Welcome to SSH Communications Security's investor call for Q1 of 2024. My name is Aino Virolainen. I'm a member of the SSH finance team, and I'm responsible for our investor relations. Presenting the results.
Recording is on.
is our interim CEO, Rami Raulas, and our CFO, Michael Kommonen. After their presentations, there will be a Q&A session. You can ask questions during the call by posting them in the chat. We appreciate if you can write your question in the chat during the presentations. This call is hosted with our own solution, SSH Secure Messaging. The call will be recorded, and the recording will be available on our website along with the presentation slides. Now I would like to welcome our CFO, Michael Kommonen, to start the presentation. So please go ahead.
Thank you, Aino, and good morning also on my behalf. Let's jump into the numbers of the first quarter of 2024. So in the first quarter of this year, our net sales grew by 6%, and our EBITDA was EUR 0.2 million. So the EBITDA was on the same level as in the previous year, first quarter. Net sales reached EUR 5 million, and total ARR reached EUR 19.17 million at the end of the first quarter, representing a growth of 7.4%. On the product side, our PrivX business grew strongly. Subscription sales were up by 44.5% in the first quarter. The first quarter was also the 12th consecutive quarter of positive EBITDA for SSH. On the market and portfolio side, some highlights. We had in Asia Pacific an expansion in a customer on the Japanese market.
A Japanese systems integrator ordered an expansion of PrivX worth EUR 250,000 on an annual recurring revenue basis. This is a doubling of the value of PrivX at this customer and also illustrates the land and expand strategy in practice. In the first quarter, we also secured our first commercial customer for Secure Mail 2024. And also, we successfully launched PrivX as a bolt-on, the best bolt-on to Microsoft Entra ID. Looking a bit more at the numbers, subscription sales overall grew 14.5% in the first quarter. They were then partly offset by a slight decline in maintenance sales and lower sales in license. Deferred revenues were broadly stable, EUR 12.5 million at the end of the quarter. EBITDA, as mentioned, EUR 0.2 million, same number as a year ago.
EBITDA negative EUR 0.7 million, also on the same level as in the first quarter of 2023. Cash flow from operations was EUR 1 million. So with this, I would like to hand over to our Interim CEO, Rami Raulas, who will take us through the business highlights of the first quarter. Welcome, Rami.
Thank you, Michael. I am excited to lead SSH Communications Security since March onwards. Prior to joining SSH Communications Security several years ago, I used to work in a lot of multinational global companies, running businesses, development, sales, and marketing. But the size of SSH Communications Security is actually ideal. We are a small, medium-sized team where everybody knows each other. People act as a team. Everybody matters. Everybody's contribution matters. And we matter as a company, as a provider of defensive cybersecurity. Kyberturvan asevoimat in Finnish might be a good translation for that. And I'm really privileged to work with very smart people in the company and have indeed spent a lot of time with the teams and individuals to see how we can expedite and improve our way of working and get to excitement level even higher up, and also to feel the pulse and move things forward.
A lot has already happened. In the first month, we already worked on our organization model. I'll talk a little bit more about that. Many positive things and new starts were established in Q1 overall. But my ethos is with customers. That's where I spend most of my time, have been spending, and will be spending most of my time, with partners and customers. It's rewarding to talk with customers and to learn from customers and to adapt and develop our solutions based on real customer needs moving forward. Indeed, I have met with many global customers recently and will continue to do so. But let's have a look at some of the highlights of the different achievements or developments in Q1. PrivX, which is our flagship and highest growth, PrivX Zero Trust Suite, developed very favorably.
We launched Secure Collaboration additions, Secure Mail, and especially Secure Messaging, which is the platform we are using today. We received a major order for cryptographic solution and services. We continued our effort on OT, which is a very lucrative growth opportunity. We continued to deliver quantum-safe solutions and have been influencing organizations and standing committees to put more pressure to do the next level of securing of communications. Finally, we had quite a few new solution releases. Let me talk a bit more in detail about some of these. For PrivX, we launched our entrance into the larger identity and access management market with the partnership and strategy of leveraging Microsoft Entra, which is already a market leader in that space. That was launched at Gartner Identity and Access Management Summit with more than 1,000 identity and access management leaders. And that went really well.
We got really positive feedback. We are now moving forward on the integration of that. Actually, just last week, we also released the availability of the solution from Microsoft Azure Marketplace. We have had significant progress with PrivX OT and MSP, so service provider businesses, and had a major expansion with the leading global Japan-based systems integrator for their internal use, a major order for that. Secure Collaboration, there's a real market need for a secure collaboration platform that customers and organizations can manage, have a kind of governance themselves on it, not just running it in public clouds, not knowing how things are secured, encrypted, and managed.
Of course, there is the big event of the large banks being fined by SEC and CFTC in the US for using non-approved platforms like Signal and WhatsApp in communicating with their customers without any knowledge of the banks or what has happened. That needs to change. We had the commercial start for the Secure Messaging and Secure Mail 2024 in Q1. The Secure Messaging solution itself was completed and brought to the market as well. Then we had that order that was already announced separately as well as a stock exchange release earlier in Q1, cryptographic solution and services for the net worth of EUR 1.8 million, out of which we anticipate to recognize roughly half in this year toward the end of the year.
Now, on OT, we have been very active in different OT seminars and events as one of the actually very few vendors from our current peer competitors because we've been focusing on this differently to many of our IT-based competitors. We've had significant growth in our OT customer pipeline from those and from other activities and have actually completed very large OT deployments. You may have seen some of the webinars that we hosted together with two of the top six paper and pulp companies just the other week and earlier in the quarter, talking about their successes, challenges, and successes in implementing a very demanding OT security solution for thousands and thousands of users. In Quantum Safe, we presented our presenter, Suvi Lampila, who is our spokesperson for that area and also member of the NIST working committee on standardization out of the U.S.
Very successful presentation for thousands of people. We added more and more Quantum Safe functionalities to our solutions. We released quite a few new solutions onto the market as well on secure file transfers and secure connectivity in mainframe environments, which still is also a growth opportunity that we want to leverage a bit more. New PrivX release, Secure Mail, NQX second version alongside with the first customer order. Secure Messaging was finally released and is now available also as a SaaS service from a secure private cloud environment. We started promoting and campaigning now on Secure Messaging, and you'll be seeing more of that. This was just kind of the launch for that to make the market aware that we indeed have a fantastic solution here.
But I mentioned earlier that a lot has already been done in the first month, and you may have seen some of the announcements this week earlier about that as well because now it's time to accelerate for growth. As part of that, a renewed organization for improved efficiency and moving us closer to customers, adding speed and agility even more, was developed. We went through discussions, negotiations, and changes. I announced internally and externally now the new organization model. We have a small LT leadership team with me, Michael, who you saw, and Mika Sainio, CTO, who was appointed. He was the first appointment in the new organization in the beginning of March. Now with the new change, we are simplifying the organization.
We move away from kind of global process leaderships or functional leaderships into just three business units, which are fully responsible for the commercialization and market opportunity analysis of solutions and then getting those solutions, sourcing, making, partnering out to the market, and the product management on those through three business units, sorry, three regional sales units or sales organizations in Europe, or EMEA, Americas, and APAC. With the intention, of course, that the business units collaborate together. We leverage our technologies and development capabilities so that we have an integrated suite. The regions work in tight collaboration and cooperation with the business units to bring solutions to market.
But the market drive, when we talk about demand creation, prospecting, opening new dialogues with new prospects, working more on our current customers, account management, moving those customers forward with our other solutions than what they are now using from us, and doing presales of solution architecting, solution consulting, professional services, helping demanding projects to get off the ground and be successful, and support in supporting our customers. That is all in the regional units as a change of the organization. I'm really happy to announce that for the business units for Secure Messaging or Secure Collaboration, Patrik Forsbacka was appointed to lead that business unit. For PrivX Zero Trust Suite, our biggest business unit entity, I was able to appoint Samuli Lehti onto the leadership position there. Kai Lummi continues as the lead for our network security solutions.
And then for the regions, Heikki Koivuaho was earlier last year appointed to lead APAC growth. And now there was an appointment for David Wishart to move to the role of leading EMEA regional unit and business in EMEA. David has already earlier been in the EMEA team working on partners and partner strategies and professional services and technical support as well. And then Sean McAllister, who's been with us a few years in the U.S. sales team, was appointed to lead the Americas regional sales unit. So big changes, but I already can see very positive feedback on that internally and a little bit externally as well. And a lot of excitement and getting things to move even faster than earlier. And then I spoke earlier about the focus on OT. So we will continue to develop and push forward our OT. So there was another appointment on Monday.
You will see it publicly actually today or tomorrow later on. Massimo Nardone joined us to lead our OT business, reporting to me in the CEO office with the special task team to further accelerate our activities, our offering, our strategy, and of course, our go-to-market and sales activities globally for the OT operational technology market. So I welcome him as well onto this new organizational model. So what did you say? Just a few words about our mission. Why are we here? This was launched, released a couple of years ago. There's no need to change it. I think we've hit absolutely the right focus areas on the market, beginning with Zero Trust, continuing with Quantum Safe, and then finally with the growth opportunity of operational technology, cybersecurity, defensive cybersecurity for OT, whether it's manufacturing, logistics, or critical infrastructure like water and electricity.
So let me talk a little bit more about what has happened there in the past quarter. So for OT, sorry, for Zero Trust, what is Zero Trust really? Zero Trust, we don't talk about a concept. We talk about the solution, how we can help customers move. It's a journey to move from the hassle of having to deal with passwords. We all hate that, obviously. Moving away from having credentials like passwords and encryption and access keys because 80%, 80% of hacks and cybersecurity challenges and problems come from the credentials, let's say passwords to simplify it, being in the right passwords, being in the wrong hands because they are so easy to phish. They can be shared around. Somebody might even sell them for profit. So that all has to go away.
So Zero Trust is to get rid of permanent access, get rid of permanent authorizations, get rid of permanent credentials. Or even if you rotate them, they still are vulnerable. And vaulting secrets is not a great idea in the first place. And then to put strong identity-based access control. So we always verify the user, do a multifactor authentication. Actually, I can reveal the rest of it. Multifactor authentication, check the user with a security token and biometrics so that it's really what you have and what you are or who you are when it's a person. And there's a lot of drive on the market as well from different organizations to demand a quick, rapid move to Zero Trust. NIST, National Institute of Standards and Technology in the US, has a standard or recommendation on that.
U.S. government is pushing the whole U.S. government quickly to move to Zero Trust for security reasons. Quite recently, the U.K. Financial Authority also sent a mandate to the financial industry to move more faster to ephemeral access and Zero Trust. This is what our PrivX Zero Trust Suite is all about. It's all about providing that functionality. We've been doing that now for quite some time. But now I see kind of an acceleration on the market. I think people are talking now about ephemeral access, which they requirement, which they did not talk about too much three years ago. So maybe we were a little bit ahead of time, but now that's certainly materializing. Now, the other part is Quantum Safe.
We have to remember that we are actually the pioneer in this area because in 1995, when the founder of the company, Tatu, developed Secure Shell, SSH, which is still the name of the company, SSH Communications Security, that was all about putting secure communication and authentication in place in an encrypted way. So no clear text connections, no passwords anymore. So way ahead of time. And that has been protecting now our lives and internet for 29 years. But now it's time to take the next step and move to the next generation of encryption technologies, which are in response to the potentially emerging quantum computing threat, which the quantum computing threat simply means that all current encryption technologies can be broken in a matter of minutes or hours. So we have to move forward. And we've been active on that.
We were an active part in the PQC project in Finland, which was, by the way, Vuoden Tietoturvapalkinto, the annual security award, a couple of years back. So we've been doing this already for years. NIST, again, is coming up with standards in the summer. We are part of that working committee, as I mentioned earlier. We already have implemented those and will implement those across all of our product portfolio, which is unique on the market, especially the timing. One big customer, the biggest retailer in the world, said that they think we are 2 years ahead of, for instance, OpenSSH in this area. This was about a month ago. There was a new law set after the presidential order in the U.S., which went through the Senate in record time for preparedness for cybersecurity for Quantum Safe.
This is more about protecting US government secrets against other nations from the East. Very recently, European Commission and Monetary Authority of Singapore both came up with recommendation and mandate for organizations to move towards Quantum Safe-based securing and encryption technologies and algorithms. So we may be earlier. So this opportunity for us as kind of the next generation moving forward. But now it looks like time has shrunk a little bit, and there's more understanding on the market and need to respond and react to this faster. And we are well equipped for that. And finally, OT, as talked quite a few times here already. So there's one thing that's driving, of course, is compliance. The Network and Information Security Directive number two will come into play as national legislation on the 17th of October of this year. So everybody's badly late already on that.
Then there are standards for controls and security for process industries, which we, of course, adhere to and promote. But this market is not so much driven only by compliance. It's more driven by the threat because the most attacked market at the moment is OT. Why? Because it's the easiest to attack. There's more money to be collected from there. There was a semiconductor company who was attacked and ransomwared. The production stop cost them $250,000, and the ransomware they paid was another $250,000. So serious business. So get better protected. This is a number one risk management topic for manufacturing, logistics, and critical infrastructure operators in the world at the moment. And then, of course, you have the big nations that are also attacking, especially critical infrastructure.
I actually remember what Kari Suominen, CIO of Fingrid, said publicly, that there are dozens of attacks on our national electricity grid daily, most harmless attacks or attempts, but some serious ones as well. So we need to be guarded. We need to be protected. We need to be prepared everywhere. And for us, of course, this is a new opportunity because there is now urgency. And that's why I think we are seeing also more opportunities and customer dialogues emerging in this area. And most companies just don't have adequate measures in place because when IT technology was implemented or has been implemented into OT, cybersecurity was not on the table. So it's an afterthought in a sense. And then we have a few very interesting development projects, CHARM, which is an EU project, which is because this will help us develop our solution forward.
CHARM is now coming to an end. It's about to develop industrial IoT, so Internet of Things solutions with an improved tolerance against harsh conditions and harsh working environments. It's addressing critical cybersecurity concerns and also taking into account AI technologies. Then the new one that we joined some while ago, you may have a blog post on that and some social media promotion on that is AIQUSEC, which is a project for AI-based quantum secure cybersecurity automation for safeguarding against development threats, especially in the OT space. Two projects where, for instance, AI and IoT are hot topics, and we are definitely deep in the areas already providing solutions for that, but developing it also forward. By the way, on AI, we have already had AI in our products.
So in PrivX, we have AI and UEBA using deep learning. And we use large language models also already in our customer-facing functions. So AI is part of our DNA as it needs to be as well. With that, I would like to end with just an outlook, which is we don't project detailed forecasts or outlooks. But the outlook that I can say is that we expect the net sales to grow in 2024 compared to the previous fiscal year. And we estimate EBITDA and cash flow from operating activities to be positive in 2024. Thank you for your interest. And I think I will hand now back to Aino for Q&A session. Michae if you want to join me here as well. Yes.
Yes. Thank you. As has been tradition, the first questions will come from Redeye equity analyst Fredrik Reuterhäll.
After that, we will start going through the possible questions that are in the chat. If more questions arise at this point, please write them in the chat. And now, Fredrik, if you're ready, please go ahead.
Good morning, Rami and Michael. Thank you very much for the presentation. I want to kick off with the I mean, the subscription revenue came in pretty strong. It was up around 4% quarter-over-quarter. And I guess it's due to the strong growth in PrivX. And you talked about what was driving the growth during the quarter. But can you expand and give us your thought about what we're going to see for the rest of the year in terms of growth?
Yeah. Yeah. Maybe I can just quickly say on the first quarter.
So obviously, the largest driver in the PrivX first quarter sales was the mentioned Japanese expansion deal. So that's on the first quarter. But maybe, Rami, if you want to expand on the rest of the year.
Yeah. And some other, of course, other deals from last year as well. Because in subscription business, we, of course, recognize the revenue over the period of the contract time, so not when the order is booked. So yeah, we are not giving more detailed forecast for the growth. I think I can only say that I have a positive view on how we've been able to develop our pipeline. Our strategy is to sell with subscription, which, of course, makes the growth a little bit slower, but then stronger to the future. I mean, if we were to sell more licenses, then, of course, there would be more immediate revenue growth.
But our strategy certainly is to hold on and promote. And especially now that we go into more SaaS solutions as well, they are all subscription-based businesses.
Okay. Thank you. I mean, you talked last quarter that Asia and U.S. were strong. And I think it's very interesting that you got a strong foothold now in Japan. You continue to see strong demand from Asia and U.S. customers, or?
Yeah. Asia is definitely a growth market. And we already deal with the biggest banks there. And we have now projects ongoing. So I can see positive growth opportunity from there. And in the U.S., we are now structuring over again with Sean's lead. So in the U.S., we are now putting plans in place how we can more rapidly develop our pipeline, develop our opportunities.
Of course, we have a huge, really positive customer base, huge customers, which today are only buying a small part of our portfolio. So the focus in the U.S. will be on account management, on those key accounts, whether they are large financial institutions or the biggest retailers or indeed e-tailers as well, and then putting the marketing engine and demand creation engine into a new shape during Q3 and especially Q2 and especially Q3. So we need to definitely develop our market position in the U.S. No doubt about that.
Okay. Thank you. And I want to talk a bit about the Secure Collaboration launch. You started more or less last quarter. You still see good momentum in the launch there?
Yes, we did. I mean, we kind of pre-launched it, if you remember, already at CMD last year. That was the intention and start of the development work.
It's been really rapid development as well. I talked about sense of urgency, adding sense of urgency to the organization. This development team doesn't need any sense of urgency. I can hardly keep up with them. It's been really fast. We've been presenting it now to customers. First of all, we have been using this internally, secure chats, secure rooms, secure file sharing, secure email, and secure messaging, video calls, and phone calls, whether they are individual calls or group calls or whether they are on the computers or on mobile phones. Our mobile phone applications have been on iOS and Android shops already for nearly a month, at least three weeks. We have collected a lot of feedback that way.
Then we've been presenting and demonstrating and having dialogues with customers now for about a month as well, just under a month, and really positive feedback. The first proof-of-value test environments are being set up as we speak. We see a lot of actually positive dialogues and interest in Sweden onto this. There seems to be more drive or willingness on the Swedish market to find solutions for the current secure collaboration platforms, which in most cases is Microsoft Skype on-premise, which has an end of life at 2025.
So there is a kind of a need also in many organizations, and not only public organizations, of course, where this is really important, but also financial insurance companies, law offices, certainly, and others to move to the next generation of secure collaboration so that you have the data sovereignty and governance under control, maybe even in your own hands. Because we deliver this solution not only as a SaaS service. Our partners provide it as a solution, as a hosted solution, or as a service solution from private clouds or private VMs. And then there will be some customers like we have already on Secure Collaboration and Secure Mail that want to run this definitely in their own premises, on-premise. And we support that model as well.
Okay. My last question is regarding R&D spending during 2024.
Will you keep it more or less the same as 2023, or will you ramp it up?
Maybe Michael, you can start on that.
Yeah. I think a fair assumption is to expect that it will be broadly on the same level. So we might have some decreases somewhere, and some increases might come from the cryptographic solution that we announced in the first quarter. So slightly more R&D spend on that product itself. But overall, the overall picture is roughly on the same level as 2023.
Okay. Thank you very much.
Thank you, Fredrik.
Thank you very much. I can't see any questions in the chat. So unless there are questions coming now, I think we can start to wrap up. We do have a question. How is the liquidity outlook considering the upcoming Deltagon and other payments?
Yeah. So we are monitoring the liquidity situation closely.
We expect to pay the Deltagon installment in line with the agreement that we have with the seller. Thank you.
Any other questions?
Does not seem to be.
From our side, Michael and myself will say thank you for you. Aino will say a few words about the next steps.
Thank you very much for participating in this call. The materials for this call and our previous calls can be found in our website's investor section. Our next investor call will be on the 18th of July when we release our Q2 report. Thank you again. We hope to see you in July.