My name is Aino Virolainen. I am a member of the SSH Finance Team and also responsible for investor relations. The results will be presented by our CEO, Rami Raulas, and CFO, Michael Kommonen. After their presentations, we will have time for questions and answers. We received some questions, so thank you very much for those. If you wish to ask any questions during the call, you can do so by writing in the chat. The call is hosted with our own solution, SalaX Secure Messaging. The call will be recorded, and the recording, as well as the presentation material, will be made available on our website. If you're not seeing the presentation on full screen, please check the chat for instructions on how to optimize your view. I think it's time to start, so I will give the floor to our CEO, Rami Raulas.
Please go ahead.
Thank you, Aino. Welcome from my side as well to the Q4 and 2024 summary and an outlook for this year 2025. We have come a long way as a company with our mission now, and we have in the recent year clarified our solution portfolio.
Recording is on.
With our mission to protect secret and sensitive data. I mean, we can't have breaches like the ones that have happened recently with healthcare operators exposing 80,000 identity information of consumers or citizens or a breach into 70,000 pension fund details because somebody got access on a service provider's password. Protect and then defend, secondly, access and visibility to critical systems and enable secure communications between human systems and networks. We've also been talking for the past two years about defensive cybersecurity for organizations to stay ahead of emerging technologies like quantum computers. With that, we are now this year celebrating our 30th year of anniversary since the beginning of the incarnation or development of SSH Secure Shell.
Our founder, Tatu, is the developer for that, and we are responsible for that authentication and encryption technology that SSH has been able to secure internet for the past 30 years. Now it is time to move forward to secure it for the next 30 years. The Secure Shell itself, by the way, is still very modernly used after 30 years. Access to subway trains, access to windmill parks, access to Tesla cars is all handled by SSH protocol. Maybe Tesla is not the greatest example in current recent developments, but still very heavily used in modern IT technology as well. The other key topic that has really taken us forward and will be an important focus for us is defensive cybersecurity and the defense market. The fourth area of defense, land, air, navy, and cyber. The market is really hot.
Most of the investments are going into defense industries, and the valuation of defense industry companies has skyrocketed in the past couple of years.
Recording is on.
The defense market a couple of years ago, four or five years ago, and now making ways forward into NATO approvals and seeking markets for wider market opportunities for our solutions. That was only a logical step for us to get a NATO approval last year as well. With those two, 30-year anniversary and defense focus, I would like to hand over to Michael to talk a little bit about what actually happened last year.
Thank you, Rami. Good morning on my behalf as well, and welcome to our fourth quarter earnings presentation. I'm pleased to report strong performance in the fourth quarter of last year, and also with that contributing to a significantly improved financial performance for the full year 2024 compared to 2023. In the fourth quarter, our net sales grew by 23.1%, and EBITDA reached EUR 1.7 million. With this growth, the net sales were EUR 6.8 million, and within that sales subscription, ARR grew to 7.4%. PrivX subscription growth was 16% in the fourth quarter and 23% in the full year. The quarterly EBITDA, as mentioned, was EUR 1.7 million, and for the full year, EUR 3.4 million. In the fourth quarter, license sales contributed strongly to both our top line, so to our sales, and also consequently to the profitability in the fourth quarter.
We delivered the cryptographic solution that we announced in the first quarter of the year, partially in the fourth quarter, and recognized revenue for that. The liquidity situation also improved quite substantially in the fourth quarter, sequentially over the end of the third quarter by over EUR 2 million and reached EUR 2.9 million at the end of the year. On the market and portfolio side, we were able to close several multi-year Zero Trust Suite deals, both in EMEA and APAC. We also had a breakthrough with the SalaX product, securing our first customer outside the Nordics at the end of last year. Looking a bit more at the numbers, as you can see here, we had overall subscription growth growing 4.3%, deferred revenue increased by EUR 1 million, reaching EUR 13.5 million by the end of the year.
EBITDA was, as mentioned, EUR 1.7 million, and also the EBIT turned clearly positive in the fourth quarter. It was EUR 0.8 million. Also, as mentioned previously, as the cash and liquidity situation improved during the final quarter, this was driven by strong cash flow from operations of EUR 3.2 million. With that, I will hand back over to our CEO, Rami, who will discuss the quarter and last year in greater detail.
Thank you, Michael. I just wanted to give, from my side as well, a quick update on key milestones from last year. Overall, our business is global. About 55% of our revenue comes from Europe, 36% from Americas, and just shy of 10% from APAC, Asia. We had many security-related advancements and improvements. I think you could call us nowadays as a state-of-the-art security vendor from a safety and security point of view, with all the necessary approvals from the military, from the national cybersecurity agencies, and with an ISO 27001 proper processes in place. We also improved and simplified and clarified our solution offering to the key three strategic market areas that we are focusing on: Zero Trust, Operational Technology, and Quantum Safe.
By the way, we had a really interesting meeting with the U.S. Department of State just at the end of the year, and their focus, surprise, surprise, to drive security forward in the U.S. is on Zero Trust, Operational Technology, and Quantum Safe, so fully in line with that. AI has also been extensively used in PrivX for a couple of years already and will be used more across all of our products and cyber in particular. I would say that the second half of 2024 was kind of a major step for us, becoming more able to grow faster and to improve our profitability. A few words about growth itself. Like Michael was saying, the overall growth was 9% on revenue, much more so in Q4.
We actually grew much more in invoicing terms, 22%, which kind of means that we have more customer commitments already contributing to revenue in 2025 and onwards. Also, many of the subscription deals came quite late in the year, so they did not really have time to have that much impact on the revenue for last year. I think we have a good cash position moving forward as a result of that as well. We were also able to increase our pipeline, meaning the amount of new opportunities and new deals significantly moving forward. Region-wise, Asia and Europe or European region grew better, Asia nearly 30%, Europe in double-digit numbers. We were not able to grow as we anticipated in the U.S., and I will come back to that a bit later. This year will be our growth year target for the U.S. market more widely.
As you have seen earlier from our announcements, we work through partners. We need and want more feet on the ground through partner network. We have been widening our partner network here. You see a few examples of new partners that we signed and actually had initial deals as well in Central Europe: DACH, Cancom, and Bechtle, Deloitte in the Nordics, in Ireland, in Taiwan, in South Korea, and Thailand, as you can see examples there. On the profitability side of things, we were able to improve our profitability by streamlining the operations. We went through an organizational change, moved away from any hierarchical structures or functional unnecessary structures, and moved to just simply three business units and three regions, and then set up a special OT task team to drive forward that growth opportunity for us.
We also introduced new sets of values to make our life easier and clearer for everybody. Dare, care, and share, simply for more initiative-taking, entrepreneurship, more ownership, teamwork, and results orientation. All of these contributed for us to be able to improve our EBITDA throughout the year by 88%. I wanted to say also a little bit, I said that we streamlined and clarified our portfolio. We have simplified it into three product names or product brands: communication security for human systems and networks with the brands for PrivX for systems, which is the biggest part of our business and the fastest growing part of our business as well, network security with NQX, and then people-to-people communication with SalaX, which is a new brand that we just launched in the end of Q2 last year.
PrivX subscription sales grew 23% last year, so that is our kind of spearhead and growth engine moving forward. It's also a market that not only has renewal elements in it, customers renewing their 15-20-year-old initial privileged access management solutions, but also really new innovative technology companies looking for modern architecture solutions. The SalaX Secure Messaging was brought to market with initial customer engagements, and now we are going to put that SalaX Matrix-based Secure Messaging to be available in the public authority network very soon as well. We also introduced a partnership with Honeywell to enhance and expand our OT security offering for OT discovery, threat intelligence, anomaly detection kind of things. We are now moving forward to integrate PrivX OT more deeply into that anomaly detection and threat intelligence solution.
Last but not least, as a result of this earlier announced EUR 1.8 million cryptographic solution project, out of which a bit over half was recognized last year, the rest in the coming years. As a result of that, we will be bringing to market very soon an FQX file encryption solution for the wider markets and other geographies now. Let's have a quick look at what happened in the different markets and segments. Typically, we've been in quite a few segments, as you can see here.
We were able to expand our vertical market penetration, in my opinion, in a quite balanced way, but more towards the growth markets of defense market, critical infrastructure, and OT or manufacturing companies, but also making ways forward in IT and many service provider markets, finance market, which typically has been our stronghold, especially for key management solutions for compliance of banks, which, by the way, now need even more compliance for DORA and for Quantum Safe moving forward. Let's have a quick look on what we actually achieved last year in each of these segments. I'll go through them kind of one by one. In the defense market, practically, we are selling all of our solutions to the defense market, defense and defense-related manufacturing industries, working together with the defense forces. Our plan is to also introduce into that segment the secure messaging.
Initial steps for that have already been taken now recently. Of course, in that market, proper accreditations are needed, and we got those approvals for our network encryption solution. We are now in the process of seeking approvals and certifications for the network security NQX, both for EU and NATO restricted approvals. We're also seeking for PrivX FIPS. FIPS is the American encryption technology standard for American government players. Both of those, EU and NATO restricted certifications and FIPS certification, will take place this year for our solutions. Critical infrastructure, we've already been there. For instance, the national grid access controls are protected and secure communication are protected with our solutions. We also were able to close some business and new deals. Here's just an example of one major energy company who took into use PrivX as an access management solution for that environment.
In the manufacturing environment, manufacturing companies are a good target. It's a bad thing that they're a good target because they're a good target for people who want to attack them for ransomware, extortion, trying to stop facilities. This is information from IBM Expert Intelligence Report, just demonstrating that the manufacturing industry has been the most attacked one in the past three years already. Why? Because they are the least protected. A lot of legacy systems without proper encryption in there, and you can't disrupt, especially process production or industry. You need continuity and you need resilience. That's why we see it as a proper investment time market for us and a growth market for us moving forward as well.
Last year, we were just able to achieve very satisfied OT customers, actually customers willing to wholeheartedly recommend us and to expand with us for further services, for instance, two of the top six paper and bulk companies. Furthermore, we also gained additional customers. There is one example of the largest steel manufacturer. This is kind of a unique approach on the market because these both two customer cases are a combination of both IT security and OT security. Now, what does that mean, this convergence of IT and OT? Simply means that for the IT side, the requirements for what is needed to protect assets and data in IT side are very well known overall. You see things like identity and governance, modernity and scalability, session recording, zero trust access, zero standing and privileges. On the OT side, the requirements are a little bit different.
We talk about governance, we talk about compliance, we talk about standards, we talk about supporting legacy OT access protocols, being able to grant access just in time from the site or from the plant directly to users who need to enter there to do remote diagnostics or maintenance or remote production system optimization. The outside connection to manufacturing environments is already used for kind of edge computing to collect sensor data into clouds. Everybody's talking about Industry 4.0 and digital twins since many years. What is unique, what we can do and been able to present to the market and partners and customers is to really just simply combine these two into one platform so customers don't need two or three separate solutions moving forward.
Now, in IT and technology MSP market, we have had quite a few, many service providers already, so governing access when they access their customers' environments. Here's one example: Fujitsu has been doing that both in Japan and Europe. For the IT market or technology market, we also gained a new, quite kind of exciting Final Fantasy customer for a gaming company. That only proves how successful we can be in that IT market, and especially software companies or service companies. I think I've been working for a Japanese company for over 10 years, and I've been trying to sell different kinds of solutions in my earlier career into Japan. I'm really proud that we are winning business in Japan because if you can win customers in Japan, then your product is quality, good enough quality anywhere else to anybody else.
Finance and insurance market, we had some expansions of some customer cases, both for Tectia Secure Communications and for key management, both in Asia and the United States. Indeed, we've been talking for in the past years, we've been talking about key account management, having great customer names, talking about land and expand or cross-selling. I think we have now good proof here that we are able to take steps forward in getting more ground on existing customer base as well. An interesting area and focus now is retail and logistics. We've been in dialogues recently and last year with logistics and retail companies, and especially port and maritime operations, also according to analysts, is a big threat. That needs to be protected better. Most of the big retailers, like Walmart as an example, need to protect the whole supply chain.
Also, NIS2, the European legislation for network and information security, governs and mandates also whole supply chain governance. We can provide solutions where all the connections can be encapsulated or encrypted into a quantum -safe tunneling already now without having to change everything else. Last, we've also been acting in the healthcare market with the secure communication product and access management solutions. Here's another example of a major Nordic healthcare operator selecting our access management solution as well, combining that to an identity management solution on the market. Those were quick highlights of what happened last year and what kind of successes and achievements we were able to achieve with customers in the past 12 months or so. Let's have a quick look on this year's focus and where we see us going moving forward.
We want to accelerate our growth in all regions in a balanced way. We are putting together even more so, more competitive solutions portfolios, not stopping what we did in the past 18 months in that. I claim that this is the year of quantum -safe and move to crypto agility readiness for all companies. When I speak, for instance, in the defense market with generals, the first question is, is your product already quantum -safe? First question. The market is already taking place. I'll come to that later on. There are some interesting developments in there as well. Just a few quick words on accelerating our growth. Last year, we didn't manage to grow in the American market. We are now rebuilding that under the new leadership and getting a new team in place.
Just in the past month and ongoing weeks now, we are putting together a new team for strength and sales and marketing team. As I mentioned, also accreditation certification for the federal central government market. Our aim is to put ourselves back into the growth mode in the U.S. as well. We want to expand our presence in those growth segments of, as mentioned earlier. A very important topic, of course, is to work more tightly with the existing partners so that they are more active and proactive with our solutions to their customer base and to new customers. We will be recruiting more partners as well in the main markets.
On the solution area, we see a clear transition from the secure mail deployments that people are having now in place since quite a few number of years into secure messaging, secure rooms and secure messaging and secure chats and file sharing there. A bit more of that in a minute. NQX, we are putting more technology. This is a software-based encryption technology. Of course, it runs on hardware at the moment. We are putting more performance and throughput into that solution. I'll show you a picture of that in a minute. On the OT side, it's more of an integration work this year to integrate those threat detection and anomaly detection solution paths that we now have in our portfolio together with the access management, PrivX Access Management solution.
We will also be bringing to market kind of an endpoint tunneling solution to simplify the access for OT environments and get removed the need of having to use VPNs for that as well. The launch of the file encryption to the market beyond that initial customer case will take place this year. I think you could say that we now have a fairly complete family of encryption solutions in our portfolio. That is, by the way, what that encryption, file encryption looks like. I will just look for names of people I want to encrypt a file with. I will encrypt files or files and then share them. Only the persons who have the matching encryption key, for instance, from a smart card like in the government environment or from a YubiKey or token like that. That leads into a portfolio of PrivX, NQX, and SalaX.
The components within there around the PrivX one is this. Our value proposition for the PrivX is that it's a highly scalable, very modern solution that has superior total cost of ownership or return of investment for people and also for key management, which is unique in our solution compared to traditional PAM vendors. NQX is network security with a kind of unprecedented performance and security, especially for the key exchange world, and has already been having quantum -safe or post-quantum resilience since two or three years now. Secure collaboration and file encryption. Here our transition is toward best breed of matrix-based secure messaging, combining that as a transition tool from secure mail environments. If you have a quick look at the PrivX, you may have noticed on our new website that it's called PAM to the power of three.
Please have a look at that. The whole clue behind this is that the biggest attack vector in the market are lost, phished, stolen, sold credentials. The right credentials are in the wrong hands. Typically, they are passwords. There is a journey that we are providing for customers to move gradually away from having to manage and rotate and store and obfuscate and vault passwords and just automate that all so that there are no passwords. Just a short-lived token certificate that grants access and then is destroyed automatically after use. There are 10 times more keys than passwords, and they are typically just totally out of control. We will definitely, in our combined solution, integrated solution, help with that as well so that the keys can be found, taken under control, and eventually taken away as well.
It's a bit silly, actually, that the inventor of SSH keys are now saying that get rid of keys altogether. It's actually get rid of having to manage keys altogether. That is done with the PrivX Zero Trust Access. Of course, on top of that, always post-quantum safety as kind of off-the-shelf solution now. We have some customer cases there. This is a large European public, largest European public organization with massive user base, up to 40,000 users soon. They were just looking—this has been now in production and expansion now with speed, simplicity, and cost efficiency. They were actually unhappy with the legacy system, which was CyberArk in this particular case, just because of the time it takes to deploy and the costs associated in running it. This is a proper kind of modern deployment in a really big scale.
Also, for PrivX, we have some customer feelings about it. More than 93%. It is actually last week already 94%, I heard. I will be able to recommend—this is Gartner Peer Review information. As you can see from there, customers that use our solutions are happy about it, are willing to recommend it, actually much more than the traditional market-leading legacy solutions that you see listed there as well. We also measure net promoter score, satisfaction score, how willing are customers to recommend our products. Here for PrivX, we got 50, and for key management, 71. These are also well above industry standard net promoter score scores on the market. Not only customers, but also we are seeing some analysts kind of favoring preferably our solution. This is one analyst, KuppingerCole, where they put us in the leader category.
We are the fourth red, third red dot from the right in the leader category. It's a bit small. Apologies for that. That's just another example. Now, SalaX is moving forward from traditional secure mail. This is the portfolio of secure communications we've been having now for three years. The transition clearly is happening to secure messaging platforms. That transition, we are helping—we put a product to market for deliveries and services toward the second half of the year. Now we have initial customer engagements, as I mentioned earlier. What does it do then? For sure. It's a technology that offers open interoperability with other messaging solutions. Customers typically have the encryption keys in their own hands. It's not in the public cloud in America, for instance, or anywhere else for that matter. Secure chats, secure rooms, secure messaging, video calls, voice calls.
The technology that we chose to build upon together with our partner Element based on the Matrix open foundation is a strong performer also in the Forrester Wave. Forrester is an analyst company. In their Forrester Wave for secure communications, it was deemed to be a strong performer. The technology is widely used in Europe, in France, Germany, and Nordic countries already. For the NQX, for the network security solution, we have a family of products and solutions there. We are now expanding it both to the small end. We had a Nano product. Now we will have a Pico product, which is actually deployable also in the field in more rugged environments as well. Then to the high end of really getting high throughput all the way up to 100 Gb. Sorry for the technology jargon here.
Up to 100 Gb, which is the fastest connection of networks available now. Legacy systems do not even support that level of connect or connection speed, let alone when you encrypt, when you put post-quantum encryption on top of the network, how much do you really get through? Typically, you get from a 100 Gb network, you get maybe 8 Gb through or 10 Gb maximum. We have been surprising governmental bodies around the world and data center operators with that throughput. Now we will be aiming to get actually nearly 100 Gb through 100 Gb network toward the end of the year. That all comes or stems from the architecture of the solution. It is really scalable, running in parallel multiple processors, and the processor speeds are going up all the time as well.
We started the market kind of from the defense market, but now we are pivoting into other markets as well. Side-to-side connection, connectivity in OT, a lot of interest for that. Data center, rack-to-rack, data center to data center connections with really encrypting everything on a low level, like just on the layer two, called layer two low level encryption that everything is encrypted completely with Quantum Safe, with really high bandwidth, really high throughput, and very low latency. The applications or the data transfers do not stop because there are some gaps in between. The last thing I wanted to talk about a little bit more, which I hinted to already earlier, is about the transition to quantum safety now altogether. We have been protecting now the internet and secure communications for 30 years with Secure Shell as an inventor and technique as the origin of that technology.
Now it's time to shift to the next generation of encryption, which is quantum -safe or PQC, post-quantum cryptography for the next 30 years. Let's have a look at how this journey has actually developed in the past years. This was our starting point. We've been crypto-agile the whole way. We've been able to update and enhance the cryptography in our solution since the beginning. It's stayed modern. That's why, as I mentioned early on in the beginning, that's why modern solutions like subway trains or windmill parks still use the technology because it has all the necessary cryptography solutions being developed over the years in the past. We are also kind of a spokes company for that. We've been talking a lot about here.
You see our fellow Suvi speaking about it, presenting it, educating the market, actually putting fire under chairs to speed up the development overall. This has been taking place several years. In 2020, so what is that? Nearly five years ago, we were part of driving together a consortium here in Finland. Finland has actually been a forerunner for post-quantum security since then. There were like 10 companies and government bodies and military involved in that. That project won the security award for future technologies already in 2020. We were early on that. After that, we came out with first implementation for NQX three years ago already for Quantum Safe. It has been gradually updated, been updated. The version 3.0 last summer brought the latest NIST, American Standardization Standards of ML-KEM and other protocols into it.
After that, we brought Tectia, Quantum Safe, to market as an update or upgrade to markets. Then we brought PrivX to market, version 26. We're now in version 38. That was quite some while ago already. We joined a NIST post-quantum migration committee or task force. We are one of the really few Europeans in that because we felt it's important that we are also not developing standards, but we are early in implementing them and driving the market together with other players in the market as well. Now, just about now, we are going to also announce quantum -safe connections to secure mail as well. Okay. That was 30 years ago. What's going to happen in the next, not even 30 years, next three years or five years?
Here you see a picture of the increase of quantum-safe algorithms being used in web connections, the way that we use web applications with browsers from early last year to Christmas or end of last year. You can see it's kind of exponential. It's now up to about 35% a week ago. In Finland, it's about 43%. In Ukraine, it's 47%, highest there, by the way, and for quite some understandable reasons as well. This will take place moving forward, but there's kind of a quantum race going on between China and the U.S. China leads in the quantum communications. QKD is one area to describe that. The U.S. leads in quantum computing, machines with more qubits as they are measured. What is happening there? The U.S. has been kind of driving that. They established a White House document.
It was passed into quantum policy law, went through the Senate in 2022 in record time. It is a law in the U.S. Initially, the U.S. market objective was to be quantum ready by 2035. Very recently, as you can see here, it has been pulled forward to year 2020. There is a bit of a rush to expedite and speed up now the deployment of moving from traditional cryptography to quantum -safe cryptography stepwise, partially in parallel, and eventually only quantum- safe then once that is available. Is that enough? Maybe not, because China has made it a bit better and said that by 2027, they want to be ready for quantum safety in all application solutions and networks. The race is on. Now, why is this so important? The challenge is that these quantum computers, they work totally differently to traditional computers.
I mean, I'll try and explain that in a moment. They can perform calculations at unimaginable speeds. It's like not 100 times or 10,000 times. It's like a million times faster because of the way that quantum mechanics works. There are interesting descriptions there for superpositioning, meaning that if a traditional computer is one or zero, either or, and then you compute and calculate those in sequence, quantum computers can do superposition. It can be one or two at any given time. There is entanglement, which means that these quantum computers can entangle with each other and just do everything more, even faster. It was really interesting. I don't know if any of you saw the news on that.
Now, Google shut down actually their Willow project for a while because there's now a big speculation that they already achieve quantum consciousness or supremacy or virtual reality worlds in that. The speculation goes on, but it only proves that the performance and calculation performance will be huge. Now, it's a bit complicated like that. Let me try and explain in a bit different way how it works. If you think about it from a point of like flipping a coin, right? If I flip a coin, it's either heads or it's either tails. If I would try and gamble saying out of a million coin tosses, how many will be heads and tails? Probably half and half, but the computing would take a long time.
The way that quantum computers work is that you actually kind of, you toss the coins, they stay in the air and they can produce either heads or tails all the time and they can do it together. It's a massive increase in performance. Maybe another way to have a look at it as well is to think of how Google Maps or routing works. When you need to go from A to B, typically the traditional computer in your car or wherever, mobile phone will calculate the distance from point A to B, time of travel, and then do it in sequence. It will take time to calculate it. A quantum computer will do all of that in parallel all the time. You have all the routes available to you any second, any millisecond.
Maybe this is, by the way, how autonomic driving and self-driving cars will be superior someday if we trust the safety of those. That was kind of its supreme performance. I mean, Google's quantum project said that the calculation of a mathematical problem, and by the way, encryption is mathematics, was done within seconds, whereas for traditional computers, it would take 10,000 years to compute by today's computing systems. We need to move to that quantum -safety. We have a solution portfolio altogether now in our hands that has quantum -safe readiness in there. We believe that we can help customers in that migration moving forward and then some. With that, I'd invite Michael back here to say just a few words about our guidance, and then we will have an opportunity for questions and answers session.
Thank you, Rami.
Yes, so our guidance for this year is quite simple for those who have followed us. We expect our net sales to grow compared to 2024. We estimate EBITDA and cash flow from operating activities to be positive in 2025. As a reminder, at the end of 2024, our annual recurring revenue was EUR 20.5 million, up from EUR 19.3 million in 2023. Our net sales grew 9.0% in 2024, reaching EUR 22.2 million, and EBITDA was EUR 3.4 million last year.
With that, maybe back to you, Aino, for questions.
Yes. Thank you very much. As has been tradition, the first questions will come from Rede ye Equity Analyst, Fredrik Reuterhäll. Fredrik, if you're ready, please go ahead.
We can't hear the questions.
Good morning.
On mute.
Yes, good morning, Rami and Michael. Do you hear me?
All right. We're still having some technical difficulties. I'm sorry.
We are not able to hear the questions at the moment. Just a second. All right. I think we can go.
Okay, let's try again. Do you hear me?
Yes.
Okay, good morning, Rami and Michael. Good morning. It feels like it's a bit of a lag between my question and your answers, but congratulations to a very, very nice report. I mean, you went through quite a lot in your presentation, so I only have a few questions. My first one is regarding the strong growth in the license sales. I mean, you communicated a number of orders, but maybe can you provide a bit more details on the specific solutions and services and what to expect on the growth looking forward to 2025, and that is especially for the license part?
Maybe if I start. Okay, maybe third time's the charm here.
Yeah, on the license sales question, as you said, Fredrik, we recognize a significant amount of license sales in the fourth quarter. As stated in our release, approximately half of the value of the cryptographic solution that we announced in the first quarter in February of 2024, approximately half of that was recognized in the fourth quarter, and the full value of that order is EUR 1.8 million. From there, you can extrapolate roughly what that share was. With regards to license sales going forward this year and beyond, we have a number of a few license deals in the pipeline, certain customers looking for that type of solution, preferring CapEx over OpEx. We expect some license sales also going forward.
Maybe turn the audio on again so Fredrik had another question.
Yeah, my next question is regarding the strong EBITDA margin.
I mean, I guess some part of it's from the scaling effect from the license sales and also the streamline of your operations. But can you give me a rough number of how much was the scaling effect and how much is from the streamline of operation or cut of costs? What I'm after is going forward, of course.
Yeah, I think if you look at it, we did reduce headcount somewhat in the second half and third half of the quarter. That said, I would say a majority of the EBITDA improvement came from the license sales. Probably something like a 70-30 split could be, if we're talking now specifically about the fourth quarter, could be a rough split of the effect from increased sales and cost savings on EBITDA margin.
Yeah, but we need to have a, yeah, absolutely.
We need to have, of course, a balanced view. The only way to handle and manage better profitability is to do it both on top line, sell more at higher prices, and then manage costs on all levels. We have some cost improvements still moving forward and some payment costs, which are not in there for this year, which were there for last year. Definitely aim to kind of grow profitably, which is always a difficult challenge.
Yeah, okay, makes sense. My last question, I mean, you grew very strongly in both APAC and the EMEA. As you said, America was flat, and you showed some steps that you're going to put forward now in 2025. I'm a bit curious about the timeline. Can you be a bit more specific about what steps you will take in H1 and H2?
Is there any validation of your products that you will need to, so to speak, come inside some doors for the U.S.?
Thank you, Fredrik. Good question. Yeah, certainly, we have, like I said earlier, a strong customer base. This kind of cross-selling and land and expand selling. We have projects with our existing customers, both in the finance and retail sector, where we aim to close business in the first half already. We are then, of course, building pipeline by putting in place now a more rigorous sales and marketing team. We've unfortunately had to make quite a few changes there before kind of middle of last year. That rebuilding takes a bit of time.
It is a combination really of existing customers and indeed existing, not only existing customers, but existing deals or cases that we have been building during last year that will materialize this year and then building a new pipeline, which will then yield better results for the second half and then for 2026. What comes to that qualification or certification, we have a federal company in the U.S. as well. The federal market has been our market in the past years already, or past decades, to be honest. On the tech tier side, we have FIPS approval. FIPS is the governmental cryptography library requirement, mandatory requirement to deploy solutions in there. We started the project at the end of last year to deploy these so-called FIPS -compliant cryptographic libraries, sorry for the jargon there, for PrivX. That will be available in Q2. We are qualified for that market.
We have a couple of customers that are pulling and pushing us to do it as quickly as possible. Aino, you had some questions in the chat as well.
Yes, if that was all from Fredrik, we will move on to the questions we got in advance. Approximately five years ago, you gave an estimate of a total contract value of EUR 20 million for NQX. Is this expected to realize according to that estimate? If not, why?
Yeah, that deal is progressing. Deliveries have started already two years ago, two and a half years ago for that particular customer case of which I cannot tell more about. It will take a bit longer time.
With some of the changes that have happened now, Finland joining NATO and kind of connectivity standards moving to also other technologies, I estimate the value of the final outcome of that deal will be less, will be smaller than we anticipated. I mean, these contract values are just contract values for the tendering process, whether they ever realize in that scale is always a question. Yes, the project is ongoing and we will be growing with that, but not to the initial extent of it, maybe four years ago or three years ago.
All right, thank you. Next question. The Finnish Insta Group has just received TL2 Secret Class certification for their encryption solution. Is it expected that NQX will receive the same certification?
Yeah, NQX is certified for level three and four, so confidential and restricted, or TL3, TL4 as a denomination.
To build a secret level system requires different hardware technologies for red and black separation and hardware encryption. At the moment, we do not have a solution for that market. Also, the market opportunity in our home territory here would be way too small to justify an investment for that. We are looking at partnerships for being able to enter the NATO secret or level layer two market in the coming years.
Thank you. Is the PrivX average deal size increasing or decreasing? Has the churn in existing PrivX customers been low?
First of all, the churn on existing PrivX customers indeed has been low. Many, if not most, customers are actually upgrading, so deploying more users and targets to it. Some IT customers are also now putting it into use in their manufacturing side and OT side.
The average deal size, we have some really big deals. I mentioned one customer case there earlier, which is massive, six-digit, seven-digit projects annually. We have some small deals. We announced actually mid-market PrivX through our distribution network as well. I would say for larger companies, maybe it is growing a bit. On the other hand, it's kind of polarized. It's either small cases or large cases.
All right, thank you. How has this new SalaX Secure collaboration solution been received on the market? In which countries, in addition to Finland, and in which sectors do you have the highest expectations for it?
Yeah, that will be a solution that will be taken first, of course, from security-aware customers. That would definitely be, surprise, surprise, defense, critical infrastructure, government, healthcare to begin with. We have traction there.
As I mentioned, we are going to get it into the public authority network as a service soon as well. We have for emergency services type of use cases or the kind of qualifications for the product. Those will be the prime target markets for it. We have cases and dialogues ongoing in the Nordics and Central Europe at the moment.
All right. How has the Finnish NATO membership impacted SSH now that Finland has been a member for over one and a half years? Has SSH had the opportunity to participate in significant tenders?
Yeah, NATO certainly can be seen as an opportunity, of course. As per my earlier answer to the NQX, it changed a little bit also the balance or priorities in network security.
That is why we went after we got the eligibility from the Ministry of Defense to get the NATO approval, the so-called basic ordering agreement approval last year. Now we are getting into the product catalogs to be eligible to participate in tendering documents. NATO is a federated environment. Most of the deployments will be actually governed and procured by the national, for instance, defense forces. Those systems will be federated. It is an opportunity, and we are seeking to find cases that we can participate in, but that will take some time.
Thank you. When you report subscription sales growth, is this net increase? Do not some subscriptions also end? What is the typical length of subscriptions? How many years?
Yeah, subscription growth is, as mentioned in the question, a net increase.
When we report subscription sales growth, we look at one period and another period and compare those periods, recognize subscription revenue, and that's how we calculate the growth in subscription revenue. Yes, some subscription sales contracts will end in some cases at some point. With regards to the typical length of a subscription sale, it's a bit difficult to say. I think in general, one way you can think about it is we have a lot of customers on the Zero Trust side who, when they make an agreement, they might pay three years or even five years in advance. That, of course, locks in the subscription sale for that whole period.
Even in cases where customers pay only a year in advance for these types of solutions, it's quite uncommon because of the project work and implementation work related to implementing these solutions that they would use them for a shorter period than, for example, the three or five years where they are paid upfront in that way.
Thank you. We do have a few questions in the chat as well. What is the dream case for growth for 2025 and beyond?
Sorry, what was the question? What is the dream case for growth? Dream case for growth.
Yeah, I don't think we have a specific number we can give on that, but I think we can in general say that we are aiming for significant growth.
Thank you. What type of prospects do you have in Central Europe?
All kinds of prospects in all of those industries that I mentioned earlier. I do not know how to be more specific than that.
All right. The last question we have at the moment is, what are your plans to price increases?
We do price increases all the time over our products and price them accordingly and increase prices in line with, I guess you could say, more or less industry standards. We are not going to publicly discuss what kind of price increases we do for specific products.
For sure, when we introduce more value-add solutions, then they have more value, which means that they will have higher price.
All right, thank you. I think we do not have any more questions at this point. Now I think it is time to end the call. Thank you very much, Rami and Michael, for the presentations.
Thank you to everyone who has been following us online. Our next investor call will be on the 29th of April, and it will be for Q1 results. Thank you again, and we hope to see you in April.
Recording has stopped.