Good morning, everyone, and welcome to the investor call on SSH Communications Security's Q1 2022 business review. My name is Eemil Friman. This meeting will be recorded and the recording along with the presentation slides will be available on the SSH website later today. The business review will be presented by our Chief Executive Officer, Teemu Tunkelo, and Chief Financial Officer Niklas Nordström. There will be a Q&A session at the end of the presentation. From now on, Teemu and Niklas, the stage is yours.
Thank you, Eemil.
Thank you, Eemil.
Without further ado, maybe Niklas, let's go to the numbers.
Sure. Welcome also on my behalf. Let's get started. We started the year with a positive note on a broad front. Our revenue grew 64% compared to the comparison period, and we improved our EBITDA and profit significantly. We report the fourth consecutive positive EBITDA quarter in Q1, so we grew profitably, and we were able to maintain also a stable liquidity position despite having paid out the EUR 1.4 million interest for the hybrid loan. Being able to maintain a positive liquidity was due to our cash flow from operations also being positive and improving from the comparison period. We ended the quarter with 125 full-time employees. Next, I'll show you a couple of significant revenue development milestones that we have reached in Q1. If you change the slides, please.
Thanks. The first significant milestone has to do with our annually recurring revenue.
This metric increased EUR 7.5 million or 84% compared to the comparison period and grew a further 6% or EUR 1 million from the end of Q4. Importantly, in March, our annually recurring revenue was already higher than our full-year reported revenue for 2021. The second important milestone relates to the development of our subscription revenue. Our subscription ARR grew EUR 6.9 million from the comparison period totaling EUR 8.1 million in March. Approximately half of our recurring revenue is already subscription-based. Importantly, our subscription revenue surpassed maintenance revenue in Q1. Next slide, please. On a regional level, APAC performed well in Q1, showing signs of revitalizing while EMEA stands out with its excellent performance. In Americas, we still have room for improvement in the coming quarters.
Next, I'll give the mic to Teemu, who will tell you some highlights of what's behind the numbers. Thanks.
Thank you, Niklas. As you saw from Niklas' presentation, we did very well in the Q1 . We had a plan. We were able to execute on the plan. It is really focused on our existing portfolio that is proven in use and now also future-proof. We are focusing on getting the go-to-market more efficient than before in order to continue to drive the growth. As Niklas said, EMEA was the real winner, and it has been really beyond the numbers as well. The demand increase, our pipeline is all-time high. Customers are bringing us more inbound leads than before, so our sales is very busy at the moment, or was busy at the Q1 . The new solutions that we developed last year have really gotten attention in the market.
PrivX Operational Technology and Managed Service Provider editions both are really gotten the attention of the analysts and market analysts and customers. UKM Zero Trust Edition is really making headway with our existing customers and bringing in new customers, which you will see later coming up. We already announced that the first Tectia Quantum Safe edition was sold last year, and we are having several customer discussions ongoing with both Tectia and NQX related to the Quantum Safe editions. During the quarter, we invested in our professional services, expanding it to other regions, where EMEA has been the strongest in the past, and the partner businesses we are developing, and I will talk about that when we discuss the topics moving forward. The activities on the business side by executing our plan led to the financial performance that Niklas presented.
I just want to point out the key three things that I think are worth remembering on our financial performance. We have been able to invest in R&D and the operations without the R&D investment. EBITDA is now Q4 in a row positive, which makes really good foundation for us to continue to invest in the market, in the go-to-market. The two points that make stability for our business are subscription sales exceeded our maintenance revenue. Subscription sales also with the install base is coming because more and more customers are understanding that if you only buy a perpetual license and a maintenance contract, you will not get new features. If you buy subscription or SaaS, with subscription, you get new features, so the product stays future-proof. With SaaS solution, you don't have to have your own servers.
We moved to the subscription business, which is the future of software business in general. We all have seen it earlier with virus software that was initially sold as perpetual license. Because hackers get more clever, viruses get more complex, you need to buy virus software as a subscription, and that very much is related to our products as well. The run rate at the end of the quarter of our recurring revenue exceeded last year full year revenue, which gives us a solid foundation for further growth. Now, if we move forward to the next slide, talking about how does the rest of the year look like.
We will drive further growth on several fronts on the go-to-market side, and we are positioning ourselves to be on the defensive cybersecurity market because we found that a lot of our customers think a lot about hacking and external attack vectors when they think about cybersecurity. What we do is always defensive side. We protect customers' data at rest, in transit, and in use. I think that it's a solid and good position to be in.
The mega trends that we see moving forward that will help us because we are ready in all these fronts are the Zero Trust, which is basically PrivX technologies, also supported generally by the whole marketplace that Zero Trust is the way to go to be password-less, to be keyless, to be PIN codeless, and providing just enough access just in time for the people who are allowed to do it. Operational Technology incidents and cybersecurity have really recent industry being our percentage-wise largest growing customer segment, because banks and governments largely have invested in cybersecurity solutions like ours. The big growth opportunity are the factories, harbors, airports, and other critical infrastructure.
A year ago, I thought that Quantum Safe is taking a long time to come, but now we can hear more and more customers saying that "I might not know if quantum computers ever come, but I have to be prepared for it." We are getting a lot more interest in our Quantum Safe elements of our portfolio, so at the moment, Tectia and NQX. Moving forward, we continue to be closer to our customers, both sales-wise, digitally and technical services, professional services, support services, activities are on the rise. We feel that's important for our sustainable long-term growth, especially because our growth is largely based on land and expand with the subscription model, with the technology of PrivX and the architecture.
It's possible to start small and add to your install base over time, that makes us that we have to stay with the customers and make sure that they expand the use of our technologies and solutions. We are driving further to change from point products to value-added solutions, which we call editions. We are putting investments in our partnering ecosystem by cooperating with other technology providers and revamping our sales channels to better support especially PrivX and NQX growth through the channels. Tectia already is largely sold through the channel as well as Deltagon. Professional services, as said earlier, we continue to invest in professional services because that's a great way to be close to customer. Our professional services are focused on supporting our solution growth. It's not really a business of its own.
We report it into the product lines, and we want to keep our professional services executed in areas where we help customers to design, implement, or develop our products in their environment. With these activities in place, we are planning ahead, as we have already told. Our guidance remains unchanged. With these words, I'd like to start the Q&A session. You can either ask questions, raise your hand, or write on the chat, and then Eemil will read the questions. The podium is open.
Good morning. Do you hear me?
Yeah. Yes. Go ahead.
Great. Thank you. So you reported a strong ARR growth, both normal ARR, but also subscription ARR. I'm thinking the sequential growth rate. What are the main drivers behind this? Thank you.
One element in that is, of course, Deltagon, continuing also organic growth on its own. PrivX is the biggest thing, and we also have introduced subscription sales for Tectia and UKM. Most of our portfolio, we go in by trying to convince customers that the subscription is better for you because you need a future-proof product. That has been more and more accepted for all our product lines.
Is it, would you say it's mainly driven by, new customers or by the expanding with existing ones?
I would say. Now, if you look at the Q1 , we got new customers in the last quarter significantly with PrivX. If we think that they are existing customers, then we are probably 50/50 existing customers and new customers. But in a sense, I must say that the new logos coming into PrivX have been significant. New logos coming to Deltagon has been significant. All in all we got 90 new customer names into our customer base during the last quarter. You can see that we have more and more new customers are coming in, and the existing customers are executing on our land and expand strategy.
Great. License sales were obviously very high in Q4 2021, which makes it yeah natural that it comes down a bit this quarter. How do you see that developing during the rest of the year?
I think that that's, in a sense, for me, we want to continue the license sales at certain level. I thought, or our plan was to have roughly 20% license sales of total sales, but that didn't happen. Very often the license sales comes in the Q4 , and traditionally our Q1 has been lower than the other quarters. It is understandable for me. Of course, it would have been good to have the license sales as we originally planned, but we were not able to close the deals that are in the pipeline during the quarter.
Great. Thanks. I might come back with some questions soon.
Eemil, do you have questions from the chat?
I can take the first question from the chat. There's also a second one related to this area. Of course, the NCSA certification situation. We announced in the Q4 report that we would expect it to come in Q1, and this was the timeframe that was given to us by Traficom. This is the certifying authority, and they are unfortunately a little bit notorious for exceeding timelines. Now there's a question here about the probability of happening in Q2. Now I will stick my neck out, and I will say that personally, I expect the probability to be extremely high that we will receive it in Q2. This is my statement signed in blood.
This is, of course, a critical piece of paper, as a lot of our pipeline, the majority of our pipeline is pending certification of the new version. This version is, of course, the version that has the capabilities for centralized management and that means large deployments are possible with that version.
Niklas, there is also the question about the new customers and possible new reporting model for that. Can you share your thoughts?
We have not changed our way of reporting new logos. If there is a new customer that is entirely new to us, then it's reported as a new customer. This is the way we have done it for several years, and this is the way we'll also continue. The 90 new customers that we did sign during Q1 are completely new logos. This doesn't contain upsell or any these kind of things. Land and expand as Teemu said.
It's important for us to get a lot of new customers, especially because of the land and expand strategy, because that means that the initial purchases are often subscriptions that are EUR 10,000 a year, EUR 20,000 a year, with the further potential to become EUR 100,000 when the customers in six to 12 months are able to roll out the system, to use in their whole install base. It really builds the fundamentals for our more predictable revenue development because we get a lot of new customers that start small and are gonna expand expenditure towards us, which will help that the install base will be a big part of our revenue growth. The new logos, of course, are building growth on quarter-to-quarter comparisons.
There's also a question here about our capacity for onboarding more than 90 per quarter. I think we are very scalable in this. We don't have a bottleneck in onboarding new customers in a given quarter. We are not even close to being in a bottleneck situation with this. We have standard agreements and we have a revenue management team that is able to allocate licenses through the system. It's a very scalable administrative operation.
It's not only our sales force and our support who do the onboarding. Big part of our business is done through the indirect channel, which does a lot of work with the customers. In many cases, like with Tectia and Deltagon, they also do the first-level support. Our support is supporting named users, super users and the customer and that makes it very easy that we can take customers in. If they need a license, they can do it self-service once they've done the purchase with our download center. Our bandwidth can do more than 90 customers per quarter.
Hi, this is Forbes again. I have a question about Deltagon, and if you could say anything about how it performed in 2021, if it continued on its growth trajectory and high profitability.
Niklas, can you take this one?
It continued on its growth path. We did not achieve the growth that we targeted through expansion in our own existing channels. We are still working on that, especially in the APAC region, where the demand for these kind of solutions is high. You have to remember that in a subscription business model, even though there would be a substantial deal, let's say in Q4, the revenue impact for the year is minimal because of the phasing effect of the subscription business. Deltagon business is progressing well. It's a highly profitable product line, and we have some excellent new flagship customers that have taken the whole Deltagon suite into use.
It's going well, but of course not so quickly as myself and Teemu would have an appetite for. We are working and we have deployed the strategies and the product line in our other regions as well. There are currently ongoing negotiations in all of them.
The opportunity I see in other regions or in other countries, we can see it already in Sweden that we are getting very good customer names both from the government and private side. The interest in Asia and in US is picking up. It has taken a little bit longer than we planned because in big organizations, the people who buy other of our products are not the same people who buy communications products, meaning people-to-people communications products. In a bigger organization, we have to navigate inside the customer to find the right person to talk to. In smaller organizations, let's say less than 5,000 employees, typically there's a CIO office that can do both, and then it's easier.
Really on the whale size of customers, we needed to do more work to find the right people. We of course get help from our current customers. They say, "Yeah, go and talk to this and that, and I can connect you." That always takes time. You need to know new people. I think it has a little delay, but I can still see the market demand for encrypted communications between people across countries, across organizations is just starting. There's also two kinds of movements or two-way movements. There are organizations who say that office is enough, but lately we have seen many customers coming to say that for a certain part of my organization, office is not enough. That includes healthcare, that includes government, and that includes people who do business cross-border.
For example, if you operate engineering in another country than where your factory is, then you see I need different ways to transfer the data from Finland to China, Finland to Vietnam and back. This is happening more and more that the engineers are sitting in different places, and the importance of the value of the design data, the roadmaps, customer information, it has become more and more obvious for people that this link between the engineering and factories has to be better protected than just VPN.
One thing maybe worth mentioning is that the Deltagon suite has a very low customer churn, so it's a sticky product like other products in the SSH portfolio. Something which is not visible outside is that we have integrated the Deltagon technology into the SSH R&D platforms, and we are working on a technology refresh, which will also sort of future-proof the product and the users will then see a much improved visual user interface. We are currently bringing that product to the, you know, 2020s.
Great. Very helpful. Thank you. A final question from me then about the Lighthouse customer you won last year that's supposed to give EUR 20 million over a couple of years. Is it progressing according to plan? Has there been any changes to the timeline, and when do you expect the ramp-up to begin?
Maybe, Teemu, I'll take this.
Yep.
This is of course very closely associated with the earlier question regarding the NCSA certification. This particular customer is one that requires a certified product in all of its production environment. We are sort of still waiting for the certification. Once we get the certification, the train will leave the station. It's fair to say that there has been a big delay in starting the deployment, but the train is still working. The conductor is there, and it's just waiting to hear the whistle blow.
Okay. Thank you very much. That will be all.
There's a question on the chat about what are the competitors doing, and how does it affect us. I think there is certainly more activity already happened last year and happening currently. There are a lot of small PAM vendors that are not seeing the capability to grow. There will be consolidation in the market. That is beneficial for the ones who don't have to consolidate because you always turn internal when you do a big integration work, and especially if you work globally. The smaller vendors, we are also looking at them that would there be a fit, but that certainly the market is changing and it is because of the cloudification.
Everybody else has now jumped our OT bandwagon, our Zero Trust bandwagon, which is actually a good thing for us because the things we've spoken about for a long time, now the market starts to form because our competition webpages start to look like our webpages. It's always important to have competition to create a market. You know, if you want to buy potatoes, you go to the marketplace. If you want to buy used cars, you go to Kehä kolme in Helsinki. When the market talks about all the Zero Trust and now latest also Quantum Safe, these are the three investments we have done over the last years where we have put a significant part of our revenue back to business. Now the market is starting to support us because competition is telling the same story.
The governments are telling the same story.
Even the Finnish, what do you call Supo? Finnish special police forces are advising all the critical infrastructure that you have to be prepared for attacks. We get support from the mass media, from the government, and the competition is starting to sing our song. I see the situation very positive. I do believe that the market will consolidate, which will give us more opportunities because many of our larger competitors have outdated technology made originally for data centers. PrivX and NQX have been made fresh from scratch over the last years. They are, especially PrivX is cloud-native, can do hybrid environment, is scalable, and that's why we get, especially from the customers who look for the best of breed technology, we get very good marks.
Once we get into the proof of concept competitions, we tend to win extremely often if the use case is related to cloud, especially multi-cloud or cloud and data center combinations. With that
Any more questions? If there are no more questions, I think we can thank all of the participants and close the meeting. Thank you, and see you in the Q2 investor call.