indicated earlier that there are some players. We already touched upon this with another question. There are some players, for instance, in Europe who are having serious difficulties in their core business. And that's where all of their effort goes. And actually the order from leadership is stop doing anything with value added services or security and focus on broadband or mobile or whatever.
And that doesn't help us at all. And because they have churn, churning customers may have had security, so then we lose customers without any apparent reason. I would say that is the biggest one. Another example is we've had one partner somewhere in the world, which signed up to one of our competitors in like 2011. But they left their user base as is and they didn't want to touch it.
That was from Messick here in the past. And over the years, it's continued declining, declining, declining, declining. So there are such exceptions that actually unfortunately eat away some of the good growth that we're seeing.
Yes. And also I mean, if there's also market consolidation like companies being acquired by others, that also affects because like for example, there's some news now that, I don't know, Vodafone Spain is going to become independent or this other company is going to acquire, they're going to merge in the UK with 3. That really what we've seen is it almost like paralyzes the company and they just go back to the core and just try to do what they have been doing and not concentrate that on value added services. So that also affects because they kind of like put the pause on a lot of the things they're doing until they figure out how the acquisition is going to come and how what's going to happen. So I think that's also one of the drivers, I don't know, at least in the market.
One of our big partners, once again, big partners somewhere in the world made a massive acquisition. For practically 3 years, they did nothing with security because they were all busy with integrating billing and customer CRM and so on and so forth, like 3 years.
Okay, very good. Thank you.
Hi, it's Atre Higla from Indus. Maybe one question for me so we can continue the presentation. About the embedded security business, you said you have done tremendous job in the last one and a half years there. So what kind of investments you have already done there in financial terms? Or how many developers you have doing stuff on that business side nowadays and what kind of investments you're going to do there in the future?
Thank you for a good question, Ade. I'm not able to answer that. We don't want to convey the number of developers and so forth. But I will just say that in our own scale, we've made significant investments of money, research and development into this area. So it's been substantial.
And we will continue to make big investments in there. Maybe more of the focus will go towards new scam protection capabilities that are driven by our research. So maybe tuning a little bit down as we now have already quite a wide scale, but scam protection most likely will keep us quite busy. But it's been a significant investment, especially this year. So I would say that starting from roughly October, November last year, not even one and a half years, we built a portfolio that Niko Kiyukkonen will be presenting to you later today.
All right. Thank you.
Thanks.
And we
have no questions on the line.
Okay. All right. Thank you, Ina. So now we'll take a break. And I'm waiting for Ina's instructions how long we can take, okay.
So approximately until? 3. Okay. So about 37 minutes and we will continue. Welcome back then.
Thanks.
Thank you for the great questions.
Welcome back, everyone, and a very good afternoon to all of you here in the room and everybody online following us. Let's talk portfolio. Of the many reasons, one of the reasons why Bruno joined us. So we'll talk about the strategy, how have we been executing and the approach that we are taking in the future. And overall, how is this driving our growth.
I want to get us started by coming back to what are the biggest problems that we are solving. Timo touched upon those already, but I want to add a different color to talk about how it is shaping the portfolio. Timo introduced the impact of scam financially. Right? But if you look at the frequency and why it is the number one cyber security threat for consumers, over 60% of users we speak to have been facing scams on a monthly basis.
And as you can imagine, a substantial proportion of those go through a fairly deep sense of stress and anxiety. So it is the biggest problem, not just financially, but also emotionally impacting our consumers. We see scams differently though. And that's the point I want to make. Our competitors, industry peers see scam as yet another security problem to solve.
Most likely with yet another product, right? If you think about AV to solve malware, ransomware. If you think about identity monitoring product to solve or keep your identity safe on the dark web, all this is just another problem that needs yet another product. We do not see it like that. We truly believe that scams are an umbrella threat landscape.
That actually bring together all the threat vectors that exist out there. And systematically combine that with complicated and sophisticated social engineering techniques. Where scamsters then identify target and scam victims. And this is a very important distinction to make because this leads to what kind of solutions are needed to solve this problem,
Right?
The other aspect of scams, which I think is making a perfect storm moment, is AI. Right? It's not just enough for us to go back to what we have been doing and see how we can adapt. Because AI is truly, and not the good side of AI, is proliferating scams at a scale and with realism that is becoming the biggest challenge. If I'm honest, it's not the competition that I'm worried about.
It's the scamsters that I'm more worried about who have access to these tools. And we think it's our job to stay ahead of them. The rest will follow. The other part is, is it enough? Is it enough for us to build the best technology to protect against scams?
If you look at our data point on complexity, a sizable percentage, right? 2 of 3 or more than 2 of the 3 users we speak to find cybersecurity complex. Period. And we have not solved this problem as an industry. And I think with the point solutions that our competitors are bringing to the market, we are just making this worse.
And with the extent of the threat that scam poses, and with an average of less than 10% users adopting the service, you can imagine how many users are exposed. So we believe that the real problem statement is not just protecting against scams, but it's the way we deliver that protection and the way the users experience that protection. And at this point, to take us deeper into the scam pandemic, I'd like to call upon Laura Kankala.
Thank you, TL, and really happy to see so many of you here. It's such a horrible weather outside, so happy you made it here in one piece. And happy to see all of you online as well. My name is Laura Kankala. I work as Head of Threat Intelligence here at F Secure.
What that means is that me and the teams that I work with, we try to understand what's plaguing the Internet when it comes to cyber threats, problems, scams. I've been working here at F Secure for several years now, 2 years actually. Before that I worked as a cybersecurity consultant. My day job was to hack into companies to find vulnerabilities that could be exploited so that those can be fixed before anyone else gets in. And when it comes to scams and what TL just said, I find the world that we live in today quite worrying because this used to be the standard level of scams.
You would get an email or message, broken English. Finnish is my first language, so like broken Finnish would be the way that you would detect a scam. So this is the world that was once, but it is not the world that we live in today. And that is thanks to AI. With AI it's I hate to say it but AI makes cybercrime more easily accessible.
So even if you were not able to write a perfect love letter in the past, now you can do that with the usage of actual legitimate AI tools. So I'm not talking about tools that would be developed by cyber criminals. These are tools that are made for all of us. But cyber criminals and scammers, they have found the way how to use them to benefit their means. So today, actually, scams and cybercrime can be very, very convincing.
And actually, it's the most convincing types of scams that get you. So by looking at something, you are no longer able to tell if that is a scam or not. You can generate convincing text in multiple languages, images, audio, video. This is a deep fake of well, I'm deep faking our principal research advisor, Mikko Hupponen here. This is the capability available already today.
And it is only going to get better with time. And while video deep fakes are still a bit more difficult to do, that is bound to change, thanks to the advancement of that technology as well. What is already very, very easy to do is, for instance, voice scams, cloning someone's voice. With 1 minute, 60 seconds of my own audio of my own speaking voice as sample, I'm using again a legitimate tool to create an AI voice scam of myself. And now I'll play it.
I have written here, Hi, I'm Laura. I'm information security professional and an ethical hacker. Send me all of your money through my bank account. So this is now something I want AI to read in my own voice. Hi.
I'm Laura. I'm Laura, an information security professional and an ethical hacker. Send me all of your money to my bank account. Convincing? Yeah.
I think this could fool my mother even. And the reason why I'm giving this specific example to you is that here in Finland and globally as well, we are already seeing how these sorts of AI voice clones are being used to manipulate and trick people to do something that they shouldn't be doing. And AI is just one part of the bigger equation that I see. AI makes it easier for anyone to create their scam context to make it look good, to make it look convincing to people. But that's not all.
Today, this all relies actually on this ecosystem of different types of technical tools and capabilities that are available to essentially anyone. Anyone can go out there and buy a piece of malware. So you don't need to be tech savvy to do crime online or scam people online. And it's not only the piece of technology, but around when people are selling these pieces of technology, what they're also selling is knowledge. They are sharing information of how do I get people to install this malware?
How do I steal people's data? And this ecosystem is growing and is getting more mature. And not only that you can buy stuff, you can also get stuff for free. So you can just Google, for instance, toolkits you can use to do phishing attacks, so stealing people's information, pretending to be well known brands and their websites. All of these things are available to anyone and with very little effort.
So AI combined with this ecosystem of technological means of scamming people, that is the dangerous thing that I see. And when those things are brought together, that is actually why we are seeing this scam pandemic. And here at F Secure, we of course realize that malware and phishing, those are by far not the only means that scammers are exploiting and using when they're trying to get to people's information. So that's why when we look at scams, we want to look at them more, I should say, holistically. So we want to look at the scam like all of the steps of a scam.
We call this well, here we are calling it scam tactics and techniques framework, but we are also calling it scam kill chain. So we are analyzing each step that goes into a scam to understand what are the techniques available to scammers. And when we understand these building blocks that go into, for instance, how do scammers define the group of people or the individuals that they are going to target? How do they create the scam, scam itself? How do they contact people?
How do they hide their identity? How do they get access to people's data? How do they manipulate people? How do they spread the scam even further? And finally, how do they monetize the scams?
By understanding these building blocks, we can actually have a better look at scams overall. Because our aim is to understand all of the scams and their building blocks. Because ultimately, no matter what the scam, the main purpose is to exploit technology in a specific way. And if we can understand those ways and when we understand those ways, we can build better protections. That's all.
Thank you.
Thank you, Laura. Now that's a scam, right? So building A feature or B feature to try and calling it scam protection is not really scam protection. So we have to think about how we protect users from that. We'll come back and use this reference when we speak about the portfolio later.
But just shifting the focus a little bit on how are we shaping the portfolio? Where are we focusing our investments? And I want to call upon maybe 3 topics on how we're doing that. The first is that systematic shift from point solutions to holistic and a seamless portfolio. We have also been there.
If you recall my introduction slide, there was a time where you needed to solve some of these problems point. But very quickly, we have realized that if you want to address the umbrella landscape of scam and the umbrella threat that it poses, the only way you can respond to that is by building a holistic and a seamless portfolio where you can mix the capabilities in a form that responds to the entire scam and kill chain that Laura just showed. So that's the biggest shift that we have made and Total today is a great example of that. If you look at the scan protection, which is already Timo has highlighted, it's really our biggest area of focus and investment across the board. And what's important to understand is that we are not just looking at researching and developing technology capabilities to protect users against scam, but we are equally researching the user experience that is needed to protect our consumers against scam.
Right? We also deploy what we call research to production model. Right? While we absolutely have long term research that is happening, but we do want to make sure that to stay ahead of these campsters for the kind of tools that Laura was just showing, we need to be really quick in bringing new concepts, innovation and research faster to our product, hence to partners and hence to consumers. And that's the model that we apply.
And lastly, I think our focus on investment, I think, would be incomplete if I don't say that the third element of our focus is AI. Right? But with a twist. What I mean by that is, of course, this AI has come into prominence in the last couple of years with generative AI. But we've actually been deploying AI in production for over 15 years now.
Right from the early avatars of it, which was, you know, machine learning models and now to generative AI. And our approach to how AI is brought into the technology and product is, we don't spray paint AI and then look for which problem can we solve with it. We are actually applying AI to problems that AI can solve. And a great example of that is our scam protection module that is live today and already protects users from an SMS based channel. It's in production, it was the award that Timo was referring to, is fully backed by an AI.
And this is not just an AI that is looking at how to improve the efficacy of protection, but it is actually understanding the context of the message. And we are one of the very few and rare cybersecurity providers who have actually put this into production. I'm not dabbling on the sides with AI stamped everywhere, but very real results to show. And that's the way we want to tackle and bring AI to the market and look at how users benefit from it. Now what these 3 subjects put together give us is a truly comprehensive and seamless portfolio that goes across platforms, whether it's iOS, whether it's Android, whether it's Mac, Windows, Linux.
Right? It's a portfolio that's enabled by our research and protection platform, which has AI at its very core. So think of it like it's like our engine room. Right? It's an engine room where we have our foundational security capabilities, whether it's how we protect devices, how we protect users' identities, their privacy, how we protect smart home, and now, of course, how we protect users from scam.
That's where we build our core capabilities. And then these are rendered as value through 2 product segments. 1 we call total, which reflects f Secure's experience and an all intended experience for users. While I say that, it's something which partners can fully make their own, right? And that's what many of the segments that Bruno referred to earlier already use today.
And it's also one of our biggest differentiators. That without breaking any code, we allow partners to customize and make the product their own. Because scalability and repeatability is at the cornerstone of how we grow. So our portfolio is designed for that. The other aspect is, embedded.
And embedded is about building or pre building, let's say, the capabilities coming from the engine room into SDKs, right? These are like the building blocks that our partners use to build their own application. In that role, not only are we providing these building blocks to them, but we actually help and support and influence, in some cases, the experience that they want to deliver. And there we are sharing our best practices. We have a very strong design team that consults partners on how they should bring this experience to life.
And the range of partners that this portfolio serves goes from the biggest ones, the likes of AT and T and their product being called ActiveArmor to super apps that we have done with Fintech partners to managed WiFi Providers. I can see many familiar faces in the room because I know I saw and met many of you last year. And if you recall, I had no, I don't recall if I had the same slide or a different version of it. But we put this up last year and we set ourselves 2 key objectives. On Total, we said, how do we bring the best of Lookout Life and Total together?
How do we launch scam in a unique way? And how do we really raise the bar on experience? That is what we had set our objective for total. And on embedded, very simply, we wanted to build the broadest portfolio in the industry. Now the question is, how have we done?
And to answer that question, I would like to call upon Aero Koko and Niko Kyokanen.
All
right, thanks. So it's been amazing year with Total. We have integrated Lookout. We introduced our 1st AI powered scan protection capabilities and we have even updated our user interface. It's better for the consumers, but it's also an industry benchmark in terms of flexibility for our partners.
So let's look at some of the latest capabilities in a little bit more detail. So one of the most common types of online scams is a shopping scam. A shopping scam could be a faulty product that you can't return. It could be a product and it never arrives and anything in between that. And it is extremely difficult for the consumers to avoid these scams.
We see these in search results. We see these in sponsored links, in ads, and we even see influencers promoting shopping scams. So it is really, really difficult for the consumers to actually detect what shopping site is a reliable one. And from our point of view, we're actually combining multiple different sources with our AI technology to create the most comprehensive analysis of a shopping site. And this is a great technology to understand shopping scans and detect them.
While it's a great piece of engineering, it's actually not enough to keep the consumers safe. Why not? Well, the reason is that we're all busy. Even if I if I provide the latest information for the consumers, they don't have time to open another tool. They don't have time to start reading about the site reliability.
We're all busy. The protection needs to be seamless, effortless in the moment. And that is why the shopping protection is integrated into the browser. So as soon as you enter a shopping site, you'll see the site analysis directly in the moment. So, you know, if you're on a reliable site and it's available for you all of your devices.
We have this support in Windows PCs, on Mac, on Android and iOS. And there's no waiting, no additional clicks or effort required from the user. As soon as you enter the site, for example, on mobile, you see the icon, you can freely move it around and you can even press on the oops, sorry. You can freely move it around. You can actually press on it to get more information about the shopping site and the reliability if you're interested in that.
If you go to a banking site, the icon will actually turn into a banking icon and show you that this is a reliable banking site. But we also turn on the banking protection. So we will prevent other sites from stealing your data or remote access connections to the device. And this is all effortless to the users. You're always protected without any additional effort.
For the SMS, you already heard that we've introduced the award winning air part SMS protection. The important thing is here is that while the competitors are looking at malicious links coming in the SMS messages, we are actually looking at the entire message context. This means that we can detect malicious links, but we can also our AI can also understand if this link is related to the message context. So let's say you're getting a message from from a courier that a new package has arrived. Click on the click on the link to agree on the delivery, But the link is actually not taking to the to the courier's address.
Our AI can detect this and automatically decide that, hey, this is actually a delivery scam because we've trained our AI with multiple types of malicious SMS messages. We can also detect SMS messages even if they don't have a link. And once you have this protection on, it's seamless, always on and protects you without any extra effort from the from the user point of view. Now, finally, on the UI side, while our updated user interface is better for the consumers, it's also amazingly flexible for the partners. Our partners can freely decide what are the capabilities they want to show on the client.
They can change the look and feel, the colors, the branding. They can even change the corner radius of the different elements to make it seamless integration to the rest of their portfolio. Now this is not something that we just built on the main screen, but it's actually a key part of total and it integrates to the total user experience. The latest addition here are our partner quick actions. With these, our partners can actually bring their own services and their own applications directly inside Total.
This is a way for our partners to further differentiate their offering and promote the services and applications that they have. Now I hope you're as excited as I am about total. But if our partners want to build in their completely differentiated user experience from the bottom up, we have our embedded offering.
Thank you, Eero. So yes, let's take a look next into our embedded portfolio. As you heard already, Timo and Bruno, explaining why we are so excited about our embedded portfolio as well as what type of opportunities we see here. I'm going to cover what type of actions we've taken in order for us to come up with this portfolio during the last year as well as what we have learned while working with multiple strategic partners around this portfolio and also why we have a good reason to claim that our embedded portfolio is the broadest, the most holistic as well as the smartest out there. Let's start with the broadest.
So what you know today has the most holistic security application, I. E, our total, we have taken those individual security experiences and converted those to be available in the form of embedded SDKs. That also, of course, includes what Eero just presented, so the trusted shopping, SMS scan protection, both available in form of embedded SDKs as well. But that's not all. We have also already productized embedded first SDKs, which are available for our partners in form of an SDK that we don't yet even today have launched without auto.
So that makes the portfolio the broadest, right? What we are also doing to make it also holistic, we are not focusing on creating these SDKs under single security experience only, like for example, identity. We cover all the different security experiences. So we protect the device. We offer the scan protection.
We have the home security for the routers. That makes our portfolio then also holistic. So why this is then important? Well, what we have is also the flexibility. So our partners have the right and freedom to pick and choose from this large number of different SDKs, the ones that are bidding the best into their branding, marketing app needs.
And it's not only that. Due to the fact that we have large number of these different SDKs, that enables also huge number of unique combinations of these SDKs to be built in form of the applications. That allows our partners to differentiate, which is hugely important. One aspect of that differentiation is like visible here. So if you look at the application samples here, on the left hand side, there is a security power app that takes many of our SDKs, integrates it together and offers a holistic security proposition towards the end users.
On the right hand side, there is a fintech app, which just integrates our identity experiences together with the financial oriented application. In the middle, there is a Wi Fi management app, which takes our home router security and integrates that to be part of the app. Bruno already mentioned the like importance of the router security in our portfolio. That's also one aspect of this holistic portfolio what we can offer. Our CSP and ISP partners are expecting their providers to be able to cover all the products from security solutions point of view what they offer to their end customers.
This broad portfolio what we have makes us really a unique provider in the market. We are one of the few ones that can offer this holistic proposition for our CSP and ISP partners. But it's not only the like number of SDKs that matter. And now we come to the smartness angle. So we apply our partner first across the embedded portfolio as well.
One level of smartness what we implement is within the SDKs themselves. We are offering cross SDK experiences out of the box to our partners. So that, for example, if you place your personal information to our secure vault, that same information can be also used to trigger and activate your identity monitoring. These are seemingly small things, but very important for a good user experience. And this is why and how we help our partners here.
The smartness is also part of the tooling what we offer. This was also mentioned I think Timo mentioned our developer portal. But it's not only the like documentation what we offer for our partners. We also provide purposefully built tools like our sample app, which has testing capabilities for the developers so that they can fast and easy manner verify and validate their designs. And with this whole thing, we can then enable our partners to ramp up these experiences fast and easily.
It's not enough today to have only these SDKs. What we are doing behind the scenes, we are also enabling cloud to cloud integrations against our existing partner cloud infrastructure. That is important for them to be able to activate the users, get the notifications to the users, build insights based on our data combined with their application data. And this is where we have done big steps as well during the last year. It doesn't even stop there.
We also provide our partners the possibility to benefit from the decades long experience what we have in terms of building great user experiences on top of the security products. Many of our partners do not have that capacity or competence. So we offer them with UX consultancy that they can benefit from in terms of creating the best possible UX when they combine our security features with their unique application capabilities. We are also supporting them naturally in their application development, pre launch, go to market, post launch activities. In two words, we care.
This model what we've applied, we've gained very good feedback so far. We have also implemented already many improvements. We will continue doing the same. So we are not saying that we are ready here and we are definitely not stopping here. We are continuing to improve this for our partners.
What we are going to focus next, like it was mentioned already, our target is to bring more and more of the innovation the form of the SDKs to be available for our partners. And here I can refer to Laura's excellent presentation what you can think of what we are planning to do there. Also, we are going to increase the usage of AI across the embedded experiences. That's important for us as well as it was mentioned by Thierry as well. So with that, I ask Thierry to come back and take it over from me, please.
Thank you. Thank you, Nico, and thank you, Eero, again. Just to put this in perspective, everything you heard from Nico is give or take 15 months. So it just reflects what Timo said, the breakneck speed. The necks are still intact, but we're certainly going fast.
I want to before we go to the growth dimension of how the portfolio is driving growth, I want to add a few maybe aspects to the portfolio. Nico spoke about the holistic nature and how we are bringing these capabilities together. And I want to bring back a point that Bruno mentioned in his section about the opportunity with convergence. So convergence is really about converging the user experience to begin with, right? And the way we look at total embedded, within embedded, all of it being powered by the same engine room, which we call research and protection platform, is fundamental for convergence.
Right? I think there was a question in the previous section and I think Bruno mentioned that we are one of the only players who can bring this together. And this again speaks to why and how the portfolio is positioning us well to capitalize on the opportunity with convergence. So far, you only heard the broadest portfolio. From this slide on, it's also the smartest.
I think that's important to note. And I'll conclude the portfolio section with one key distinction. I go back to the slide that Errol had shown. And I want to play out a couple of scenarios for you. There is a web shop.
As a user, let's play this out. As a user, there's one option where you go to a web shop, you do your shopping, you browse an e commerce website and you have a nice beautiful icon that tells you that you are safe. Scenario b, you are a user, you go to web shop, you take out a camera, you're actually on the phone, so you take out another phone, you take a picture because you don't know if this is a real web shop and you send it somewhere. And then you wait for it to tell you if this is a good web shop or not. Which experience do you think the users will want to adopt?
Any guesses? Maybe I can guess for the whole room. I certainly want an experience that is non intrusive, does not bother me with what I actually want to do, And does the job of protecting me when I need it. And if I were to summarize the portfolio, I would say that is the difference between f Secure and what everybody else is doing, at least with scams. Okay, with that, let's talk about how the portfolio has been driving our growth strategy, right?
And we spoke also last year, and I think Bruno mentioned it in his section, there are 2 key pillars of our growth strategy. 1 is how do we drive greater value and growth from our existing installed base, right? We have a huge number of partners and consumers behind them. How do we consistently move them to a higher value product and that impacts ARPU and growth. So last year, we have increased the annualized ARPU with total by 9% in the partner segment And by double digits in the direct consumer segment.
Not only that, of all the users that we have, of course, on the security suite, 24% of the users are now on multi module total. That means these users have access to a minimum of 2 value modules from total. And we have more modules, right, just to put this in context. This number, when we met last year, was 9%. So between when we met last year to now, we have more than doubled the number of users who are on multi module total.
And across our entire base of partners, 42% of partners are on multi module total. So overall, I would say, we've had a good year with Total and driving the strategy of value from our installed base. Having said that, I think both Timo and Boonu noted the opportunity that still exists, right? There is still 76% users available for us. Realistically, maybe all of them would not get there.
But the sizable portion of that number remains as an opportunity for us to drive value and growth from. And this is both from moving the existing base to a higher value, but also upselling newer value added modules and features into that base, right? And that will continue, especially into the major accounts and commercial accounts, where a bulk of these partners sit. Our second growth driver was with embedded. How do we get scale?
How do we go after scale? Of course, led by our strategic accounts and the tier one strategy. How have we done? So not only have we built the broadest and the smartest portfolio, we're actually delivering it to 4 of the 10 tier ones globally. And you can see that as 4 of the 6 that were mentioned earlier.
We are delivering this portfolio to them. And that is giving us access to 20,000,000 monthly paid users, approximately. And needless to say, there are many more opportunities in the pipeline to follow. So on embedded, we've had a very good year. Not only in terms of building out the portfolio, but actually playing out the growth strategy in terms of accessing scale.
Bruno mentioned about the standardization of the routers. And I would like to add that F Secure is also a part of the Publ Foundation, along with all the carrier names that they were mentioned. So we are actively in both the Purple and the Broadband Forum, contributing and influencing and in that standardization process, which means we have had a portfolio that's ready for Purple. We already have RDK deployments. So we are ready for this Android moment from a portfolio point of view.
But the other dimension is even more interesting. We have been actively investing. And if I may say, we've built the biggest ecosystem of partners in terms of auto manufacturers, wifi providers. And they will all, at some point, move to 1 or the other. And between them, that's giving us access to more than 50% of the CPE market.
So overall, if you look at both the portfolio dimension as well as the ecosystem dimension, we are well placed to capitalize on that opportunity. I want to close by talking about our approach that we're going to take. Timo touched upon this sort of combination of security and how we secure the users, but also how we do it. And that is an approach we call trusted companion. Right?
And we truly believe it's a very unique approach that looks at not just protection, but focuses on truly reimagining how the consumers will experience this protection. And if you look at where it begins, it begins with going back to the word we have now used across all the three sessions, holistic. Users expect a holistic and a seamless sense of security where we prevent scams, protect users from scams and in those rare cases, are able to restore and support consumers financially and emotionally for those who do fall victim, unfortunately, to scams. The prevent part here is quite interesting. Because I think it's quite I think it's been sort of underplayed in general, I feel.
But if you think about getting the right information, relevant information, at the right time to users, we truly believe that we can prevent users from even getting on to a list of victim. And that's where the protection starts. With protection, of course, what you see at the center, these are not features. Right? We don't do URL protection and call it scam protection.
This is shopping scam, banking scam, investment scams, gaming scams, romance scams, employment scams. Right? I refer back to the picture that Laura was showing. That's the scam. And that's going to need a lot more than one feature to try and solve it.
And that's the protection we want to offer. And then what you have seen already in, arrow section with total and SMS cam protection, I think there are 3 extremely critical elements that makes this approach unique. It's to how we deliver this protection. Right? I again go back to that example of how do you want your shopping scam to be protected.
Do you want to keep taking pictures or do you want it to be in the moment? Of course, you want it to be in the moment. And that is extremely important. We do not want users to be distracted, disturbed from what they're actually wanting to do. We want to deliver an organic security experience.
It's our job to know that there is a scam attempt. It's not the user's job to know that, oh, this might be a scam. If they already know if this is a scam, well then what good is the product? So I think that's the important part of where it shows up. Context.
I already mentioned with the SMS protection, for example. It's not only enough it's not enough for us to know the channel. The context of which channel is being used for scam. But also, what is the intent? To go to the steps that Laura was showing, we will have to predict.
Learn and predict that this was intended to be an investment scam. So that we can give and take the right next actions from there. So that's how the context plays an important role. And finally, we all live, I think, in a world where everything we consume digitally is personalized. Right?
Can you imagine Spotify not telling you what you want to hear? Or Netflix not showing me the content I want to consume? So if entertainment can be personal, security, which by default should be personal because I behave differently than probably everybody else in this room, I want my own security profile. And that's what brings us together. And I'll finally say that in addition to the core capabilities, right, when we speak about research, there are foundational capabilities that we still need to add, right?
Some of them are already existing, but we need to keep enhancing and going deeper and deeper and deeper in those. And these are about right from the channels that are used for scam to how we can crack social engineering. How do we truly understand how scamsters reach the victims and how do we get behind those. And as you can imagine, all of this is cannot be done without AI. Right?
The contextual, the personalized and understanding social engineering. These are areas where we will apply AI. So that was my my section. But before we go to the q and a, we would like to play a video for you that I think very well summarizes what you've heard from us since morning. And I think truly captures our passion for security experience.
Scams. Scams aren't just evolving, they're exploding. They're smarter, faster, nearly impossible to detect. But when others see chaos, we see patterns. While they see confusion, we see clarity.
Because we don't just fight scams, we understand them. For millions of people, staying safe is complex. It shouldn't be. That's why we're making it simple, seamless. We're revolutionizing protection.
Using AI not just to react, but to predict. Not just to defend, but to prevent. Working silently, tirelessly, protecting your every move. And we're not doing it alone. Together with the world's leading service providers, we stand united across continents, connected across cultures, protecting millions who dream, create and connect every single day.
This isn't just about security, it's about trust. This isn't just about technology, it's about transformation. We're not just changing how protection works, We're changing how the world stays safe. Every digital moment, every connection, every time, have secured.
Thank you. So that was all about the portfolio. You can take some questions and maybe I'll like to invite all the other speakers on the stage as well.
Malte Rosy from Danske Bank. Just to make clear, at least to myself, is it so that the total portfolio is meant to be addressing major and commercial partners? And then the embedded is for Tier 1s?
I would say that there is no hard line that says that Total is not usable by Tier 1 partners. We have some that use Total. So there is no restriction. We're not drawing any boundaries of what portfolio is used in which segment. That's why we call it a portfolio that's truly seamless.
But if I look at where there is a more natural affinity for which partner is looking at what kind of portfolio, then I would say that major and commercial accounts are certainly inclined more towards total and strategic accounts and strategic partners are inclined a bit more towards embedded. But we absolutely see the possibilities of us to take this portfolio across all partner segments. In fact, in the embedded pipeline, we already see some, let's say, major account and major partners who are seeing a business case and they're seeing the value of building their own services. So it's there is no hard and fast rule, but I would say that the inclination is towards that.
All right. Thank you. I actually have a question for Timo, but he's not there. So maybe I'll save it for a while. Hi,
Felt Jensen from Nordea. A couple of questions. Firstly, on the clarification on the ARPU uplift figure that you said 9% year on year. Was this referring to the increase in your total ARPU in the partner channel? Because previously, you've talked about like plus 20% ARPU uplift per customer when they shift to total.
So I just wanted to get a clarification there.
No, actually, so what we have said in the past is that when we shift the base to higher value, the ARPU impact on a per customer basis is expected and we see anywhere between 0 point or 20% to going up to 80% to 100%. That's what we have said and that is still true. What 9% represent is the annualized ARPU. Why? Because the partners adopt total at different points time in the year.
In many cases, they are looking at first introducing the multi module total to only new customers, whereas the base is still remaining on the lower value ARPU. In some partners, they are moving the entire base to the higher value ARPU. So there are different considerations. When you analyze this entire and average this out, we have still seen a 9% increase. That's what it means.
Got it. That's clear. And on scam protection, you're not the only consumer security company that talks about it. So do you feel like you're a front runner in this area? Or have you been a more reactive player to what the competitors are doing?
We think we are absolutely a frontrunner in scam protection. And for some of the reasons that I mentioned and again, I would not claim that we are the only one talking about it. Certainly, our competitors are talking about it. But they're talking about it in the context of, like I said, it being another threat, another problem that needs to be solved with another app. And the other perspective being that the experience of the way our competition is looking at it is very much that the user needs to know.
And that is what I think fundamentally separates us from what competition is doing. And that's the area of research and that's the area of differentiation we are absolutely going deeper into with our investments, with our research, both on UX and experience as well as technology.
Got it. And finally, can I just at least refresh my memory on the economics of the embedded security business? How does the revenue model work and the revenue sharing with the partner there? How do you make money on that business?
I'll hold that question because Sari has specifically, I think, a slide just to answer that.
Okay. Fair enough. I'll look forward to that. Thanks.
It's Matt Trejkoen, Carnegie. Related to the economics of this embedded security and additional contracts in Tier 1, what in practice do you need to do when you sign a new contract? What kind of investments does it require from your side? And is it kind of when it starts to run, is it is there a step increase in the hosting costs, additional dedicated team? Where does the cost base come from in addition to the kind of normal investment in R and D?
I won't speak to specific numbers. I'll leave that for Sari. But I think like Timo mentioned, the last year has been, of course, a year of very focused and substantial investment because we had to get the portfolio to this point. But the principle, not just with total but also with embedded, very much remains repeatability and scalability. And I think the breadth of the portfolio we have now allows us that a let's say a massive proportion of the scope tends to be coming from what we have.
So in that sense, the investment, I won't call it investment, let's say the cost associated to when we have to deliver a project are around that project, which means there is work to be done to do some specific integration. Niko spoke about cloud to cloud integration. There could be a variant that the partner has. So that's just honestly business as usual when it comes to such sort of projects. But it's not that we have to create portfolio every time we win a partner.
I think that is the investment we made last year already. And now we are scaling this out with the existing deliveries that I mentioned and as expected also with the cases we see in the pipeline.
All right. Thank you.
We have no questions from the line.
All right. Thank you very much. I'll call on Sari.
I think he has still a question. Yes.
Ater Rykla from Indus. Maybe just a quick product related question. At least I have seen lately news about those QR code scams. So is there like some business opportunity or idea to build some capabilities to your scam protection product for that?
I think you're the perfect person to answer the question. Laura, do you want to take that?
Yes. Sorry. So yes, for the QR codes, that is an interesting topic definitely. But for us, we see QR codes as links. So what you do when you scan a QR code is essentially you open a link.
And fortunately, we have already like plenty of capabilities to detect those. But in some instances, of course, we could think of some further innovation. But I will have to give the boring answer that QR code is a link and therefore, it's a rising threat for sure, but we already have a lot of capabilities around that.
All right. Thanks. So we are prepared as the so again, I think I go back to the point, maybe, Sahid, different aspect of the response is that that's the reason why we are building the engine room of capabilities. Because like Laura said, QR codes are a combination of links that are out there to scam you. So the answer is not that what are we doing for QR codes.
The answer is that we have the core capability to respond to a scam that's based on QR code, but look at it in this holistic dimension. So we are well placed to to respond to that as it scales, the problem scales. Now I'll wait if there's anybody I missed. All right. Thank you very much.
Sorry.
Thank you, Thiel. Good afternoon. I hope you still have energy for the final part of this day. The main part of my presentation is to talk about our updated medium term targets, which we published yesterday. And I will dig a little bit deeper into some of those areas, then a couple of words about the ESG area.
So this is what we published yesterday, updated medium term financial targets. And the four areas are exactly the same as before. And I'll start by just going through what we actually are saying here. So in growth, it's 2 parts. High single digit growth, which is those of you who remember that's how we started with the independent f Secure, the same target as we had.
You heard Bruno talk about the industry growth around 6% and how we see that it can be higher than that for ourselves being focused on partner business. So we feel this is a reasonable target and this is where we aim to be without any significant changes and additions. But then there is the addition that there is significant upside from major Tier 1 deals. And this comes back to this Tier 1 business that we've been talking about for the past year. We see there are big opportunities, but there are many ways how you can call this business.
We have talked about binary and digital and lumpy business, where it can take a long time to get a deal. It can be a long time and we don't know whether we actually get it or we don't. We don't know if it takes half a year or if it takes 2 years before we can launch something. So we can have several scenarios, but there are multiple outcomes. And that's why it's really difficult to give a number like we had in our previous guidance.
And what we the significant here means that if we have a significant deal, then that's something that we would publish as a stock exchange release. And exact numbers, what is what the threshold for that is, is also a bit challenging because the ramp up times of the deals are different than the lengths of the contracts. But let's say that if we talk about tens of 1,000,000 during a contract period, which could be 3 years or 5 years, sort of ballpark type of numbers. Profitability. Adjusted EBITA margin approaching 40% as revenue reaches €200,000,000 Here is the €200,000,000 that we've mentioned before, which we still believe that we are going to reach.
The point here is that you don't see a year when we are there, but there is a size. So we are in a scalable business and our profitability scales with the size of the company. So that's why we wanted to present it in this way. Dividend policy, similar to what we said before, around or above 50%. But then there is this addition that which can be adjusted as long as leverage is higher than the targeted level, which is basically now.
We are now in that situation still for a while when leverage is higher than the targeted level. And this gives us the freedom to have a lower dividend. You have asked us many times that how does the liquidity work with the high dividend and loan repayment. And we have also seen that there is a challenge to combine these, and that's why we have added this. Leverage target remains the same that we want to get lower than the 2.5 times.
And what has then changed here if we look at where we come from? So first of all, you see that we have taken out the sort of time perspective that earlier we said that this was by 26%. Now we don't we just say medium term. Of course, medium term is still sort of the 3 years ballpark. But now this can be valid also next year for the next 3 years.
And in terms of the growth, the positive thing is that we see that there is a strong Tier 1 pipeline. It is in our hands and we really believe it will happen. But then the lead times are along. And then we've been mentioning this in a couple of our interim reports already that we have some challenging customers that have then offset the good things that happen in the other areas of the business. So in that sense, we are a bit late from our original schedule.
But also, I think it's really important that there are multiple scenarios. This is something that we are learning also internally to deal with the scenarios. And there is a scenario that where we could reach the old target as well, but it's maybe not the most likely scenario and it might take a bit more. But definitely, we are going for the SEK 200,000,000. There is no question about that.
Then the profitability. So still remains a fact that this is with high gross margin even if it's lower than earlier. So it's a very nicely scalable business when we grow. We have now made lots of investments into our capabilities, which you have seen in the profitability and in the OpEx levels CapEx levels. So that has maybe been the key reason why we have now come from 42% to 40%.
But again, if we grow more, so we see that it will continue to scale. And then there are these ramp up impacts. So I think most of the cost ramp up has happened. Of course, when business grows, we still need to do things. So in that sense, we are not ready.
And we have the ongoing restructuring in the company where we are also saving money to invest again more. So there are capabilities at our maturity that we are still working on and the customer projects. But really, when we mentioned on the previous page actually, there was the subheader which refers to this SEK 25,000,000 as a ramp up year. So that especially refers to the top line. So when we say this in terms of CAGR our growth, so you should not just use a ruler, but can assume that leveraging the pipeline and ramping up the ongoing customers will take some time.
So not the fastest yet next year, but definitely believe in the future. Then in dividend yield and leverage, so this liquidity and debt repayment are sort of facts of life that we are balancing with those and what we will propose for dividend next year so that you will hear then when we release the results. But now we have some freedom here. In terms of the debt repayment, so our originally, the loan we took for the acquisition was 3 plus 1 plus 1 years. And currently, we have exercised already one of those options.
So after 4 years, we would have some SEK100 1,000,000 still of the loan remaining and after if we use the last option, so then SEK5 €5,000,000 It's around €70,000,000 So we need to refinance at some point anyways. So the question is that how and when we do that. PPA amortization, so of course, they are not visible in EBITDA, but will have an impact on our EPS. And there the lifetimes are 5 to 15 years, mostly 15. So those will continue for quite a long time.
Then we if we dig a little bit deeper into the revenue part and this is especially around the Tier 1 dynamics, which you have also asked about several times. So a little bit going through with what kind of components we have there. The same components also can exist in the major and maybe not so much in the commercial partners, but major. So in that sense, nothing new. But now as the numbers are so big, so good to go through.
So not in all, but in many of these deals, there is this NRE fee, Non recurring engineering could also be called setup fee or project fee, but NRE is typically used. So there, when we sign a contract, so after that, we can invoice this. And it's recognized over the whole contract period. So let's say, it would be contract 3 years and it would be €1,500,000 So then it would be €500,000 per year that we get revenue from that. So big difference between cash flow and the actual revenue.
Then in many of these, we have annual maintenance fees. There are some cases where actually the whole service is paid on annual basis. That's not the norm. But something like this can exist. And then those would be invoiced once a year starting from the time when the service is launched.
So again, invoicing only once a year and then recognized over the period. But then of course bulk of our revenue would come from the actual services, which are typically based on subscriber numbers. Sometimes there could be revenue share, but often it is a price per subscriber. And these cases billings and revenue equal each other on monthly basis. So in that sense it's simple.
And if we start with the new service, for example, this case that we announced in March, so it is a new service. And then the success of it depends on how successful the product is, how do consumers appreciate it, how well the marketing goes, how much marketing is done and so on, so normal business ramp up. And then there are cases where it could be actually either an existing product, which we maybe can take over from a competitor. So that also can happen in this business. So then either through some kind of stepwise migration or even overnight.
So we could start not start from 0, but start from a bigger amount. And after that, again, it's normal evolution of the product. From revenue point of view, it could be a similar pattern if there is a this is part of a bundle. So again, there is immediately a base that we get paid for. But then of course, the business logic is very different because then it's not only our product, but the whole bundle and how that works.
But typical components and the way how this works in our revenue. But if that was more for the strategic Tier 1 partners, so then of course this total that we have talked about is also very important and more in the major and commercial partners. So here in this graph, on the left hand side, you see the bar that we showed last year when the multi module total was 18% of this total revenue. So we have made here huge progress. So now it is already 47% of the aggregated amount here.
And that, of course, is a bigger number than the number of subscribers because here the ARPU is higher. And the aspiration is that we get rid of the purple part, which is like legacy platforms, legacy products. But we expect there to be some maybe use cases or then some slowness where it remains as a single module product. But clearly, bulk of the revenue should be in multimodule total. Then a couple of words relating to the reporting of the Lookout Life acquisition.
We have since the acquisition, we have reported the organic growth, so the old F Secure growth numbers. And that we will then discontinue at the end of this year because now the years have not been comparable. So it's been logical to tell that. And then as of next year, so Lookout Life has been also 12 months in the comparison period. But good to remember that it's still not quite apples to apples.
You see this purple part in this graph. And it is numbers that we have told in our interim reports, but might be sometimes a little bit challenging. So related to the accounting in after an acquisition, so the deferred revenue is fair valued and that has had a major impact still in Q1 this year. And after this, the numbers are smaller and will continue until April next year. So now the 0.2, 0.3, it's just in the middle of those numbers.
So it's related to the AT and T deal and then the original contract ends then. But we have a new contract with them, so don't worry about that. But good to if you want to compare apples to apples, so you need to take into account those purple numbers. Then looking at funding and what we do with our cash flow. So of course, the first thing is that because we want to grow, we need to fund the growth, which we have been doing.
And we look at rule of 40, we want to ensure that we are optimizing the profit and growth. And here we have actually used during the last couple of years a little bit more both OpEx and CapEx to ensure that we get the future growth that we really believe in. And then what is left after that, so it is we have the debt that we need to take care of. You see that leverage has gone down, but now at 3.1 percent still way to go to get to the 2.5 percent, which is the target. So that we are working on and then balancing that with the dividends that we have been already talking about.
And then typically you also ask about M and A. I would say that this is not the focus area. Right now we see plenty of internal opportunities, everything that has been talked about during today. But if there is something that would be appealing, it is within the scan protection area, within AI and anything where we could deliver like relevant differentiation. But with this leverage situation, so of course, currently the financing is not obvious.
So it would be something smaller. And if there is something like bigger and super relevant, so then we would need to think about a merger option rather than acquisition. And then when the financing situation gets stronger and we get to the leverage target, so then of course there is more freedom again. And yes, about the lookout life. So there, of course, integration has been completed, like we have said, and the synergies are tracking quite well.
So any new Tier 1 opportunities would be counted as these synergies. Then just a couple of words about the ESG. So here, of course, from reporting point of view, this is a major topic and things have changed a lot. Already the 2023 sustainability report was much more extensive than the what we started with, but now it will really be a lot. And of course, it's done based on the regulation.
And I think that probably the sustainability report will be around 160 pages or something like that, so plenty to read. And I think earlier there's been some questions about how we are disclosing things. So then I believe that then we are disclosing everything that is needed. But our key commitments remain the same that we have talked about earlier, It is about protecting digital moments, protecting people. And this is we see that we are in a very nice business because our business is already like very sustainable.
And when we get the question how we are do we have sustainability incentives, so we actually see that looking at our revenue growth that is a sustainability metric. But also in our incentives, we look at the employee satisfaction, that is also. So there are basically 2 sustainability metrics in our on our agenda. Of course, responsible business, we that covers corporate governance where we need to do things right, but this is also where we see the environmental part. Our footprint is pretty small, but of course, we need to deliver our own share.
And we are still considering the SBTI decision, but targets are already aligned with CSRD and Paris Agreement. And fellow experience is another part of this social area. So of course, it is important that we take care of our fellows. In our cost structure also fellows are the key and they are the ones who are actually building our future. So we need to ensure that they are happy.
So key takeaways from f Secure Equity story. So we are a scaly, highly profitable SaaS business and with a very strong cash flow. And we are already now a global leader in the CSP channel. We've been that already for a while in the Tier 2 and 3 segments. But now we also see a path to the Tier 1 area.
And we are very well positioned through our partnerships. So I hope you have enjoyed this message today. And now we can all take questions. Sorry, actually, Timo will say a few words before we take the questions to everybody.
Timo always has a few words to say. So I hope that we covered now our growth story in a way that you understand better why we believe in what we're believing in terms of our potential growth. As Sari said, we published our new medium term targets just yesterday. And naturally, you need to understand why we use those very numbers and how we believe that those are achievable. So we started by me looking at how did we do this year, what is our company strategy, what is the problem we're solving, how do we differentiate from the rest.
Bruno went through the market dynamics. Why do we believe that especially what we call strategic partners, the Tier 1s are the opportunity to capture right now and why we are in a position to win in that market? And then TL and the team was going through why can we actually offer something in terms of a value proposition and concrete offering that strikes a chord out there in the market. Hopefully, that made sense. I whispered to Tiel later on that I would buy the story and the goods.
Now that's what we've gone through. And now I'd like to invite my colleagues over here, if you don't mind, to take questions. I believe that there was at least one question for Waltherij, which he said that he would like to ask from me. So there is at least one. So please.
Hi, it's Alta Reikola from Indres. Still a couple of questions left. Maybe first about the business case where you jump into new Tier 1 and just replace the existing cybersecurity vendor there and you start immediately get or we see a bump in your revenue. So are you having like lots of that kind of discussions with different partners? Like a real possibility in the short term?
Yes. I would say that those partners who go and immediately convert their whole base to our service, they are not the majority. That's almost an exception, but there are definitely some which can be really noteworthy. But it's not the typical way. The typical way is to gradually grow, which is what we're seeing in 2025.
All right. And then about the profitability target, let's say, you're still aiming to grow every year and it's still you're saying that you need to reach the CHF 200,000,000 revenue level to reach the 40%. So it seems like your growth is not that scalable in the coming few years. So where is it all of that growth going? Or is it ramping up those Tier 1 capabilities?
Or where is the money going?
So I think that Sari presented it quite well. There are investments we need to make in the generic R and D. There are projects which are taking quite a lot of time. We signed and announced 1 Tier 1 deal in March this year. That is going live towards the end of this quarter.
So it takes quite a bit of time. And then to ramp it up, it takes once again quite a bit of time. There was no previous service that we replaced. It's a completely new service. So it takes time.
From our point of view, the Tier 1s provide us with the opportunity to have bigger jumps every now and then. In our typical major and commercial partner world, it's all phased. I would still say that this is a very much volume driven in terms of profitability. We have made massive investments and we will continue to drive the scam protection agenda heavily in research development and promotion, becoming a thought leader in the area. So yes, we are making investments.
Growing revenue, better profitability. The scale is there scalability is there. Sorry, what would you say?
I think that was very good.
Okay. All right.
Maybe then about the growth target. We know that the market situation hasn't been that good in the short term. So how much you're leaning on those targets that the market situation improves?
Not at all.
All right. And then last question. I know that the interest rates have been coming down, so how is it affecting your cost of debt? So floating rates and what Euribor is it tied to?
3 months Euribor.
All right. Thanks.
Felix Hendrickson, Nordea. Three questions left. On the growth target, I mean, if you look at the current consensus estimates and basically also your stock price, the market doesn't really seem to be buying into the high single digit figure also because you haven't really been able to demonstrate that level in the past. So I guess my question is, you've outlined very well today on your own expectations, but when can we expect to see a pickup in your growth rates in the firm numbers so that we can get convinced about this target so that it's not just wishful thinking?
There is no wishful thinking anywhere in our planning. It's based on analysis and experiences that we have from our business. Our own view is that in 2025, we will still see some more moderate growth towards the end of 2025, hopefully picking up speed. Then if we land major new strategic partners, that may change the picture. But that is something that will then we will communicate when those things would happen.
So
When we now announced the medium term target, so we had this like 25 disclaimers. So please don't use a ruler was the idea of that sentence. And of course, the 2025 guidance where the proper outlook will be given then in when we announce the full year results. So then of course we will tell more. And if there are any of these significant deals, so there will be stock exchange releases and then we will there try to outline how they will ramp up and what of these scenarios that I was showing that what can be expected to the extent that we are able.
Great. Then can you give us any sense of the magnitude of the drag coming from the declining partners that you've highlighted now more recently? How many 1,000,000 of euros are we talking about if you annualize that, for example?
I think the best we can say that you've seen negative growth numbers in Europe. So those are the reason for that. And there are still the growing total parts included in those numbers.
Okay. Fair enough. Then finally on CapEx, how should we think about that going forward since you have been capitalizing your R and D costs a bit related to the embedded security ramp up? What's the sort of prudent run rate going forward that we should expect?
Yes. Of course, it's been increasing quite a lot if we look 2 years back. So now it's many fold what it used to be. I hope that it's not going to grow with the same rate. But no like exact details about that.
The assumption is that if there are clear investments that are related to customer delivery, so those would be CapEx that amortized over the contract period. But also as our like SDK library develops, so it should be less work because something is already available off the shelf. And I hope that the infrastructure type of investments are smaller, at least the independent parties is done.
Thanks for the presentation.
Matt Trego, Carnegie. I go back to the operating leverage assumptions behind your long term targets. You have tied your margin target to the €200,000,000 revenue rate. Now the market is expecting roughly SEK 160,000,000 in 2026. And I was just wondering that what kind of scalability assumptions you have in the 40% €200,000,000 I mean what happens if you deliver just the €160,000,000 Is your margin going to be significantly below the 40% in that case?
So could you give us a rough estimate whether it would be kind of several percentage points lower if the scalability in top line doesn't materialize?
Yes. I'm not going to give any numbers, but if the difference is €160,000,000 versus €200,000,000 so it is a different scale. So it will be lower.
Right. And inside that equation, is there what role does the sales mix play? I mean, if your growth is coming from total contracts or if it's coming from embedded security contracts where the scalability is lower in the beginning, does that play any significance in the margin? So if it just so happens that you would get most of the revenue increase from total contracts, would it then be more beneficial for margins instead of having coming from embedded security contracts?
Yes. Total is more profitable and it's immediately from the beginning. You remember we used to have over 90% gross margin. So it's clear that that is extremely profitable growth. The thing with the big Tier 1 deals is that as it's price times volume, the volume can be very high.
So then maybe the percentages are not as high, but the euros are big. And then there are can be some features that are related to unit cost that in the ramp up phase, the unit cost can be higher. And then when we get to bigger volumes, then it also gets more profitable for us because we get lower cost per unit.
Right. Then finally, regarding 2025, it's fairly easy to talk about growth expectations at Capital Markets Days, but the short term is also quite crucial for the capital markets. And the long term is composed of many short terms. And now when you fail to tell anything about 2025, you kind of leave the markets in a bit uncomfortable position because we don't know yet what you will promise for next year. So basically, we would be quite maybe optimistic to basically pencil your current expectations to our models before actually knowing what you plan to achieve in 2025.
Is there anything that you could do short term just to kind of bridge us to your thinking about next year?
I think that is a fair comment because we are fully aware that we need to deliver the growth and show it. But I think there are not too many companies who at this point give guidance for 25%. So we just need to work on showing the track and the guidance you will get then when we are ready with our next year plan approved by the Board and when the I would guess that it will come in February when we release the results unless Board hears your feedback and wants to behave differently compared to how companies normally do.
Fair enough. At least we tried.
We tried. Expect nothing less.
Walter Rochit from Danske Bank. On the growth target, just to make sure, is it so that the high single digit ambition or target is totally excluding any new Tier 1 partners?
No. There are the question is the significant ones. So for example, this year we have had 2 press releases about Tier 1 deals. So they would not be in that significant ballpark. But then the header of the release would be stock exchange release.
Okay, fair enough. Thanks for clarifying. And then is it possible to kind of try to put it into smaller pieces that high single digit target? Like how much would do you expect coming from total upgrades, which are now looks like that there's a lot of partners live with Total. So kind of what portion of that will come from Total upgrades?
And how much from new customers completely? Like anything you can say?
I'll start. It will be a combination thereof. And I don't think that in our high single digit growth target, there would be any one that would be completely overshadowing the other ones. So expanding our position within existing partners, winning new partners in major accounts, major partners and commercial partners as well as ramping up Tier 1s, I would say that relatively give or take similar size expectations in all of them, then getting to the 200, the strategic partners play then a bigger role.
I think Bruno was explaining quite well how there are expectations for each of the segments. We see that there is a possibility to grow in all of them.
All right. Thank you.
Jakot Tovann from SEB. I could continue a bit on the same topic and the Tier 1 potential. You said that you have now 6 out of the top 10 Tier 1s globally. So my question is how much you have of the theoretical full potential of these clients already and how much of the future planned or the future growth ambition will be coming from these existing Tier 1s?
So there is a wide range. There are some Tier 1s right now where we have maybe no more than 5% potential covered with what we have in our scope. That's all. We may have somebody where we are like 80%, 90% of in a way how far or how big a scope could be. But then maybe the adoption levels are nowhere near where they could be.
And this is true for all of them, right? So in terms of service scope, I'd say anywhere between 5,000,000,000 and 70,000,000,000, 80,000,000. And then with regards to adoption in many of the cases, we're in very early stages of getting deeper penetration into the full customer base. So there's tons of potential in the ones that we've already signed. Then there's another aspect that we may have this narrower scope and there may be big continuation agreements available at some point in time, which may be massive.
And naturally, we are working on such cases also. And then we are working on completely new strategic partnerships that we are not serving today.
Good. Thank you. Matti already covered my rest of my question list.
Matti is
good. We have no questions from the chat. So I think those were all the questions for today.
Okay. All right. Thank you for all the questions from the room. Thank you to my fellows here beside me for running their sections. Thanks everybody joining online.
And we hope to see you latest in our quarter one results release in February.
Quarter four.
Sorry, quarter 4 results release. Thank you, Sari. But before that, I wish you all a great holiday season. Thanks for attending.