Welcome, everybody, to F-Secure's Investor Day for 2023. Our theme today is Stronger Together. Welcome to everybody here in the room. We have a good number of people in here, as well as on the stream. Good to have you with us. There's been a lot of news about F-Secure in the past, let's say, five months. It's good for us now to hear our side of the story, as we would like to think of it. Let's have a look at the agenda for the day. We have a number of presentations booked for the next three hours. The timing over here is Finnish time zone. I would like to not only introduce the presenters that we have, but a few other people we have here in the room from our leadership.
So, the presenters today, in addition to myself, my name is Timo Laaksonen, I'm the President and Chief Executive Officer of F-Secure. May I ask my colleagues to come over, please? We have... From my left here, we have Sari Somerkallio, our Chief Financial Officer; Steven Offerein, Vice President, Portfolio Management. We have Kitta Virtavuo, our Chief People Officer, who speaks the same language as I do, Turku; T.L. Viswanathan, who is our Chief Product Business Officer; Toby White, our Chief Technology Officer; and Antero Norkio, Senior Vice President, Corporate Development. So these are the people here in the room. When we have a break, you have a chance to mingle and exchange ideas with them, but thank you. We'll get on with the presentations. As always, there is a little bit of a waiver over here, or a disclaimer.
We are making some forward-looking statements here, which are not to be interpreted as any kind of guidance to buy or sell our shares, but here is the, here is the typical language that you would expect. A few words about practicalities. So, each section, each presenter, at the end of the presentation, there is time for a questions and answers slot. And if that is not enough, we will have a longer one at the end of the event. Okay? If you're in the room, just raise your hand, we'll run a microphone to you. If you're online, you can pose your questions in the chat.
We're going to have a 10-15-minute break in between, so everybody over here can go for a glass of water or coffee, a refreshment of your preference, as well as on the stream, you can take a short break. That's really all. So let's get started. Sense of security for all, that's what we're here to talk about, and this is what we want to offer to the world. So what does this sense of security mean? What does it look like? How does it feel like? I mean, what is it that I can see in the services that we provide? What does it look like?
So we have a video for you to give you a little bit of a feel what this could be two-three years from now. So here we go.
Come on, we gotta go, it's-
Ready? Love you. Love you too. Ben, love you.
Yeah, yeah.
Love you so much!
Good morning, Leo. Let's go through today's agenda. The soccer shoes you ordered for Ben will be delivered at approximately 2:26 P.M. today. In addition, I have some important information to share with you. Your credit card information was discovered in a recent leak. However, there's no need to worry, as F-Secure has already blocked the leaked card, ordered a new one, and updated all the necessary information.
Cool, thanks.
Please take a moment and approve that grocery list purchase I've reminded you of, like, 100 times before.
Okay, okay, I'll, I'll do it right now.
I can protect you from malware 24/7, but when it comes to keeping the fridge full, you're on your own.
Hmm.
Thank you. Oh, you received two new matches on Flutter this morning. Want to check them out?
Yeah, sure.
My analysis shows that the images of one of the women, Monica, have a 99.375% likelihood of being computer-generated. It's possible that this profile could potentially be a scam. I recommend proceeding with caution and focusing on your other match.
Okay.
Speaking of love, I've noticed that your son's web search history seems to be focused on ladies. I hope you don't mind me mentioning this, but it seems like you two still haven't had the talk. As a friend and virtual assistant, I understand that it may be an uncomfortable topic to discuss, but it is-
Can we just block the websites?
Well, technically I can, but I'm not sure if that's the best approach to address this delicate matter.
Just block the websites.
Okay, I'll block them.
Oh, by the way, also block the aubergine and peach emoji, just to be safe...
So we can help you with a lot, but we cannot help you with the talk. That, if nothing else, that was one of the learnings here in the video. Hopefully, this gave you a little bit of a better feeling for what kind of a world we foresee when it comes to consumer security. It will be woven into the moments on the internet. It is not necessarily a separate product or app that you go to anymore to be secure or see how you are secured. It enters the digital moments where you are, be it dating, or shopping, or messaging, or whatever thing you're doing. That's how we see consumer security of the future. The megatrends that are driving our vision are depicted here.
A couple of them are similar as they've been before, one is new. We have more vulnerable digital moments than we've had before. You know, 11 years ago, when I joined F-Secure, it was very much about endpoint protection, antivirus, and so forth, but now there is much more that we need to protect. As you could see, Leo, here on the video, was exposed in many different ways, or potentially protected in many different ways. You know, identity, payments, dating, and even parental controls or, or, family rules, as we like to call them. There's more digital moments, which actually creates complexity. The world is full of point solutions that have been created as technical functions to help you protect yourself on the internet. They're not necessarily linked to the digital moment that you're in.
You don't necessarily have all the necessary protections that you may need, and you may have them, but only on one device. You may have them when you're at home; when you're on the move, you may be exposed. This is complexity overload, and this is what we want to solve: therefore, sense of security for all. And finally, let's say in the last 10 months or so, nine months or so, Generative AI has just shot into everybody's attention, and there's two sides to it. One is that the scams that we are going to see are going to look so much better than they ever did before. You don't necessarily find those spelling mistakes or funny subject headers or things like that anymore. You will see messages and reach outs that are very real.
There's a hacker over in the U.S. who is specialized at protecting companies from social engineering attacks. You know, she says that she can hack anybody by creating a video with the voice and image of a relative or of, of a friend by only having access to a three-minute slot of that person's voice and image. That's all it takes. The scams are going to be smarter, and it makes our work harder. At the same time, we use that same weaponry to find the scams. It allows us to actually take our artificial intelligence that we've already developed for the past 15 years to the next level and start looking at patterns. What kind of patterns are typical in the scams? What kind of behaviors, what kind of sources of attacks?
So this is what we can do with Generative AI. Plus, when we talk about the better experience to consumer security, Generative AI is actually very good. It can provide much better guidance and ideas to people, how they could go about solving their problems in security or what to do in a given situation. So there's a lot of power in Gen AI also that we are harnessing as we speak, by the way. So sense of security for all. I talked about the sense of security earlier, also visible in the video, but what does this for all mean?
So, when astronauts went to the space for the first time to go to the moon in 1968, 1969, they realized that now that we're so much further away, we can see the beauty of the Earth, we can see how everything is interconnected, and we can see that everything that we have, we were used to thinking of as our own, you know, sphere of living and influence is so much bigger. We have taken this, in a way, overview effect on consumer security and realized that there's billions of people, most likely, who are not secured in the way that they should, both in the countries that we're used to thinking of as very sophisticated internet countries and mobile service countries, as well as countries which are developing.
Not everybody downloads a security app, and that's a problem. How can we secure all the people who do not download a security app? How can we make it easier to, in a way, build consumer security into the apps people may already have? These are the kinds of things that we're looking at solving now, and T.L., from our product business, will be talking about along with, with Steven. So it's not enough to secure 15% or 20% of a service provider's customers. How do we get to 100%? That's the exam question for us.
Now, what comes to our growth, first of all, I would like to say that, you know, after being a part of a company where quite a bit of the investment went into the enterprise security side, and it's enough to optimize profit, optimize profit year after year, you have to start rebuilding the fundamentals of growth when you're independent. This is us, and this is how we're going about it. We want to expand our addressable market to be able to provide the sense of security for all, and we are now expanding our partnership focus from the ones we've had before, who are all as important as, as they've ever been, to also covering Tier 1 players out there in the world. I'll talk a little bit more about that later on.
To be able to expand the market through these partnerships, we have to provide an absolutely phenomenal partner experience. Steven will talk more about that later on. Value increase. How do we drive the value of this business? So one aspect is the conversion of our customers from individual products to a more holistic product proposition app we call Total. Secondly, we want to start embedding security into places where it's not been before, to make sure that people can more easily get access to consumer security capabilities. And finally, to drive all of this, we naturally need to have a global growth mindset, and we need to be agile in the business that we're operating in. So these are, these are growth fundamentals. Take any one out, and most likely it will not work. So we need all of this to perform in unison.
About expanding market reach, so as you can see on the upper left-hand corner here, communication service providers has always been a very strong point for us. We currently have about 140 communication service providers as our partners, and on that front, now, thanks to the acquisition of Lookout Life and to the prospects that we have, we are adding Tier 1 players. You know, think of tens of millions of consumers that they're serving, maybe 100 million consumers that they're serving. We're adding those into our focus of finding new partners. New vertical partnerships we've talked about. So banking and insurance, we've been working on already for roughly a year and a half, and we've made good progress on that front.
Now, we've also seen that fintech and insurtech type of companies, in a way, born digital companies, are also a very natural and good partner segment for us, and we'll have one of them presenting themselves here today. Direct business, which is our finger on the pulse of the consumer, both through e-commerce site as well as our app stores, they will continue to be operating as they've done before, but now with the acquisition of Lookout Life, we have a much better presence in the U.S. market in e-com. Our aspiration is to reach over 1 billion addressable consumers by 2026. If I just look at somebody like AT&T, Allianz, Touch 'n Go, they together already form 200 million. We're on our way there. How do we drive value with Total?
So, we have now roughly seeing 18% of our revenue coming from customers who have taken the Total offering, and not just one module, endpoint protection, but more. Potentially, you know, privacy protection through VPN, password management, identity protection, and so forth. So 18% comes from there, so there is still 82% of potential. Now, the ones who are already ready to expand the Total offering is another 64%. So we've already made the upgrade into the service platform that they run, but they only currently run the endpoint protection service, so there is expansion potential into the new areas of Total. And then the ones who are still working on previous generation individual products are about 18%.
Three years from now, we see that three out of four should clearly already be, you know, providing a wider, you know, set of capabilities through Total, and maybe one quarter or so are ready, but are still waiting for the right time to move. There is, as you can see, a lot of value potential untapped here still. I mentioned that fintech is an interesting new area for us for growth. Here we have Danny Chua from Malaysia. He's the Chief Commercial Officer of a company called Touch 'n Go, and let's hear what he has to say.
... Hello, I'm Danny Chua, the Chief Commercial Officer of TNG Digital. We run Touch 'n Go eWallet. I'm very proud that it's the leading mobile platform for digital payment and financial services in Malaysia. As a market leader, protecting and safeguarding customer data is paramount and the top of our corporate objective. When the Central Bank of Malaysia mandated five measures to be taken up by the banking industry to combat financial scams, even though we are not a bank, we were the first ahead of the deadline to comply. Customer confidence is the most important. When customers feel safe transacting with us every day, it builds customer confidence and enhance our brand reputation, resulting in increased transaction from new and current user base. At Touch 'n Go eWallet, we believe in growth by partnership.
We always open to explore what is the next unique and useful product or service to introduce to our ecosystem of consumers and businesses. While Touch 'n Go eWallet has continued to be a leader in protecting our users, when they use our platform, we know that they are still vulnerable elsewhere in cyberspace. MyCyberShield is a world-first product co-created between F-Secure and our team that embeds real-time data protection within a leading e-wallet. It offers users protection from ID, to emails, to credit card, and login credentials. In F-Secure, we have found a partner that is a subject expert and global market leader in cyber and identity security, has extremely high standard in technology, and very importantly, a very progressive management team that support open-mindedness and flexibility to co-create new offerings to the market.
We are very, very proud and honored to have launched such a great product with F-Secure, and look forward to continued partnership to introduce more and more features onto this service. Thank you.
Touch 'n Go has 21 million registered users out of a population of 32 million in Malaysia. Two out of three Malaysians have this super app in their phones. It looks like our service that we built together with Touch 'n Go looks like the screen on the right, and that's not an F-Secure brand image. This is Touch 'n Go's visual identity. This is part of the Touch 'n Go super app, which is a new, in a way, market segment, specifically in Asia, winning a lot of popularity. You can practically do all of your everyday, you know, repetitive transactions and get access to services using one single super app, and we're now part of that super app that Touch 'n Go has. The product name is MyCyberShield, as Danny told.
Gartner has gone as far as to say that by 2025, 50% of the global population will be using multiple super apps. Well, if you think of the populations of the larger countries over in Asia, that's the driving region. There's no doubt about it. This is an opportunity for us. People already have an app. They don't need to download anything new to get access to security services. It's there and waiting. This way, we can reach people who are not necessarily keen on downloading new apps for themselves anymore. Now, when we look at the best partner experience, you know, if we look at the way that we're serving different ones, the Tier 2s and Tier 3s , oftentimes, we've been very good at providing a configurable solution to them, which is very much based on standards.
Automated integration, very productized delivery, and go-to-market support. When it gets to Tier 1s , you need a partner-specific solution, fully branded by them, an experience that is fully designed by them. So we need to have a capability to, you know, naturally, pre-sale, sale, solutioning, delivery, and operations. And from SLA point of view and from the point of view of building a partner-specific solution, yet consisting of standard components, that's a different kind of a market for us. More custom-built approach. And there you get a feel for, you know, what sizes of markets that we're looking for in terms of partners. But we're expanding our partner engagement model now to cover also Tier 1 s. Now, many of these things that I've been talking about are only possible because we acquired Lookout Life.
I would say that, you know, what comes through the culture is, is the agility and growth, growth mindset that the Lookout Life team has. We are now looking into very rapid product convergence, so putting the best of both worlds of F-Secure and Lookout Life together, and we're starting to ship new generation product that combines the best already around mid-2024. We've expedited this and made sure that we can provide value rapidly. Finally, now with the kinds of partnerships and the kind of experience that Lookout Life brings to F-Secure, we're in a much better position to have the right to win very mobile-centric, and large players. These provide us with fantastic, in a way, cornerstones for growth. Now, what kind of a company are we these days? About 500 fellows.
You know, people talk about employees or, or members of the team, we call them fellows. About 546 nationalities today. We have fellows in 17 different countries. Half of the leadership team are from outside of Finland. We have significant presence in Europe, in North America, in Asia, and we have customers in over 100 countries. There's a screenshot there of a LinkedIn post I made in the summer when our new government was preparing their program. And you know, 59% of the people we've hired here in Finland in the last year are non-Finns. So having access to a good pool of absolutely best ex-tech experts here in Finland is crucial for us. Our journey to becoming the experience leader, this year has been all about Total, and it does continue into 2024.
Next year, agility, bringing the new product generation out, adding new big partners who will double our customer base, and a service that speaks to people. That's all planned for next year. The number one security experience to make it something along the lines of the video that you saw, that's due in 2025. And in 2026, we want to be the best partner for Tier 1s out there. So that's all from me. Now we have some time for questions. Do we have some time still for questions? Yes. All right. We've got the first one here in the room.
Hi, Felix Henriksson, Nordea. Thanks for the first presentation. I have three questions at this point. I can go one by one. I appreciate you sharing the revenue share of Total today. That's good color. Can you also comment on sort of the realized ARPU uplift, on average, that you've seen so far from when customers move to the independent products to Total?
Anywhere between +20%-80%. That's accurate to you? Anywhere between 20%-80%? Yeah.
Okay, that's, that's helpful.
Average being somewhere in the region of EUR 1.4-EUR 1.45.
Right. And then, following up on Total, you know, you released a profit warning a couple of weeks ago, and one of the different reasons for that was that you basically—it sounds like you have customers that are signed up for Total, but the launch of the product has been sort of delayed. So could you sort of provide a bit more color on this? Is it basically macro-driven because customers are more hesitant or your partners may be less willing to launch the product, or is there other structural factors that are driving this? And also any, you know, color on the contract structures would be helpful. Are, you know, partners obligated to launch Total within a certain time schedule?
Okay. So that's a very relevant question, and I have actually a separate talking point later on in my second presentation, and I will focus on this. But quickly, Felix, in a way, the consumer sentiment over here in Europe is not putting pressure on the service provider to go and provide a more holistic and more expensive service. So that doesn't help, let's put it that way. But that's not the only thing. To go and touch your customer base of users who, for instance, use only endpoint protection today, you don't necessarily want to go when people are shopping for better deals. You don't necessarily go and propose to them that, "Why don't you take a bigger entity? It's this much more per month," and so forth.
So they're very careful, you know, converting their existing user bases to something wider and potentially more valuable. And then there is the ever-existing shortage of IT and marketing and other resources that have to do with launching a new type of a product proposition. Because going from, for instance, from endpoint only to a wider proposition, you have to involve a lot of resources within your organization, and there may be waiting times of six months, nine months, 18 months even. I believe we have a partner who has said that they're very keen to move to Total in 2025, and we see a paradox there between very keen and 2025, but anyways. But those are some of the things. I'll, I'll talk more about that later.
That's great. Finally, embedded security. You talked about it. You have already talked about it previously. It sounds like a good way to capture some more subscribers. Can you comment on the ARPU levels for that product? I think you've mentioned that it's, you know, lower than, for example, Total, but what kind of numbers are we talking about in percentage terms, for example?
Depends completely on the case that we're talking about, the scope. With the acquisition of Lookout Life, at the risk of repeating myself, we got a whole new set of embedded capabilities into our portfolio. Some of them may be, you know, worth in the small double digits of cents per month per sub, and for some it may be over EUR 1 a month when it's a bigger entity of capabilities. It varies a lot, and already when we are looking at the cases that we have, we have either deployed or are in the process of implementing or negotiating, it varies anywhere in between these two ends, depending on the scope. Also, the earning logic changes. It may be per user per month, or it may be even revenue share.
Thanks. That's all from me at this point.
Forward? Cool. Thank you. So next up, we'll have T.L. Viswanathan, our Chief Product Business Officer, to tell about how do we create the number one security experience.
Good afternoon, everyone. So how do we create, and how are we creating the number one security experience? We'll talk about this in this session through the portfolio strategy, which I will cover, and how do we deliver this as an experience to consumers and partners, which Steven will talk about. But just to get us started, what are we trying to solve? I'll add a slightly different color to the points that Timo already mentioned. Consumers value simplicity, and they are willing to pay for it. In all the users we spoke to, 66% felt that the subject was far too complex. I think it's fair to say, as an industry, this is one of the expectations we have not met, right?
Whether it's the language, whether it's users having to understand the context themselves so that they know which functionality and feature they need, are not pointing to the right direction in terms of where we want to take the users, right? Which is security that comes to them. Timo already spoke about digital moments, but just to give a slightly different perspective, this is one third of our lives. On average, we're spending about eight hours a day online. You can also look at these digital moment as gateways to scams, which is essentially a well-orchestrated chain of events by threat actors. So it's important to understand how do we protect users at the source. Finally, when we speak about these digital moments, these are not static, right? These are fluid. We start something on device A, end on device B.
We start something at home, and we continue talking when we are driving. So, and if you talk about family, you know, what our children or our kids see as digital moments is completely different. So overall, there needs to be a sense of security that we're able to provide to our users across this landscape, right? Now, if you think of these three topics, they're not isolated. They are intricately linked together, and that is what drives our portfolio strategy, and we want to deliver a holistic protection against scams across these digital moments that you saw, and across devices that you use, across the place of usage, whether it's home, it's on the go, it's on your home internet, it's on a public Wi-Fi, it doesn't matter.
We want this sense of security to come to users at the time they need, without interfering with what they are trying to do, right? Opening up this scam topic a little bit more, what you see on the left side is the results of the most recent survey we did, where we ask the users what have they experienced in the last 12 months as a form of cybercrime. There are two very interesting outcomes that shine through in those results. One, which is a pretty obvious one, which is that scams were the most common form of cybercrime, and the second was the language. This is a language which consumers have used. That means there is already a degree of awareness and understanding of an SMS scam, of a banking scam, of credit card frauds and scams, and so on and so forth.
Again, which brings back the topic of relevance and simplicity that we want to drive. Now, why is scams important? And why are these sort of a, kind of a holy grail, let's put it this way, for this subject? I'll give you one example on the right here, and here I've taken the flow for an SMS scam, and I want to talk through the scam and how our capabilities need to work together… So let's start with the fact that, okay, there are now suspected SMSs in the market reaching thousands of users. They're already there in your phone, in your inbox. Our smishing protection capability is able to detect, isolate this, and put it in the junk folder, right? Let's call that plan A. We will protect users at the source.
Now, it's quite possible, in many of most of these messages, there's a malicious link, you know, built in. In many cases, maybe the users do click the link. At that time, our browsing protection capability comes into play and ensures that that doesn't open, right? Or informs the user that this link and this space is suspect, and you shouldn't be here. But, okay, so let's call it plan B, right? And in some case, maybe the user does still go ahead and click the link and ends up downloading a malware, most likely an info stealer, on the device. That's when our world-class endpoint protection comes into its own and ensures that the malware is detected, isolated, and removed. Plan C. Things can still go wrong. Your information could be a part of an enterprise breach, and find itself and find its way into the dark web.
We are with our identity monitoring service, ensuring that your credentials—what you saw, for example, with the Touch 'n Go product—we are monitoring your credentials on the dark web to make sure that you are informed whenever it's found, and then we guide the users on how to make sure they can work and change, or the next steps to be taken. Plan D. If nothing works, cyber help. Pick up the phone, and you can call somebody to get help on what you should do. So our endeavor is not to talk about A feature, B feature, C feature that just goes and does this as a point solution. We want to offer holistic protection, and what that means is we have a plan A, a plan B, a plan C, and a D, if needed, to protect users.
That's what this represents. In a cybersecurity language, this would be called the kill chain, but this is just one example of it, right? There is one for banking, there is one for identity, there is one for credit card, there is one for calling. So we need our features, and capabilities, and functionalities to work in an extremely cohesive manner to make sure that the users genuinely can be in the zen mode that you see in the picture there. Now, how do we deliver this? We deliver this in two forms. One is the F-Secure experience, which we call Total, and that's branded as F-Secure, which is in our direct-to-consumer business, or can be co-branded for partners.
It is also, as Timo highlighted, packaged and embedded within partners' own applications, services, routers, and the network itself, and we deliver it through the experience that they would like their users to get. I've shown a couple of examples here. The first one here is the AT&T ActiveArmor product, which is a product that's fully owned by AT&T, but built with F-Secure capabilities and support. The second one here is the MyCyberShield product within the Touch 'n Go app, which is powered by the F-Secure API and built by us specifically around the user journey and experience they wanted to bring. Finally, the third case study there is Windstream, where we have our router security embedded into the routers, which Windstream offers, and the management of that being embedded within their app called GoKinetic.
So again, driving flexible and broad delivery models that ensures that we can go for both value and scale, right? And that's an important point I want to talk about. These two aspects of the portfolio, and I'll come to the execution aspect, working in tandem, right? They are not, like, disconnected. They are working in tandem, which allows us to talk to our partners and offer them the form they need. So there are many cases where partners has Total, but they would also like to have security embedded in their network to reach the scale. So it's quite possible we see those combinations in the market. Now, how are we doing on executing the strategy that Timo laid out earlier? Total, we launched it on plan, as scheduled, in February this year.
Timo has already spoken about the positive development in the ARPU we see, and the fact that there is already about 18% of our partner revenue that comes from it. While this is ongoing, we've also ensured from a user perspective, right? The chart Timo spoke to was from a revenue perspective. From a user perspective, more than 75% of the users sitting behind partners are already Total ready, right? So the technology uplift is done. So now this is really about making the upsell to them and driving the ARPU value, which will then show up quickly, right? A few words on the Lookout Life integration here.
And when I speak about the holistic aspect and the need for us to make sure that we can really span the digital moment, but also where they occur, bringing the mobile-first experience and capabilities from Lookout is a big part of that strategy, right? So not only in terms of functionalities, in terms of experience, but also understanding that space. And now I'm talking about people, right? We are now also integrating, and have integrated, a very, very strong product technology team into F-Secure that can bring that expertise together as well and deliver this converged product, which is well underway, right? So what is planned for next year is the converged product, which will bring through the mobile experience and the mobile-first experience and capabilities from Lookout, combined with the strengths of Total. Quickly looking at the other side, embedded.
I think earlier in this year, F-Secure launched the embedded SDK API portfolio of our. We already had a pretty stable and a strong router SDK product, which we call Sense, but we also added the core SDK capabilities to it. I think this is an area that has been significantly accelerated with Lookout Life, because with the acquisition, we have now added a very mature and broad SDK portfolio to this. And not just portfolio, but also very, very strong references, like in AT&T and like in NTT DOCOMO. Combined with our router security depth, combined with the API strength that we brought in cases like Touch 'n Go, I think this is one of the broadest and strongest embedded portfolios in the industry, and this will be the engine that powers the Tier 1 engagements that Timo referred to earlier.
That's one part of the story when it comes to scale and reaching scale. We've also been very active, and like Danny very well mentioned, F-Secure as well believes in growth and scale through partnerships. In the last 12 months or more, we have been actively working in building our partner ecosystem, and we are proud to work with names like Nokia, Sercomm, TP-Link, who are not only reselling our router SDK technology, but also are able to integrate it themselves. That gives us more legs in the market. Through the ecosystem that we have so far, which is ever-growing, we already have access to more than 150 million routers today. Just to give you a perspective again, how are we getting to that 1 billion user mark, right?
So this is just a color on how the portfolio is shaping and how are we using the holistic protection for scams as the pivot to drive the unique differentiation and how our capabilities come together. At this point, I would like to call Steven to add some depth to the experience that this will bring.
Fantastic. Thank you, T.L. So yeah, I will talk you through what it means to deliver on our experience promise. About a year ago, we set out to become the number one security experience company in the world. I'll talk about this and what we do to deliver that in two strands. Firstly, I will introduce you to our efforts in the consumer security experience. What do we do to make the end users, to make all of us, more secure and give that great experience? And secondly, but equally important, I will talk about what we're doing to increase the security experience for our partners.
It's a topic I'm particularly passionate about, as before I joined F-Secure, I used to work for two of our major partners, and it is of huge importance to us that we get that absolutely right, as it is our biggest revenue stream. As I said, I talk first about the consumer experience vision. That is unchanged. We want to deliver the number one security experience. The goal is to become the trusted companion of customers. We can talk about this in different phrases, trusted companion, being the Swiss Army knife of everything that you need to stay safe online, covering all those aspects that T.L. already spoke about, from Plan E through to Plan D. What are we doing to deliver this and to get to that zen state of our customers, to give them that peace of mind? Essentially-...
There's two wows that I wanna introduce there. The first wow is the wow effect that we want to have on our customers when they start using our products and services, whether they are through our Total application or through the embedded experiences, some of which examples we've seen just before. And the second wow is a bit more internal, but is not less important. It's the way of working. It is a change in how we address these things as an organization, and become less product and feature-centric, but really focus on the end-to-end customer journeys and the engagement that customers have. And as we talk about experiences and engagement, I appreciate that can sound a bit woolly, but the evidence is absolutely there.
We see that customers who are more engaged, who are happier with the products and services, are more likely to renew, more likely to spend additional money, more likely to make that upsell, and very importantly, in the partner space, are less likely to churn at the same time, which is something that I'll touch on a bit later. So here we are really reimagining our customer experience, and I'll show in a bit what that is going to look like. Like I said, focusing less on product features, less on the technology, less on the complexity, more on the outcomes that we want to deliver for the consumer. Being more visible, in a sense. We have been in the background as an antivirus software, sitting there in the lower right-hand corner of your screen and only popping up if there's something wrong.
But actually, we found that customers don't only want to hear when something's wrong, they want to have the positive reinforcement as well, if we're doing something that helps them to stay safe online. We're building these things along the following value elements. And first and foremost, it is about protecting the end user, because we can talk about all the rest, but if we don't do our core business right, if we don't protect the end users, there's no point. So we need to have this absolutely spot on. Secondly, it's about engagement. So how do we get customers to take our products onto use, how do we make sure that they make the most of those products? Again, whether it is Total, whether it is an embedded solution.
We want to have that positive surprise to customers, and I have a nice example of that coming up. Lastly, we want customers to feel empowered. If anything, in the previous slides from both Timo and Tia, we've seen that this world can be incredibly complex to the end users. And, I mean, myself and many of us in the room have probably felt once or twice at least, "Is this message real? Is this, is this a scam? Is this fake?" et cetera. We want to empower customers through the tools, products, and services that we provide to become more savvy online. And then if plan C fails, if the proverbial sht hits the fan, then we have the cyber help desk as well.
Here, I want to bring to life how we are currently combining forces, the good from F-Secure, the good from F-Secure Total, and the good from the acquisition of Lookout Life. In F-Secure Total, we have a brilliant, modular, and very partner-centric experience, but it is fairly product-centric, very feature-centric, and quite technology-heavy. You could say it is a bit boring, maybe. On the Lookout Life side, with the acquisition, we have gained brilliant designs that are one step ahead in terms of customer engagement, and the way we don't talk about technology, but talk more about the experiences. Over the next couple of months, and indeed, the work has already started and is well underway, we will bring these together to build that trusted security companion experience so that Leo, and indeed all of us, can feel more secured, more protected.
We will make an announcement of this new trusted security companion and an unveil during our partner conference in Spring 2024. So that is already quite short, and the teams are working extremely hard on getting this all together. In the meantime, though, it's not like we're not launching anything. We have learned, like I said, that customers like that positive reinforcement in their journeys. One of our most successful tools, features if you wish, is a component called banking protection. It tells customers when they open a legitimate bank that, "Hey, you are now on your own banking website. This is a safe place to do your financial transactions." And in the background, it blocks certain connections, like remote access tools or other things that you might not want to have active during your banking session, just to make sure that your financial details will stay safe.
Customers love that feature. We've built on the success of that feature, and I'm very proud to announce that just next month, we will launch our trusted shopping component, which will live as banking protection, very much in the moment, in that digital moment of customers going online onto a shopping website, and it will flag up whether a shopping website is to be trusted, like this big one as an example here, or it's potentially malicious. And an awful lot of money is being lost every day, every week by consumers thinking that they purchase a product that never arrives. So this is a brilliant example of something that delivers actual value in the moment when consumers absolutely need it, and I'm very excited about that.
With that, I wanna make the step over to our partner experience, and to introduce that, we go back to Leo, who we saw earlier. I hope he has cleaned up his kitchen in the meantime because it was a bit messy. We'll see how Leo interacts with us as one of our partners working for a telecom organization. Please play the video.
Hi again, Leo. F-Secure has just sent over the latest security sales campaign results. Now, let's get to work. First of all, let me say that your overall customer satisfaction has increased by 20%, and your overall churn was reduced by 42% for your customers using the F-Secure solution.
Looks good! The campaign?
The NetWave Secure Your Digital Moments campaign has been running for the past month, and here is a brief summary of the performance. You've reached a total of 2 million potential customers through your targeted marketing efforts. Your website traffic has increased by 36% since the launch of the campaign. The overall sales for the NetWave's online security offering have seen a growth of 24% compared to the previous month.
Looks good. Have there been any issues?
Yes. F-Secure has identified one issue. The banner ads seem to be underperforming with a click-through rate of only 0.5%. Don't worry, F-Secure has already scheduled a meeting right now to go through this with you.
Hello, Leo. How's it going?
Good, and you?
Great. Thanks for asking. So I'm excited to see how we can improve your click-through rates today for your online security sales campaign.
Cool! What's your take on it?
We've analyzed the data and found that your current banner ads are not connecting with your target audience, so we've generated some new messaging options for you. Our team has drawn inspiration from successful campaigns that we've run with other partners. We've added a pop of color to grab attention and made the CTA more clear and engaging. Now, this approach has worked wonders for similar partners in other markets. So what do you think, Leo?
Well, they look good.
Yeah, they look good. I like option one.
Do you want me to update the asset bank with this one?
Yes, please.
All right. Done.
Thank you, Kim.
Thank you, Kim.
While we won't have a talking hologram probably anytime soon, I'll leave Toby to comment on that in the next section. We won't have a talking hologram, probably. What we will have is a lot of what that video embodies, and that is the collaboration with our partners. Like I said at the start, this is something that I'm particularly passionate about, as F-Secure has never been a pr- a, a traditional vendor of security software. We have been a true partner to many, many, initially, telecom operators around the world, and now, as Timo pointed out, in many other sectors as well. We are a true partner. We don't throw a product over the fence.
We actually back that up with great go-to-market models that are flexible and serve people's and partners' needs, as well as what we call our business support platform, which is unique in the industry and offers things like a nice portal where partners can go in, see their insights, data dashboards, get help, support, et cetera. But also a complete suite of brandable marketing messages, lifecycle messaging, et cetera, as well as help and support that operators can get in this experience. We call it our security business as a service. It is as it is not just a security product you buy, but you buy into the business as a service and the proven outcomes that come with that.
In terms of the value elements that we have here, like I said, we have our flexible solutions, and Timo pointed those out, both on the total side, things that are co-brandable, our embedded solutions, and very importantly, we have our flexible go-to-market models. Partners, small and large, can benefit from our standardized way of bringing things to market, and I'll touch a bit more on that later on. Secondly, as I said, we don't throw the product over the fence, but we actually work with our partners to make sure that the customer engagement is good. Why do we do that? Again, because we know that engaged customers are much happier, spend more money with our partners, spend more money with us. Last but not least, the security business expertise, and it was touched on in the video a little bit at the end.
This is where also our community of partners comes together. This is where we can share best practices, not only from what we have learned on our direct business side, but also from different partners across the globe, and they can share information with non-competing partners as well. So this is how we keep the flywheel going on that side. We have the tremendous opportunity here to further standardize, industrialize, and build for scale our partnering models. In essence, they break down into two sections: one, that we have called off-the-shelf here on the left-hand side, which is where we build our gold standard product in our direct business channel and for our affiliate partners as well. That is the all blue F-Secure bit. A partner who takes that doesn't have to do anything. They can take that up and run with it.
Partners who want to do a bit more themselves, for example, they want to do billing themselves, they want to do a bit of co-branding, as we've seen previously, there we have partnership model B, so there's a bit less that F-Secure does, a bit more that the partner does. And it is all about how much upfront investment, how much resource a partner wants to put into this. And these models A and B, they're very much standardized and industrialized. This is where we can put, in an automated way, huge huge volume of partners with the same brilliant experience.
Now, as partners grow and have different needs, for example, the Tier 1s that we have spoken about previously, models C and D, become more interesting, where the partner takes on more work, whether it is in building their, their own customer journeys, whether it is in building their own lifecycle marketing, for example, or all the way towards the right-hand side, whether it is in building their own applications, like Touch 'n Go have done, like AT&T, who have used embedded capabilities to build, applications. So that is how that, that model works, and the automation is more towards the left, and then as partners grow, like I said, the huge volumes, big partners towards the right-hand side, with more effort on, the partner side as well.
One of the things that we have done to make sure that we can build, model A and B in a very, very quick manner, is actually give tools to our partners themselves to make sure that they can sit with their hands on, on the levers. I'm very proud to show our app builder, which is unique in our industry, where our partners can go into this online tool and essentially create their own application. They upload their logo, they set their brand colors, they create the name for the application, and at the end, it is the F-Secure Total application that rolls out in a beautifully co-branded manner, ready to be rolled out to the partners and customers. Again, this is all about industrialization, standardization, and scale. With that, I am at the end of my section.
I think there should be some time for Q and A. ... For T.L., myself?
Hi, Felix Henriksson, Nordea. Just one question. I think when you guys announced the acquisition of Lookout Life, the story was that there was supposed to be a next gen product coming out in late 2023. Is that still the case?
You mean from the Lookout side?
Exactly.
I think the original intent was that that was a plan that was already in motion on the Lookout side, but we have decided to accelerate the build of the converged product. So in that sense, that's what will be the face of what was gonna come out at the end of this year. So we have essentially bought some more time on that and tried to bring that together, in one go. And like I was mentioning over lunch earlier, that we really wanted to make sure that we can get everybody focused as quickly as possible, one team, one focus, one product.
So, that principle, we have tried to accelerate that process, which means we have bought some more time to that, but what the intent of that product was will now be visible with what Steven showed, spring next year.
Right. Got it. Thank you.
Hi, it's Atte Riikola from Inderes. Have you witnessed any churn in Lookout's partners after the acquisition? And if so, what has been the reason?
I think broadly, I would say post-acquisition, there has not been any abnormal change to the pattern from their subscribers' perspective. So in short, I don't think the acquisition has made any major impact either way to the trajectory of their business.
But the number of like, operators, like partners on Lookout?
No. In fact, I think I would probably say there has been more a positive, news for all of them, right? I think we had some of them, we've already met most of them by now, and I think in general, I think the point that Steven was talking about, they are—all of them are looking at how the scale and the efficiency that F-Secure had, and our strengths in running the partner business, can be brought to them.
Now when you're targeting the Tier 1 partners, and I assume that there is already some cybersecurity vendor offering their products to, for them, so how, how are you guys gonna replace?
... replace that competitor?
I would say hold on to that question for just one section, because I think in the next part, post the break, there is gonna be an entire conversation purely on our go-to-market and channel strategy.
All right.
Yes, and we have one question from the line. This is from Matti Riikonen at Carnegie. What is the competition in embedded security? How do you stand versus competition?
I'll take a shot, and then maybe Steven-
Mm-hmm
... you can add, add to that. I think with embedded security, there are two aspects of that from a portfolio standpoint, and then what is-- how quickly can we get our partners to embed? How quickly can we get them, and how can we reduce their time to value? On the portfolio side, I already mentioned, I believe that with the strength of the portfolio that comes from Lookout Life, the strength that we already had with Sense and the routers, SDK product, and the APIs, this is, I truly believe, one of the broadest and the strongest portfolios that we can take to the market, because this gives the most flexibility to our Tier 1 partners to look at what solution they want to take to the market. One thing is the breadth, the modularity, the flexibility.
The other aspect is, how quickly can we help partners to get them into use? If Touch 'n Go is anything to go by, I think that's... We're talking about weeks in that case. With digital-first partners, we have been able to get them go live with their product in weeks. Not the case, of course, with Tier 1 s, because there is more complex build and rollout, but that's the other part which Steven touched upon. Maybe, Steven, you want to add something on the-
Yeah, I think... Yeah, I think this is where we can truly add value compared to competition in the embedded space. And without doing any of them disjustice, I think a lot of them are fairly technology-focused. And I think our added value can actually be on top of that. So how do we develop together with our partners in the embedded space? How do we develop the great user journeys? How do we develop the great experience that actually creates that success in the market?
And I think we've had an awful lot of positive feedback on that from partners who have already gone through those motions with us, and Touch 'n Go was an example of that earlier, where it's really about the co-creation that is super important in that space.
Thank you.
Thank you.
Good afternoon. So I'm here to perhaps add to this portfolio view with a technology view. Thank you, Steven, for the feature request for floating hologram. That's a new one. I'll put that on the backlog. Why are you hearing from technology as well as from product? I think it's you know, bearing in mind the audience here, technology is a very large cost base in this company, and I think it's very important that we are able to explain where that investment is going, and generally what the dynamics of the technology that aligns behind these portfolios is.
This is deliberately entitled Research and Development, because I think it is important to realize that as a cybersecurity company, we are necessarily a research-focused company, because the cybersecurity landscape is changing all the time, as noted earlier. And that research focus, it's, you know, we are necessarily more than simply a company that builds products. We need to have that research focus. So I want to explain a bit about what that research focus is, driven by this portfolio vision. I then also want to talk a little about the development priorities that we have, and then particularly touch on some of the implications of the relationships we have with both WithSecure and Lookout. So I promise you, I only have three slides.
I will do my best not to bore you. I find technology fascinating, not everybody does. Let me hop forwards. This is my attempt at a one slider on our research activities. Now, if you perhaps cast your mind back to F-Secure, as was pre-demerger, you know, for many years, we were an antivirus company, and the fundamental research driver of an antivirus company is one where you have to maintain a view on the threat landscape. It's very important. You gather all the data about the pieces of malware that are out there, that you pull that data back, you put your best minds and your best AI algorithms to work on understanding those malwares.
You find defenses, mitigations for those, and then you push that out to the product. We are now not a malware company, we are a security experience company. We are a scam protection company. And I think what I would like to draw here is a sense of what the research loop is around defending against scams. So T.L., I think, gave a very nice illustration of, you know, the kill chain, if you like, the kill chain of an SMS smishing scam, you know, and there are steps A, B, C, D, where we can find ways to defend to defend against those scams. He mentioned as well SMS phishing is not the only scam, right? There are call scams, there are romance scams, there are digital asset theft scams.
If you game a lot, your gamer tag is a really important asset that has value, and people are trying to steal your gamer tag. There is an ever-increasing long list of scams where people are trying to attack consumers. And the very first thing that we need to be able to do is to map out that scam landscape. So a significant portion of our research effort is exactly that, it's mapping what are the scams that are out there? How is the criminal mindset evolving? Excuse me. You know, what are the ways in which people are trying to exploit vulnerable consumers, both from the perspective of very practically, how are these criminal gangs operating? But then from a technology perspective, you know, where are we able to interface with these scam processes?
Is it at the point of, you know, detecting an SMS scam? Is it at the point of being able to notice a malicious URL? Is it at the point of being able to detect and mitigate some malware on your computer? Is it many, many, many other things? So the first part here is mapping out that scam landscape, maintaining a clear view on what those scams are. The second part is the defense in depth. It's the fact that we can have a plan A, B, C, D, and quite possibly more than those, and there may be different plans needed for different types of scams. Indeed, different types of consumers, because the scams to which a 20-year-old is subject may be very different from the scams to which a 70-year-old is subject.
The scams that you may be subject to in the U.S. are very typically different from the scams that you're subject to in Finland. I don't know why the U.S. is here and Finland is here, but in my head, that's where they are. If you travel a lot internationally, you're subject to a different set of scams. So this defense in depth, right, firstly, it allows us to put together these plans A, B, C, Ds, and we need to do significant technology investments ourselves on some of these, where we think we have a unique ability to deepen the defense here. It may be that we're pulling in capabilities from elsewhere because we're not going to be the best person in the world at every single type of technology detection.
What we are able to do, firstly, is pull those together into a coherent set of plans to defend against the scam. Secondly, to be able to see how these defenses are being triggered, and that's one of the unique advantages that we can have in this cycle, is 'cause we can see what's happening with your malware threat. We can see what's happening in terms of your usage of a VPN tunnel, perhaps, that you're using to protect your privacy. We can see how this interfaces with the ID protection offering that we have. And out of all of these moving parts, all of the data that we collect, this helps us build up a personalized threat profile of you.
Now, I should say at the moment, what I'm describing here is a mixture of where we are today and where we're trying to get to. So I'm not promising that we have all of this holistic protection today, right? This is our ambition, this is where we're going in 2026. But this is the unique value that we're aiming to bring here. It's not any one technology, it's the fact that by pulling these together, we get a view on your personal threat profile, and we can then turn that into the contextual, holistic protection that you need as a 20-year-old person in the U.S., as opposed to a 70-year-old person in Finland, for example.
And of course, that then forms something of a virtuous loop, because now we know how to protect you more effectively, and that actually feeds back into our knowledge of what scams there are. Something I didn't say in here, but actually was touched on from both T.L. and Steven, is the fact that the defense in depth; it's not merely technology defense. It's not just blocking a malware, it's not just blocking a URL. It's the fact that we can be that trusted assistant, because a number of the ways in which we need to defend you from threats, it's about the fact that we need to inform you, we need to nudge you to change your behavior a little. "Don't browse over there. Don't hang around on those websites.
It might be safe, it might not be safe. You, you just need to be a bit careful. Be aware that this Tinder profile might actually be a fake." That virtual assistant, again, that needs to be very, very targeted. That's very, very personal, but it's a core part of what we need to draw out of this research loop. So that was part one. That was... I think, you know, that's the natural, for me, implication. If this is the security experience, if this is the portfolio view that we want to drive, this is the research that we need to have behind us to make it happen. So bringing us back to today, having just completed the Lookout acquisition, bearing in mind this portfolio strategy, this product strategy, this research strategy, what are our primary development themes?
Where will this large technology investment be going towards over the next three years? There are these primary themes that we need to, you know, to deliver upon. Number one, mentioned already, it's about the, you know, we have our Total product, we have our SDKs, we have a broader portfolio of both after the Lookout Life acquisition. We need to bring the best of both of those together towards a converged portfolio, where we're running at this full speed at the moment. I think, hopefully, we're giving you a sense of the pace at which we're approaching this. We will see results in that next year.
And we will see more results as we go forward, because there's a very rich set of capabilities we have across the board here, and I hope they're gonna carry on delivering for some time. And particularly, as we look at the very broad range of sort of customizations that we can have up in the Tier 1 layer. I think there's a great deal to bring with respect to that portfolio.... The second theme is around infrastructure, and this is perhaps the boring technical part, but quite relevant from understanding where we're putting our efforts. As F-Secure, we have had a very flexible architecture supporting, you know, our range of products.
We have this strong focus on partner experience, much of which relies on the platform capabilities we can offer, the APIs towards partners we can offer. From Lookout, from Lookout Life, we have Tier 1 partners, and Tier 1 partners have extremely high expectations, contractual expectations, with respect to the level of resilience we can provide. And that, that's a level of ambition well beyond what we've had to deal with up to date. And so there will be a focus over the long-term planning period we're looking at, ensuring that our infrastructure delivers the level of resilience required and the level of scale required.
You know, if we're focusing on the large, ambitious numbers we have around the levels of, you know, 1 billion+ addressable market, if we're looking towards Tier 1 s who bring with them tens of millions of customers, we need to ensure that our infrastructure is ready to scale up to that level at a cost-efficient unit cost profile as well. So ensuring that that happens, that's one key drive. And then the fifth one. The fifth, the third one rather, is effectively the outcome of my previous slide. What are the security capabilities that we need to deliver from research concepts through to actuality that bring that protection?
We have a research and protection platform, which is where our threat data lives, our scam data. It's where our researchers work. It's also where we can develop the AI models, which go to defeat these scams effectively and form our plan A, B, C, if not D. And that's never going to go away, you know, so that is the ongoing research that we need to do to keep ahead of the market because the criminals aren't stopping. And then the final slide, I just want to talk. This is entitled Transition Service Agreement cost development, but it is not so much about the fat arrows. I just want to give you a bit of a flavor of what lies behind this.
So we are now in 2023, I don't need to tell you that. I think you can probably read your own calendars. We're halfway through this process nearly. So we have had, with WithSecure, a TSA. We still have today a TSA until the end of the year. There was a substantial expenditure on that in 2022. As we've been going through the TSA period, we've been putting a large amount of technology work, and I should say, I speak purely of the technology TSAs here. There are admin TSAs, which are long gone by now.
In terms of technology, TSA work, there's substantial effort going into taking what were single systems serving both WithSecure and F-Secure, splitting them apart so that actually there's one system for WithSecure and one system for F-Secure. We're doing this on top of a very complex technology landscape with substantial amounts of legacy. Much of that work happened last year, still ongoing this year, will be coming to an end by the end of this year, by which time we'll be responsible for all of these systems that we'll split. We will have an ongoing relationship with WithSecure. It'll be a commercial relationship. There are services that, in fact, will be sold both ways, because for various reasons, it makes sense for us to share those capabilities, rather than develop them together.
But fundamentally, there will be a, you know, very thick wall between the two companies. They will have their own strategies, technologies pointing both ways. But you can see that tailing off. With Lookout, right, we now have an equivalent situation. We actually have two service agreements, and technically, they're not TSAs, they are SAs on the technology front. There are, as I say, separately, admin level TSAs. But on the technology front, there are these two service agreements. There's a platform service agreement, and there's a security services agreement. The difference is, the platform one is essentially a TSA nature agreement. This is one where there are a certain number of services which Lookout today are running, which we need to take over.
You know, we get the IP, we get the know-how. We stand up our own version of those services. We estimate that will take us through till the middle of 2024, and then we take them on ourselves, and they are now- they will be then ours, and we can cut ties to a large extent with Lookout. There is also, though, a Lookout security services agreement, and that's because one core part of the Lookout technology stack is their Android malware. Android malware detection, rather. So the ability to, you know, detect and mitigate malware on your Android phone. It's a particular very focused piece of mobile technology, which we would not particularly want to build ourselves.
Actually, they, they do it very well. We're very happy to take, the, the product, which has a great experience, which has many other capabilities, and run that ourselves. This particular capability, actually, it makes more sense simply to, to acquire, from Lookout. We have a, today, a, a three-year agreement in place. Cost profile looks a bit like that. You know, three years down the line, I guess we'll see where we are and if we need to carry on with that relationship or change it. That is sitting there, and that's a set of... That's, that's purely a, a contractual service agreement. The, the fatness of the, the box and the arrows is a, a rough approximation to the, the size of the cost in each case. I think that's where, that, that's where I'll stop.
I think those are the key messages from a technology side. So I'll pause for the barrage of questions, because I'm sure you're fascinated by this. I am. Or not. Thank you.
... And Toby, I believe now it's time for a 15-minute break. So, we'll get back at 2:50 P.M. Finnish time. All right, so we have slightly over 15 minutes. See you then.
Welcome back to F-Secure Investor Day! So, now I try to mimic another person. I was not supposed to present this section. This is not your classical pulling the rug underneath your legs exercise. Firas Azmeh, our Chief Commercial Officer, was supposed to be here to present this section.
... but he has an absolutely lethal travel schedule since the last weeks, plus the coming weeks, so we gave him a pass. He's actually based out of California, and for this 20-minute presentation, I have to say, we gave him mercy. But fear not, the contents are actually coming from him. All right? So, I have two older brothers, one of them is an entrepreneur. And, his wise words to me a few years ago were that, what he had learned in his business was that, you know, if you do not move forward, you very quickly realize that you're moving backward. So we feel that for F-Secure to develop itself as a company, to stay relevant, provide value, and become a bigger player in the consumer security field, we have to grow. We have to move forward.
So that's what I'll be talking about here. So the demand for sense of security is just getting stronger. We're in a good place. I used to work in a company where the CEO said that, "If you sometimes feel in this growth industry that you're slightly lost, do not worry, you're lost in the right forest." So if we sometimes don't find the precise place where to find ourselves in the consumer security market, we will find it. It's a good market, it's big, and it's growing. So the complex threat landscape, all the scams that people are now exposed to, people of all ages, people of all races, people from, you know, professional life, consumers, they are all seeing more and more scams and threats, and that makes people worried. They want to act on that.
But are they able to act on that in a way that suits their wallet, that suits their expectation of ease and smoothness? That's what we need to get right. Naturally, if there is an unfulfilled need, there is an opportunity to actually do more and better business. A player like that we use as an example, we use AT&T in the U.S., some 125 million -130 million subs, the last I know. Apologies if that's wrong. Security, they state themselves that, "Your security is our top priority." If you look at their brand promise, it says, "Fast, reliable, secure." They're quite unique in this respect. They're a very, very big player in communication services, and one of their three brand promises is secure.
So it's excellent for us to work with a player like AT&T to actually push the envelope, find new ways to create that sense of security, do things that nobody else has done before. They push us. It may be painful, it's good pain, I assure you. So these are some of these things you've already heard about, but, you know, when we asked Firas to, you know, to just recap, what are the kinds of messages that our customers, the consumers are, you know, telling us, and what are the things that our partners are asking for? The ones on the left, you know, the consumerized, simple and easy to use, complete protection. "Don't bother me with these bits and bobs, you know, I want complete protection, and I want the sense of security.
That's what I ultimately want." Somebody says, "Peace of mind." You know, whatever term you use, this is about the feeling that people want, and if we can make that easy for them, then all the merrier. On the partner side, somebody naturally who is credible and trustworthy as a partner to protect their customers. So if you listen to Danny Chua from Touch 'n Go, he said that they are in the business of trust, and they need somebody they can trust to work with to create their new propositions. Naturally, to delight customers, I'll come back to this in a moment, our partners, the bigger they get, the more differentiated solutions they want.
We've turned it into an art to actually serve a large number of partners, even in same countries, with a relatively different kind of a proposition, yet still composed of standard components, and tools, and processes, and practices. That's something that we believe we know very well. Then, you know, we're here for seeing business outcomes. Also, our partners, it's not enough to push a product over the fence and say, "Good luck, promote it, sell like hell." It doesn't work like that. They're not necessarily consumer security experts, they're experts at something else: insurance, banking, mobile services, you know, whatever is their core business. They want business outcomes, and we have built, like, Steven presented earlier, security business-as-a-service type of a capability that we build on.
So then if we look at the macroeconomics, I won't—I will not dwell on this for a long time, but, even though the color is something like orange or red at the top, U.S. is, is actually in a pretty good place when it comes to consumer sentiment. When you start looking at different European countries, it's not that good anymore. I believe that Finland of, Finland was way below France, in this scheme. There was, there was not enough room on the slide to show Finland. So U.S. is ahead. They're already on a rebound. There is still pessimism and a war in the European Union area, high inflation, which makes people, careful, high interest rates.
You know, the kinds of conclusions we've drawn based on this in our direct business. You know, we've adjusted our investments to reflect the consumer confidence, so we pulled it and moderated it in areas where we've seen that it doesn't give the payback as it would in better times. We've seen that our ARPU has developed positively when we've launched Total, because people take more product, and they take bigger, you know, license sizes. Our new subscription sales remain still below our, you know, last year comparable numbers. We'll talk more about that when we , so that we can tell how that looks like in Quarter Three. I won't go deeper into that right now.
Our renewal sales have continued to be stable, and it certainly doesn't hurt that our Total product net promoter score is as strong as 48, so that helps. If we move on to Total, we have Tim Boyd, who is the Chief Product and Transformation Officer from Telia Group, who will say a few words. Here we go.
At Telia, trust is the core of what we do. We provide secure connectivity solutions for our customers and enterprises around the world. So for us, when we're looking for a partner for security, it's essential that we have someone who we can trust, and that trusted provider being F-Secure, is so important for us. It allows us the flexibility to deliver our products and services and to drive a customer experience without adding significant complexity to our business, so we can focus on driving our customers' experience and the top-line monetization. An F-Secure partnership can be characterized in three ways for our business. F-Secure provides us with flexible propositions that allow us to seamlessly integrate those propositions into our core experience at Telia. They allow us scalability in our market propositions.
It doesn't matter if it's one customer, 10 customers or 1,000 customers, the solution scales with effect without impacting our customer experience, rather driving our customer experience. And thirdly, it gives us data-driven information across the entire customer life cycle to allow us to look at opportunities to further monetize and, more importantly, further secure our customers' connections.
We've talked a lot about experience here. You know, sense of security, consumer experience, partner experience. I lost count how many times Tim mentioned the word experience in his presentation. What we're doing is thoroughly resonating among our partners. I... You know, this is just Telia group saying this, but this resonates very, very well what we're doing, with the partners out there. Now, back to the question that I believe Felix had earlier about total conversion. We have currently 62 partners, and now when I talk about Total, I mean that these are the partners who have already launched more than one module out of the Total offering. So 62 of them have been signed, and most of them are already live and some are in deployment.
But then what are the kinds of factors that are impacting this conversion move from single products to a more holistic proposition, or just from endpoint protection to more modular? One thing is that, you know, in this time of a market sentiment, there is hesitation amongst partners to go and touch their existing customer bases in some way, changing it, and especially making it slightly bigger, which has a bigger price tag. So very they're very careful with that. So that slows us down somewhat. So the existing bases of users, we would love to get on to the wider proposition, but, you know, partners are having some second thoughts due to the market sentiment out there. Then naturally, there's always a little bit of a shortage on IT and marketing resource and priorities and already mentioned the price increase.
You know, you sell a bigger service, it has a higher price tag. So these are things that may be holding us back and our partners back. On the positive side, you know, they love the fact that we're solving more problems for their customers. We're giving a more holistic sense of security. They love that, and there is a business upside for them in this. They can hear, for instance, at our global partner events, that there is a lot of best practice here that actually makes the case so much better. You know, you listen to one of our Japanese partners who says that their customer calls to their help desk have decreased by over 90%. You know, it's these kind of things that, you know, they love to hear.
And then it's technically very easy and fast to roll out. So these are the kinds of things that are on the challenge side and, and some of the positives. Now, then, if I move on to what does this Tier 1 landscape look like? Here's Matt Bailey, who is responsible at AT&T for their security services, who will tell us what he's experiencing.
At AT&T, our customer security is our top priority. As long as there are ever-changing threats and sophisticated hackers out there, AT&T will continue to be focused on protecting our customers. At AT&T, security is not an afterthought, but part of our core. By design, our protections are continuously working, providing 24/7 proactive security across our network and the AT&T ActiveArmor app. These tools and resources help keep our customers and their personal data safe and secure wherever they are using their devices. Working with F-Secure has helped AT&T to not only provide comprehensive security protections to our customers, but to also provide them an exceptionally simple, easy-to-use customer experience. Through our collaborative partnership with F-Secure, we have been able to combine the security expertise of both of our companies, and we are excited for even more security protections we can bring to our customers in the future.
Also, Matt mentioned the word experience a few times. As you heard from Matt, and as you heard from Danny, from Touch 'n Go, they're both looking forward to enhancing their security proposition to new heights together with us. So capturing the Tier 1 opportunity for us, that naturally means that we want to build a wider consumer reach and use these massive companies to create awareness and demand for the services in the market through the deep pockets and wide access that they have to the market. And they are seeking competitive differentiation, which is why, on Steven's axis, they go more for the solution approach.
Now, with the acquisition of Lookout Life, like I've said, you know, we've added big names onto our partner list, which actually means that, you know, there is not a door that we couldn't knock on and be trustworthy and, and credible. You know, with the market-making power I already referred to, you know, the Tier 1 references are capable of doing things that we could never do by ourselves. Naturally, you know, names like these, they carry a lot of reference value. You know, we have also Tier 1s in the F-Secure that used to be. For instance, Allianz is only days away from launching their service, allyz Cyber Care, in three different European countries, which is what they call complementing physical well-being with digital well-being. This is going out very, very soon.
So that's another Tier 1 example that we have from a non-CSP sector. New vertical partnerships have started well. As a matter of fact, we've beaten our target for 2023 already now. The reasons why they're going for what we're doing, they want to complement their offering, they want to stay relevant towards their partners with new offerings, but at the same time, they have a relatively long time to market. We signed up, you know, Allianz already quite some time ago. They are now launching the service, and naturally, once again, they have a lot of appetite for more. So it's not our wish to land and expand, that's what they want to do. "Let's start with this, let's expand." But naturally, we're not alone. I think it just confirms that we're in the right forest.
With regards to new vertical partnerships, Allstate, for instance, is a partner that Lookout Life already had in the U.S. We have many more embedded capabilities now that, for instance, InsurTech and FinTech companies are interested in. We're planning now to go with more of a vengeance also to the U.S. market in early 2024. We've focused so far more on Europe and APAC. I believe that this is pretty much my final slide. So here is a view on a partner that actually works in this ecosystem of home security.
Why is online security important to my business? Well, online security is important because it's what my customers are asking for. I work for Nokia as part of the Broadband Devices division, so we're providing great Wi-Fi and in-home connectivity for service providers. We work in a B2B2C fashion, and our service providers are constantly asking us for value-added applications, which we integrate into our CPEs. The number one feature that customers are asking for is online security. What does a partnership with F-Secure look like? Well, for me, it's truly a partnership. We collaborate on engineering, we collaborate on testing. From business development, to marketing, to sales, all the way to the end-user experience, it's truly a collaboration. That is what a partnership is all about.
He had to say those words, but there you hear how important it is for them actually to provide much more than technology alone. You know, market making, understanding the proposition, building the commercial models, and so forth. Now, we build scale with embedded security. Nokia is an example on the Wi-Fi router side. So Total has very high value, has very high protection for a consumer. Then with embedded security, we can provide SDKs, APIs, browser plugins, and those can work together. They complement each other, and they cross-sell within the, if you so wish, old F-Secure partners, and with the new ones coming from Lookout Life.
And then also, you know, if we look at mobile or fixed networks, something like DNS security, same thing over there: adding value and also working very well together with Wi-Fi security, as well as endpoint apps like Total. So cross-selling is over there. And ecosystem partnerships are very, very important, especially in the Wi-Fi and network security areas. We don't need and want to develop everything by ourselves. Finally, what's our secret sauce for winning business? There is the recipe. We have a very complete portfolio of services and technologies. We are tuned to provide a solution to the partners based on a very, you know, standardized set of capabilities, but you can pull the levers in many different directions to make it yours. We have a partner DNA from the get-go. Business models, for instance, that Steven talked about earlier.
We focus on business outcomes through our partner success services, and we are a multi-channel player with both partner and direct business, which gives us, in a way, the insight to consumer behavior in earnest. If we were only playing in the partner business, it would be very difficult for us to act as a trusted companion, as a trusted business companion to our partners, because we wouldn't know how to do that by ourselves. So that's that on growth. I see that I've overdone my time a little bit, so we do have time for questions. So there's one coming from the room here.
Hi, Waltteri Rossi from Danske Bank. If I understood correctly, the ARPU development has been positive in direct business. And the organic growth was actually negative in Q2. So, does that mean that the volume has been, you know, decreasing?
Small. Small decrease.
Small decrease.
Small decrease.
Okay. Then the same question, kind of, on the partner side. With the Total upgrades, I assume that the ARPU has also been increasing.
Yeah.
What about the volume side there? Have you lost any partners or...?
There are certain partners where user numbers are going down for different reasons. For instance, defocusing on security or starting to ask money for something that they gave for free in the past, which, for us, may mean that we make less money. But then the growing ones more than outpace the decreasing ones, so the net result is positive.
All right. Thanks a lot.
One more.
Felix Henriksson, Nordea. One question on the U.S. market and the competition. I think we touched on it earlier, that, you know, I think it's a good question on whether or not you can sort of replace some of the existing, you know, security software winners for the U.S. Tier 1 partners. I’m just wondering, how’s your thinking in terms of, like, price discipline on that? Do you think that, you know, you’re willing to sacrifice on the price point to get your products, you know, in the door? Or, you know, can we expect that, you know, you’ll be able to gain share with maintaining healthy pricing in the U.S. market?
First of all, you know, the world is rough out there and depends case on case, you know, what you're able to do. The U.S. market, the price levels are healthier than practically in any other market in the world, major markets, so the prices are relatively healthy to begin with. So I would say that that in itself is, is an important thing to keep in mind. Secondly, the service providers over in the U.S., they want the right thing for them. It's not a... You know, price is not the defining factor. Absolutely, it is, it is one ingredient in their decision-making, but that's not the thing. They want the experience and the solution that is right for their customers, and they're willing to part with money to have that. But naturally, there's, there is competition.
You know, you very rightly say that, you know, every single Tier 1, they already have some partner. So there is, there is either a view that they haven't solved something in the past, and that is the case in most cases, that we go in with something that they've never done before, you know, element of consumer security, and then we can expand from there. But there are cases where there is discontent with the current partner, and, and they, they want to make changes. But that's more of an exception than the rule to begin with.
Maybe just a quick follow-up on that. When you've, you know, discussed with the U.S. Tier 1 s right now, do they see any value from being able to buy, let's say, desktop, mobile, and router security from a one-stop shop versus, you know, purchasing some components from, you know, or essentially multi-sourcing from different vendors?
Short answer is yes, they see value. They may not go for all of the value to begin with, but we are a prettier bride because of the reason that we have more to offer as they move along. We have more to provide. That's a definite positive. Like you heard it from, like, Matt Bailey, from AT&T, that he's really looking forward to expanding things, and they want to limit the number of partners and do more with the ones they have.
Thank you.
Any questions from online? No. Okay. So then I will hand over to Sari Somerkallio, our CFO.
Hello, everybody. Thank you, Timo. I hope you have enjoyed this Investor Day. It's an interesting spot to be the last one here when all the business topics have been covered, and as a CFO, I don't have much news to tell. We had the profit warning, and we'll have the Q3 later on, so not so much new perspectives. But I hope that I can expand a little bit and summarize maybe differently what we have discussed today. So let's look at F-Secure as an investment object and how we are going towards 2026, where we have set our midterm financial targets. This is very much what we have talked about during today. We are in the consumer cybersecurity business, which is a growing market, a very good opportunity.
In this business, we are a global leader in the CSP channel, and this was already the case before Lookout Life, and now we are just stronger there. And then we have shown that we can expand this model to new verticals, and now with Lookout Life, also to Tier 1 partnerships. And this, I think these have been the theme of the whole day, but I think very, very strong claims on our side. And this growing market grows faster in the U.S., and it is there, that's the largest market. So that's why it's really great that we are now almost three times the size that we were before the acquisition. So it is really a good platform to build on. And even after the acquisition, we are very profitable.
We have a scalable business model, and we continue to follow the Rule of 30, so balancing with growth and profitability, both, both being important. And also this dividend policy continues the same as before, and with our strong cash flow, we will be able to pay dividends according to the policy. And that bridges maybe nicely to this question that what do we do with our cash flow? At the time of the acquisition or after that, we heard many comments that well, maybe surprise is how we did this big acquisition and how much more risk there is nowadays, and did the whole profile change? Well, yes, if you look at the balance sheet, so of course, the profile changed quite a bit.
But we are still having the good cash flow, and we still can do the things that we did before the acquisition. So the first point here on this slide, so that's of course, new. Now, we have a big bank loan that we need to take care of. Our leverage was after Q2 at 3.5, and we added a new target where we say that the normal level should be below 2.5. So it's clear that now we need to take care of our debt, and that of course, involves also paying interest and amortizing the loan. But that doesn't take all our funds.
So we have, of course, when we made the acquisition, so this was a, an important discussion, and we, we retained the same dividend policy where we say that we pay around or above 50%, depending on what is the, the, what kind of investment targets we have. And of course, with the current interest rate, it's also, also, good to pay, pay the debt. But the 50% level is, is a sort of threshold for the, for the dividend. And then, luckily, our operative business doesn't take much, much CapEx. It's not investment heavy, so when we work on our profitable growth, so that just creates more cash flow all the time. M&A, yes, continues to be on the table.
We want to look into this and have a systematic approach, but it's clear that we are not going to make a similar big acquisition. Of course, we need to integrate what we have now, and we need to take care of the leverage level and get to a little bit, well, to a leverage situation that is according to our target. But of course, we look at the market, what there is, and there can be smaller cases which could be about, for example, technology, that are relevant and that we look into. But clearly, despite the loan, so many things remain also the same as they were before. From the M&A topic, so, looking at where we are now with Lookout Life, that has been, of course, mentioned several times today.
We opened up the synergies that we are expecting with Lookout Life a bit more in the Q2 release session. The targets remain the same, where we aim at getting EUR 12 million of synergy revenues in by year 2027. So of course, it is growing over time and gradually getting there. On EBITDA level, it is EUR 10 million. So these are the same numbers that we've said before. And the EBITDA is it's a gross margin impact of that the growth synergies, and there are some cost synergies as well. But on the other hand, of course, some extra investment as well to get the growth. And how we are then doing with the integration?
There's been a lot of talk about the portfolio today, so there we are doing really well. We have looked into this, and we have actually changed our first set of plans, and now we are doing it faster than we initially planned. And that, of course, will give cost benefits earlier than originally thought. And on technology side, Toby went very carefully through our plan. So there we are also transferring the technology and building up our own capabilities, and it is proceeding as planned. New fellows, we got 65 new fellows and also a set of contractors as part of the acquisition, so they are integrated. Most of the processes work business as usual. There are still some tails, and I think the last new...
The new fellows are now getting their new, new F-Secure laptops and-- but of course, they've been able to work in our environment already before this. There are certain things that are still going on, but pretty much business as usual. On the technology TSA side, I think Toby gave the picture from there, and we have IT TSAs that are needed to ensure that we get access to the Lookout technology according to the service agreements. Otherwise, there are no, no TSAs anymore. Yeah, we might occasionally call some Lookout people and ask for advice on something that comes up for the first time, but no, no real TSAs anymore on the admin side. Quite a good situation there.
About this year, unfortunately, a couple of weeks ago, we had to issue a profit warning in Q2. Timo and myself still said that we believe in the old guidance, but now, during our last forecast updating round, it then became obvious that we were not able to maintain the old one. Of course, it is a disappointment for us. We've seen also in general, in other companies, that the market sentiment is not really helping us. We continue to see that this is a growing business and consumers are willing to pay, but they are a bit price sensitive and maybe the decisions are taken a little bit more slowly. That has had an impact then, of course, on our side.
And also we have, like, maybe our partners are slower with their, some of their investment decisions, whether it is IT bandwidth or their marketing effort, but similarly, we've also taken decisions on regarding our direct business marketing, as we see that this is not the time when you get the best payback. And maybe good also to remember that even with these new numbers, you count the EBITDA percentage from here, so we are still above 30%. So it is a very profitable business still, even if this is clearly so the dip that we see due to the factors that we have going on there, see, still tails of this investment in us being independent, building for growth, and ensuring that we integrate Lookout Life as soon as possible.
Three reasons why we are lower than the history shows. Then, moving to an exciting topic of ESG. This is something that as we started a bit more than a year ago as an independent company, of course, there was a WithSecure legacy, but we had to build our own processes and strategies in this area. We have now established an ESG council. Our leadership team has this on the agenda, audit committee has regularly on the agenda, and we are getting prepared for everything that the sort of regulation requires from us. We had a sustainability report already last year. This year there will be an ESG report and going further, so there will be even more requirements on this.
We've come to the conclusion that, or our strategy is we are committed to keeping people and society safe. So in ESG, it is the letter S that is important for us. Our three commitments are protecting digital moments, responsible business, and Fellow experience. I think the nice thing for us in this ESG is that this is really about what our real business is. Protecting digital moments is our business, but it is also something that fits the ESG context. When we do our business responsibly, then we are also doing our share of ESG. Fellow experience, that's the third one. It's of course an internal thing.
People are needed for delivering on these commitments, and acquiring the right talent and keeping it in-house is important for us. That's why this is the third commitment here. You don't see here environment as such, but it is included in this responsible business part. It is, of course, important for us to keep... take care of our environmental responsibility. The good news is that we are in a business which is very low, low carbon emission business. We've now done the homework here, and we see that even including Scope 3, our impact is similar to 200 Finnish households, so not very much. Even if it's a low number, of course, we want to be responsible here and reduce this.
Most of our emissions come through the offices and the services we are buying. Of course, we have also the hosting part, but maybe that share is smaller than you would imagine. Our intention is to go to this Science Based Targets initiative, and we are preparing for that and considering to submit our commitment letter to that during next year. We will start reporting on these emissions and many other KPIs, and already in the ESG report for 2023, you will see more scope than we had last year. From ESG reporting to financial reporting, here are just some things that we were considering to make clear that how we are going to report going further, and also maybe why and some explanations.
So yesterday, we announced some financial information where we were combining F-Secure and Lookout Life for the past rolling four quarters, and I hope analysts find that helpful. Then you can see the sort of pro forma growth, even if these are not official pro forma numbers, but I think that's a term we easily use anyways. If you are wondering why we didn't give them further back, so we felt that they are not so relevant and comparable. We have our own carve-out history from WithSecure, and similarly, on Lookout Life side, that was not even run as a business unit on their side. So this was sort of the minimum that we thought that is helpful. So now going on when we release quarters, you will have a comparable quarter that you can use.
In Q2, we gave that organic growth number for F-Secure, and we'll continue reporting that as long as it's relevant, so maximum to Q2 next year. If this cross-selling and we move so much faster on the synergies that the numbers don't feel any more reliable, that this is the old F-Secure. So of course, then we'll reconsider and we'll tell you if that is the case. But maybe current assumption is that Q2 2024. For cross-selling and synergies, so we will comment verbally how we are moving on with those. Of course, they are important for cross-selling. If there are significant numbers, we can consider also informing about those. During the last...
Or actually, I think it's entire F-Secure history, we have informed about, commented the country-specific developments, and we'll continue working on that. Regions is where you get the numbers, but the commentary we want to develop. For the TSAs, for WithSecure TSAs, that reporting will end at the end of this year, and then, for Lookout Life, so I think at least until end of 2025. You saw on Toby's slide that 2024 and 2025 are big TSA years on the technology side. So that's the intention. Then I have here a few data points that I hope that especially analysts find that are interesting, and this is not the promise of future reporting, but just to give some context.
So, this is now a snapshot from a period starting from June, so that Lookout Life is included. And here, on the regional split, so here North America is bigger, and Japan included in rest of the world, they are bigger than they were in the F-Secure context. And, not definitely walking through the pies, you will get this material afterwards, but maybe one comment you see in rest of Europe, Poland is there 10%. We have commented the development in Poland several time, and that's a country that has gone smaller, triggered by the regulation changes in the country. So that used to be bigger, but now 10% of that rest of Europe.
Then, this is there in the background, you see one of T.L. slides, where we have the app-based business, which is more or less a security suite business, and then the others embedded, and now embedded includes Sense and DNS, and AT&T is in there. So that part, which is maybe the new part to F-Secure, is 16% at the moment, but that's the part which is growing faster and where we have lots of our ambitions. And the app-based part, which is the big majority, so that's of course where the best profitability is, and where we, of course, also expect growth, and really the profitable growth should come from there. You've seen several charts today about the possibilities that we have with Total. Then some more data points.
We talk always in our interim releases about how the new sales are in their direct business are going and how is the renewals. Here, now, 22% approximately is currently the share of the new sales in direct business. So also good to remember that if direct business is about 20%, so it is 20% of the 20% that... where the biggest challenges are. So in other places, the market consumer sentiment impact is a little bit more indirect, but that's the part where it is most direct. And I can say that this has the new sales part is smaller than it was with F-Secure earlier.
Most of Lookout Life's direct business has been based on renewals lately, but there are now, even though we said that we have reduced the marketing plans, but there are marketing plans to create growth there. Then on partner business side, different type of data point. Historically, most of our partner business has been based on monthly invoicing. But now this picture has changed both with the new verticals and embedded solutions on F-Secure side, but as well with Lookout Life, that they are more of other structures than the monthly invoices. So there can be bigger advanced payments of the type non-recurring engineering revenue, or there can be annual payments, for example. So different types of structures, and that leads to more of the revenue coming then through the balance sheet.
The last pie here, you see that it is still over half of the deferred revenue that comes from direct business, but the partner part has increased quite a lot. Coming to my last slide, just seeing where we really are now and how we are going to our 2026 target. If we a little bit look back where we were after last year, our first year as independent company, so we delivered a bit more than EUR 110 million in revenue and growth of more than 4%, and EBITDA of almost 40%. But half of that was during the time when we were not yet independent, and we got some benefits in cost structure from being a part of a bigger entity.
We paid a very high dividend, close to 80%, but that was only for half a year, so in terms of euros, it was not, not so much. Basically, no debt at that time, so actually cash positive. This year, we went through our new guidance, but now with this EUR 128 million-EUR 132 million in revenue, we are clearly a bigger company than last year. Of course, that continues to grow as here on Lookout Life is only for seven months. Profitability is over 30%, but there is a dip, and we already went through the reasons. There's the independence, and growth, and integration. We see that this is a temporary dip, and definitely we are going to higher levels.
Our targets for midterm that we informed in the spring, so we are definitely still going for this, and I think the whole day today has been about explaining how we intend to get there. With getting the revenue to above EUR 200 million, it's a total conversion. It is a new go-to-market channels and new offering, and creating that security experience, partners and consumers. But of course, partners are the bigger part of our business. With those creating the growth, with our scalable business, that helps very much in getting up the profitability, but it's not only about the scalability, but of course, we also now see cost that is temporary.
With these financials, we continue with the same dividend policy, and we, of course, take care of our balance sheet. Currently working on getting the leverage lower down. This is the story for today. You will later have a possibility to ask everybody in the management team, but are there now specific questions to me?
Thank you, Sari, for the presentation. I have a couple questions. Firstly, on the Lookout synergies. I think in the Q2 report, you communicated that, you know, in 2023, 2024, synergy realization will be limited. Then in 2025, you're looking at getting 60% of the synergies to be achieved, and more than 80% by 2037. Now, that you've sort of changed the integration plan a little bit, is this roadmap still valid?
Yeah. I think that it is pretty valid. Of course, there can be some shifts, and I think there are hopes that certain cost synergies could come earlier, because there we have really accelerated compared to our original plans. And of course, I hope that that also helps in getting the revenue synergies earlier. So maybe no changes to the guidance, but I think that there are positive signs, could maybe say so.
That's good to hear. Then on the margin expansion, you've clearly communicated that there are temporary costs that are burdening your margins at the moment. You're looking at getting to above 42% after initial growth investments. Do you think that's an achievable level prior to 2026? And how do you sort of convince investors that the Lookout integration will not end, you know, eat up endless amounts of OpEx? 'Cause I think that's a concern at the moment.
Yeah, yeah. Of course, it is a relevant concern looking at our numbers today and this year. I'm sure that now that some of the growth is a little bit delayed, and this is the scalable business, which is sort of positive when you grow, and if you don't grow as fast, it is a bit negative. I'm sure that there is some delay to our original own plans, but doesn't change the picture for 2026. But of course, now, with this year's numbers, the starting point is a little bit lower.
Right. I think that's all from me at this point.
Atte Riikola from Inderes. Maybe first about, you mentioned on one slide that the Lookout integration is basically going according to the plan, but I think you mentioned in the profit warning that there has been some challenges. So could you explain the difference with the messages?
Yeah. What we mentioned was that there were some delays when maybe we had a little bit positive expectations that everything will go so smoothly that nothing changes even a little bit. And there were some hiccups with how everybody got access to all the systems and got their new tools working, and now that is okay. So, I would almost turn it so that maybe our original expectation was too positive, but now we are... Yeah, and you see the sort of impact of those challenges are in the numbers that we have shown and in the guidance.
Okay. Could you remind me about that? What is like the base, EBITDA level that you are looking and calculating when you're talking about those Lookout synergies? Because there is like, after the acquisition, you have mentioned those fair value adjustments for the deferred revenue and some OpEx increases. Of course, it depends how, how, how you calculate those synergies-
Yeah
What's the end result?
Yeah. I don't think there is currently no other answer than the target that we have for 2026 and where we are now. So of course, we are also because some of the costs we know they are temporary, and then depends on how the growth comes, and we are now working on our actually long-term plan, currently discussing with the board, and then we will budget for next year, and you will get the guidance in due time.
About your EBITDA margin target, do you think you need to reach the scale of EUR 200 million+ to reach the 42% EBITDA level?
Yeah, hard to say where the break even is at where do we reach it? Maybe again, saying that the scalability of the business is really a key, and we need growth to get there. But yeah, how much growth and it may be so that with 200, we can be even higher, but that's on our own drawing tables.
Last question from me. In the profit warning statement, you mentioned that you're taking some actions to defend your profitability during this tough time. So-
Mm
... can you open up those a little bit?
Yeah. Well, of course, as a management team, we are all the time looking at the costs, and for example, we have been recruiting quite a lot to answer to all those needs that we have. And for example, these AI topics, and there are many things where we see that we need certain new competencies, and we have recruited, but now we are a little bit postponing certain things and really seeing how we can, for example, internally, replace roles so that we make the right prioritization. So of course, that's always the first thing to do.
All right. Thank you.
One question from online.
Yes, we have one question from Jaakko Tyrväinen. Given all the planned developments and the growth ambitions you have presented today, do you need to increase your R&D budget significantly going forward?
Yeah. Well, of course, as we grow as a business, so I'm sure also R&D will grow, and maybe later on, Toby can also comment on the topic. But also, we've now had so many unusual topics, which we are now working on, but which are temporary in nature, and when the growth comes, these investments don't need to grow at the same pace. So I don't expect that to grow as a share of top line, for example. Okay, then we move on.
There we go. The picture over there, I seem to be at a loss of words. Hopefully, not now, giving the closing words. So just to recap, you know, the message around our vision: to become the number one security experience company in the world, I think that must not have gone unnoticed, right? And you also heard from many of our partners who, how crucial actually that is also for them, and it resonates. We believe that our strategy remains valid, that the key choices with regards to geographical focus, the solution focus, the kind of channel mix that we have, the kind of differentiation we have, we think that that, in its high level, is absolutely fine.
However, when it comes to the partnership side, we feel that it is the right move for us now to leverage the new capabilities and skills and references we have through the acquisition of Lookout Life, to push the pedal to the metal, to start going in earnest after more Tier 1 partnerships. And also, you know, even though the message of the security experience is resonating well, we feel that we need to increase the speed of execution on that front. And for that, you know, you saw what, especially T.L. and Toby were presenting. You know, it all starts from research. It goes into innovative solutions that turn into products, which now, in our case, need to be tackling certain digital moments and full-circle scam processes.
That's what we're doing, going from research to full solutions that protect people from scams and actually deliver on the promise of trusted companion. I think that especially Steven talked about that quite a bit. So we need to accelerate that. So that's in a way the high-level message. The one final thing I would like to say is that you know when we went for the Lookout Life acquisition, we never thought that this is a quick win. Right when we started talking about the transaction at the end of April, and then when we closed it, I believe we made it clear that we are looking for bigger benefits a couple of years down the line, two to three years down the line.
You know, I referred earlier to the fact that if you don't move forward, you quickly find yourself moving backwards... Now we moved forward in the U.S. market, and that is never something that you get as a bargain. You never get that as a bargain. We are now much more present, and we have a much better place to attack in the U.S. market and gain share than we ever had before, and we paid a price for that. And now, naturally, we need to deliver on the capabilities in sales, R&D, product, supporting functions, and so forth, so that we can actually make that all happen. But that's what we're absolutely committed and, and confident of doing. This is not a 100-m dash. I used to be an 800-m runner myself.
I think this is more like a, like a 5K, 10K race, if not a half marathon, but we have the stamina it takes. Thank you, everybody. Now, it's time for questions and answers with all the speakers who have been here on the podium before. So may I ask, Sari, T.L., Steven, and Toby to step forward and take any further questions that we might have in the room or online?
Atte Riikola from Inderes. Maybe one last question from me still. You mentioned on the slide somewhere that now your portfolio is 100% complete, but still you might be looking some kind of smaller technology acquisition. So is there some pieces or products or features for the portfolio that's still missing?
Perfect question for T.L. here.
I'll also ask me Toby to chime in. I think, it's, it's important to acknowledge that, you know, when we look at the portfolio, I think the portfolio needs to follow what we are chasing, and that's what I think Timo summarized at the end. We, we want to ensure that we can drive that strategy with the portfolio, so it needs to be business driven, number one. And I think referring to what Sari mentioned. And again, so that's the - that's how the portfolio, whether it's driving the growth strategy and supporting it or not, is answered. So we continue to look at what aspects are missing and whether it's a, a build or a buy decision. But like Sari said, we believe that from a completeness perspective, in terms of what offerings we need to drive the growth strategy, we are there.
Now, of course, I will let Toby chime in. I think Toby also refers to the depth of not just the capabilities, but how deep do we go in the protection. Do we need to have pure technology horsepower? That's something, and it's also an area where we have the same conversation, where we acquire skills or buy the skills, acquire technology, or build it ourselves. These are the two areas in which we have to constantly keep ourselves balanced. I don't know, Toby, if you want to add something on the-
Thank you. Just to maybe add some color, I think that's exactly right. You know, it's not purely about M&A activity, although that's obviously a tool in our toolbox. I think if I were to be concrete, the drivers for these would be the fact that, you know, this set of scams is forever growing, right? And so there are capabilities that we don't have in our portfolio today that we might see are coming over the fence on to them soon, sometime soon. So for example, things around understanding people's behavior on social media, you know, so social media monitoring, being able to identify scam patterns of activity there, you know, that's an area where there's definitely more we could do.
When we look at, you know, some of the ambitions that we might have, you know, we, we mentioned romance scams earlier. You know, you saw, a 2026 vision of, of, you know, how we might detect things like that. You know, that, that, that's, relying on, on technologies that maybe actually don't exist yet. But in terms of being able to, to understand the impact of generative AI on the scam landscape, and there will be technologies that we need to have at our fingertips there. Whether we need them or whether we can outsource them is a different question.
I think T.L.'s general technology point, if you look at this, you know, this virtuous cycle, if you like, that we're trying to build around scams, or around understanding scams and mitigating them, you know, it relies heavily on being able to acquire and manipulate and use the data, and develop the models that help us do a much better job there. And I think that's something which is a very active area of development and is ripe for more competencies, more external partners, and quite possibly more acquisitions as well.
I would say that acquiring technology is a possibility. Any other questions from the room? There's one from the back.
Hey, Waltteri Rossi, Danske Bank. Overall market outlook, we know it's been a challenging market. Do you see it going into better times already? When do you see a turning point?
I would say that our finger on the direct business pulse is the one that gives us maybe the better feel for certain markets, and that's very European-centric, so it's not necessarily that holistic. We will come back to that in the Quarter Three release. I don't wanna delve into that now. We're still some days short of the quarter end. There are ruminations in the market that consumer sentiment may start getting better, maybe perhaps like next summer onwards, even in Europe. But I believe that we have better experts on that in the room, being the analysts, who can tell us when that sentiment might turn better. We don't see it turning worse right now, let's put it that way.
All right, thanks. Another question on the ActiveArmor and the AT&T partnership. I'm not sure if I missed it if it was said, but was that gained through Lookout, that partnership, or was it already with F-Secure?
Came through Lookout Life.
Thanks. Anyone else? We have online question.
Yes, let's take some questions from, from the chat. Could you quantify the R&D Lookout TSA cost estimate for 2024, 2025, and 2026?
The chart that Toby showed, so there was the thickness of the arrows, that was indicative of the size, so no exact euros. But you know what we have paid in, in 2022 and 2023, so you see the relationship from there.
Yes. Are your cost savings in the direct business meant to only mitigate the lack of growth impact on margins, or are they larger, actually improving margin short term?
Typically in direct business, it's a sort of lifetime value business, and when you make marketing investments, initially it's not very profitable. It's profitable over the time. So actually short term, you can get a positive impact of not doing marketing, but of course, that will not fly long term.
One final question. When will Lookout Life business be up and running in line with earlier growth plans, in Q4 2023 or in early 2024?
That remains to be seen precisely. And to be honest, we are not thinking about Lookout Life necessarily as a separate business entity anymore. We have actually integrated F-Secure into one company. We are naturally interested in the growth projections that we have for the new partners that we gained through Lookout Life, and cross-selling between, you know, partners we used to have and the partners we've gained through the acquisition. But for now, I can't give a clear indication on that.
Thank you. Those were all the questions from the chat.
Okay. Any more questions in the room? Apparently not. So I would like to say big thanks to everybody who joined us over the stream. Hope this was interesting, hope you got new information with regards to our thoughts about the future, the Lookout Life acquisition, our finances, the way that we see how we're going to be delivering the security experience of the future. We are going to get together again the next time with our Quarter Three release on the 25th of October. I hope to see many of you over there. But thanks for attending today. Have a great day!