Welcome to SSH Communications Security Q1 2026 investor call. My name is Aino Virolainen. I am a part of the SSH finance team, and I will be hosting the call. The results will be presented by our CEO, Rami Raulas, and our CFO, Michael Kommonen. After their presentations, we will have a Q&A session, and you can ask questions during the call by writing in the chat. The call is being recorded, and we will share the recording as well as the presentation material on our investor pages. Now we are ready to start with the presentation. Rami, the floor is yours.
Thank you, Aino, and welcome. Q1 was a little bit, should I say, dualistic. We had areas with very good progress and then some struggles in a few places. First of all, let me just go through a few things on the financials. Michael will go through a bit more of them. In our main market, Europe, by the way, which is really heavily now influenced by a European sovereignty theme, which is a good benefit for us. The EMEA market, which is more than half of our business as well, grew 8%. Our main product, PrivX, Privileged Access Management Solution, grew 20%. That's a very solid progress.
In the US, measured in USD, we grew a little bit, but since our business is invoiced in dollars, US dollars, then outside of Europe business did not grow because of the value of the dollar. Also overall, very kind of imbalanced in a way, if you wish. Invoicing grew 7%, and with the investments that we have made now for the growth, we recorded a negative EBITDA as well in this quarter. We have invested a lot in building more capabilities into PrivX, of course. In the modern environments for a Privileged Access Management solution is always integrated with very advanced environments, you know, private cloud, high-performance computing, AI computing, with topics like Terraform and Ansible and other integrations.
We've put quite a bit of effort and investment into that development in Q1 and have come out with some of them, and actually we won a few deals on the back of having those integrations implemented as well. We also invested in sales and marketing, also made an organizational change on that. Of course, certainly one of our challenges has been that we don't have enough demand or awareness, and we are going to put more effort on that. Still in Q1, we spent a lot of effort in going into events, meeting people face-to-face, which works. You know, we gain a lot of traction and get good opportunities from there. We need to get more obviously kind of inbound traffic. That's why we also launched our new website, new digital face.
You may have seen that, and we'll start to promote that in digital marketing and messaging much more moving forward. We broadened our opportunities for the NQX quantum-safe encryption markets. I'll talk a little bit more about that. There was indeed a new area with a satellite operator manufacturer that decided to choose PrivX for secure communications between land sites, not between satellites yet, but land sites. We had very good progress with Leonardo. We are now tightly integrated or embedded into Leonardo Zero Trust solution suite. There are some really cool customer cases being worked on at the moment. In Q1, only a few deals with Leonardo came through. Some of these deals are with public administration or critical infrastructure vendors, so they have a long buying cycle.
We've gone through a lot of validations and bidding and tendering, which is all looking very positive. To balance that out, we also have, of course, markets and areas where Leonardo is not that active. We onboarded also new partnerships, Intragen for the European Sovereignty for Identity and Access Management, especially in Northern Europe, but across Europe, and then in other markets in Vietnam and Taiwan as well, new partners. Last but maybe not least, we also decided to change the organizational model. I mean, not only just few years ago, two years ago, we moved to three business units and three regions. Now, the decision was to move to more functional leadership or capability leadership.
We established a new role for CPO, Chief Product Officer, for product strategy, product management and product marketing, and the execution of go-to-market with the regions. Harri Pendolin was appointed in February and joined us. Miikka, who is our CTO, got the whole engineering and the whole product portfolio responsibility for engineering and development. David Wishart, our VP of EMEA, was appointed to the board as well. Later on in Q3, we'll have also a new CFO joining us. I'll hand over, Michael, to you for the numbers in a bit more detail.
Okay, thanks, Rami. If we look at the numbers, the financials in a bit more detail, in the first quarter, our sales declined by 1.6%, and EBITDA was -EUR 0.6 million. The overall sales were EUR 5.3 million.
We had a subscription ARR growth of 3.5% and PrivX overall sales growth was 19.7% in the first quarter. The EBITDA development was driven by continued investment in sales and marketing globally, and also we did more R&D work on PrivX integrations in particular that drove cost increases in those areas. Outside of Europe, in the Americas and Asia Pacific, our sales performance was negatively affected by the weak U.S. dollar. Also in APAC, nearly all of our sales is invoiced in US dollar. On the balance sheet side, we, on March 16th, announced a voluntary tender offer for the hybrid loan, and we received tenders of 92.5% of the outstanding amount of hybrid loan.
We, in the beginning of the second quarter, on April 8, announced the outcome where we accepted all these offers. After this transaction and a few more minor transactions, our outstanding value of the hybrid loan today is below EUR 0.5 million of the original EUR 12 million hybrid loan. There's not much remaining there. A few more numbers. Subscription sales growth was 3.9% in the first quarter. Deferred revenues increased to EUR 14 million, reflecting several multi-year invoices during the quarter compared to the previous year. EBITDA was, as mentioned, - EUR 0.6 million, and EBIT was - EUR 1.4 million. In the comparison period one year ago, we had a write-down in the secure communications secure mail product, which affected the EBIT number a year ago.
Cash flow from operations was, sorry, EUR 2.1 million positive in the first quarter. With that, I'll hand back over to Rami.
Thank you, Michael. I just wanted to say a few more words about PrivX, the growth engine. It's one of the largest markets in cybersecurity, healthy growth, a lot of competition there for sure as well, but very few modern players. Most of the players there are 20- to 25-year-old legacy suppliers, and customers are changing their environment. The Zero Trust transition has already started to take big effect, and people have been modernizing their infrastructures, moving to cloud, doing automated environments, and the legacy platforms don't really suit well to that. We are very well poised there. Here are some examples. You'll see in the coming days a bit more about those, but a couple of customer cases that we were able to win in the first quarter and now in April as well.
Maybe the beginning, January, February, were a bit slow, but now in March and April, we've certainly seen much more pickup on new deals and new customer selections of our solution for their environments. As an example here, telecom organization, you know, airport facilities, so public safety, managed service provider, IT service provider, couple of other in the government area as well, another big finance company which we just closed. What I think is interesting is that there were two cases or deals where customers chose PrivX as an access control to their high-performance computing environment. Now, what is high-performance computing environment? It is a supercomputer combined with AI, GPUs, graphic processing units. You know, most of you know NVIDIA as a provider for that.
Some customers, some partners have invested heavily. For instance, Leonardo has a davinci-1 in Italy, have invested in that to bring their own AI capabilities for quant trading in the finance sector or security and safety, like in the Leonardo case. Maybe this is a trend. You know, we see more customers investing more in AI computational capability because it's not any more readily available from the big cloud vendors, and the prices are hiking up very rapidly there. We are very well-positioned if that, if and when that trend picks up more. The other developments that I briefly mentioned earlier on PrivX was that we...
I mean, if you think about our product or solution offering, starting from SSH, the Secure Shell Foundation to begin with, it's always been a lot between machines, you know, machine-to-machine connectivities or machine identities. Now, they got a new name a few years ago called non-human identities, and the biggest influencer moving forward for non-human identities is AI, you know, agentic AI and AI agents, which will be sprawling everywhere, and they will have a lot of autonomy to work. They're also not deterministic, so dangerous in that way.
There's a lot of concern now that by releasing these agentic AI, so AI agents all over the place, that you can't control specifically what actions they take when they access the API-driven architectures that customers nowadays have. We introduced already, you know, the AI security controls and more non-human identity controls into PrivX. I demonstrated personally to about a couple of thousand people at the Gartner event in London in early March, and we got really good response on that. Everybody are talking about it, very few are showing it. We also did a really cool thing of integrating AI capability together with Leonardo's Global CyberSec Center, which is all about this kind of identify, protect, and detecting, responding, and recovering from malware attacks or mishaps in critical IT environments.
What we've been building there is that the Global CyberSec Center, using AI and using that HPC computing capability, pulls or monitors data and actions and connections from PrivX. If there are any anomalies or dangers and risks, it will tell PrivX to not keep going on those connections and vice versa. If in the environment there are vulnerabilities like there being like Fortinet operating system was hacked, Cisco management system was weak, so then we would get the information, PrivX or customers using PrivX would get the information from a Global CyberSec Center operation saying, "Ho, ho. There's a risk here. Let's block the access until it's been patched and updated to be secure again." Very modern.
This is, by the way, one of the trends that, for instance, Gartner, the leading market analyst, is saying that, you know, AI integration with SOC and NOC or global cybersecurity centers is one of the key trends on the market. We are very well positioned together with Leonardo on that. We introduced more functionalities into PrivX itself as well. I mentioned a few of the analyst views, so here are some of the themes that I see personally as very strong, favorable for us. First of all, I think we have a great product portfolio, really well suited to the current market trends. Customers are happy about the products. They continue to buy more. They give very favorable peer recommendations. 93% of our customers are willing to recommend.
We get 4.5 out of 5 scores, which is right on the top of the industry. We have received in the past eight months, and now again I'll show you one in Q1, very favorable analyst reports on our solutions, PrivX and OT security. We have continued the integration of our solutions and, especially between PrivX and Key Manager and then PrivX and NQX. The European sovereignty, you know, European for Europeans, you know, organizations, governments looking at how much do we dare to rely on American infrastructure and cloud services, how much of the data and identities should we handle in our own domains with our own security controls. I'll talk a bit later about one great example of that in Italy. The...
I mentioned analyst reports, so let's have a look at the most recent one from Q1, which is from Gartner as well for Market Guide for CPS, which is about OT security, and in that we are a listed vendor amongst 14 vendors, out of which four are from Europe, Finland, Denmark, and France. Rest are from Israel or America. As you can see there, very good summary of the capabilities of PrivX Secure Remote Access or PrivX OT, you know, hiding the access controls, which are passwords. You know, the attackers don't hack in, they authenticate in, so they have your secrets and passwords, and they get in. So malware and hacks are not the way to enter nowadays. It's about getting the identity from someone else or something else.
In addition to this positive, we already have earlier from the end of last year similar reports on OT security, operational technology security, from KuppingerCole and from Industrial Cyber as well, so now three very good validations. We are going to use much more now this industry analyst validations for our marketing and awareness development as well. We didn't have this capability. We didn't have this a year ago. Now we have them. Then there will be one more coming out very soon, so keep an eye open. KuppingerCole will be releasing a Privileged Access Management or PAM, Leadership Compass in just a few weeks' time, and you will find us very favorable there as well. About the portfolio then. We continue with three main pillars.
You know, PrivX, Zero Trust Privileged Access Management in the center, which is the main growth product and main focus for our marketing and customer acquisition as well, network security, you know, and data transfer security with NQX and communications, secure mail, secure messaging, secure sharing. On the networking side with NQX in Q1, we made progress now in different areas, so we got export. This is a dual use product because it's also used in defense. We got export license and cases opened now in Singapore, Malaysia, and Vietnam, hence the new partner as well. We are now in final stages or advanced stages of certifications and qualifications for NQX in Italy, for NATO and European markets as well.
On the secure collaboration side, we did win some interesting, a few customer cases for the secure messaging, which is still a new solution, this Matrix-based Slack's messaging. That platform seems to be working really well because most of the government and healthcare organizations in Europe have chosen that platform which we have built our SalaX upon, you know, in Austria, in Germany, the U.K. for sure, and in France in particular. Also in Sweden, it's a preferred platform. We're now going after those opportunities. Finally, PrivX with its access controls and secrets management controls and the automation into modern environments. Let's see how this portfolio focus now kind of translates into priorities, which we started to implement already in Q1 and now moving forward. Certainly we'll put more effort in this priority list.
It's about with PrivX going after those companies that are most ideal for our technology stack. Those are kind of mid to mid-large technology-driven companies. I'll come to that in a second. Secure remote access for OT, and we indeed got a new customer, for instance, in the U.S. as well just a few weeks back. That was back to the validation story that I mentioned earlier. There is an interesting development. We have a lot of the big banks and finance customers as our key manager customers. There's a quick transition happening now in those banks into replacing the method of renewing secret keys, like SSH keys, and automating it so that the platform, which in this case is PrivX, will just generate short-lived certificates.
There are no keys anymore hanging around. Why this is now picking up and accelerating is that the organizations have realized that the agentic AIs are actually a risk for this as well, of course. They can go around sniffing and finding these kind of keys and doing God knows what with them. People wanna tighten their controls and have less and less, you know, passwords, encryption keys lying around in the infrastructure and replacing them with short-lived certificates and tokens, which is the whole concept of our PrivX solution. You'll see some announcements of that in the coming weeks and months as well.
With NQX, it's ideally suited for large critical infrastructure networks, whether it's defense or energy networks, energy production or energy distribution, creating or transportation environments like railway systems and so forth, but also for critical communications and the new area, satellite for operators, and then SalaX secure messaging. A couple of examples here. Here are some of the markets, target markets that we're going after with the kind of what I would call ideal market for PrivX. You know, it's about fintech, modern finance companies, not the legacy banks, you know, modern hedge funds or, you know, high tech or AI-driven hedge funds, you know, e-tailers, e-marketplaces, online and iGaming, you know, modern health tech, digital media streaming companies, and then of course tech and AI and deep tech companies.
We've started now focusing more on our marketing on that. We'll throughout Q2 focus much more on that because that's where we see sweet spot and that's where we see some of the recent wins being much more painless and easier for us against competition. We don't even see, in many of these customers, the legacy players as a competition or market-leading legacy players even as a competition, of course. These guys want more modern architecture and more lean and more easy to deploy and better cost of ownership solution, which is what we can offer. Here's an example of that, quant trading, the world's fifth largest quant trading or hedge fund who chose our architecture. Didn't even look at. They had one competition, was another modern solution.
Didn't even look at the legacy ones, you know, like CyberArk or BeyondTrust. What is interesting there is that they decided to build their own HPC AI data center in Iceland and now actually expanded by building another one for getting more AI computational power for themselves and for their operations. For the OT market, here's an example which we have maybe spoken about earlier as well, but to give you an idea of kind of a highly automated systems integrator for robotics, for logistics and manufacturing environments and to have gained control so that the robots are actually working the way that they should and you control them remotely.
Now, what is interesting is that this is a control of physical robots and now the whole talk is about agentic robots, AI robots, and that's where we are heading more and have capabilities to deliver solution for that as well. Both physical and software agents. An example of the NQX post-quantum encryption network connection and data transfer connection. Here's a new win for us for a satellite manufacturer. Like I said earlier, it's not yet between encrypting the connection from satellites to ground, but it's once the reconnaissance data or other sensitive data from the satellite imaging is down, how do we then communicate that within the network and between customers as well. Finally, on these use cases, SalaX secure messaging.
We just closed the deal in Central Europe for a healthcare organization for hundreds and hundreds of users for critical communications for patient and medical data. I wanted to talk a little bit more about the progress with Leonardo as a partner among others, but as a really strategic partner and of course the largest owner with their investment in here as well. What we've been doing, and I think I spoke about this already a few months back, is that we are now tightly integrated or embedded into the overall cybersecurity offering of Leonardo, you know, whether it's identity or access or data sovereignty or data security or network security or the governance of security with the Global CyberSec Center Operations. Right in the middle there with cybersecurity and resilience. Here's a really interesting example.
Maybe you wouldn't believe it, but in Europe we now talk about sovereignty and should we have, you know, private clouds or national infrastructure to support identities and data without tossing it all over to global players like Microsoft and Google and so on. In Italy there's been a project now for three to five years. It's called PSN, Polo Strategico Nazionale, which is all about transition of the public sector, you know, public organizations and healthcare into digitalized environment. Now, here in Finland, that's no news to us. We've been digitalizing our society already much earlier. This is a massive move. It's about EUR 3.6 billion investment over a few years' time, covering more than 500 entities in Italy. Already 250+ have migrated into it.
Now we get our solution PrivX as a governance model into that environment. That is really a model citizen example for other European countries how to deal with cloud security when you use public clouds like AWS, Azure, Google, Oracle, and then private data centers or private clouds, in this case of course in Italy by Telecom Italia, and how you connect those and how you do the classification of what data can be where and how do you govern the security and security keys into the access of those environments and data. Very advanced environment and solution. Then there are more cases. I think I mentioned earlier that we have about 40 cases. We are introducing new cases together with Leonardo with the embedded solution offering now all the time.
You can see some interesting customers of Leonardo where we are now going after together, whether they are in, you know, in the defense space or space or public infrastructure, critical infrastructure. You can see a few names there for space agencies or police or railways or many, many infrastructures. This is the area where we are working, and not only in Italy, in Europe, in Middle East, in Asia, where Leonardo started a new cybersecurity center in Malaysia, and then of course in the U.S. and U.K. to be exact, even more so. All right. That kind of concludes my summary of our activities, and maybe Michael can join me here. Maybe I'll just say that we are not changing our outlook.
Our outlook still says that we expect net sales to grow throughout the whole year and to have a positive EBITDA cash flow from operating activities. We're not changing that guidance right at this moment moving forward. I think, I know we now can move to some questions maybe from the audience.
Yes. We will first start with opening the floor to our analysts, and I think I saw Jakob already raise his hand, so please go ahead.
Good day, Rami and Michael. Can you hear me?
Yeah. Perfect. Loud and clear.
Perfect. Okay, a couple of questions from me, starting with the cost base. It seems to increase somewhat quarter-over-quarter here due to the investments into PrivX integrations and sales and marketing, I believe you said.
Yes.
Should we expect this cost base to, like, continue in the rest of the year as you continue to invest, or is it more of a one-off?
No, I think this is the kind of investment in the resources that we need to speed up some of the development efforts and to enhance our marketing. This is more or less going to continue on that level.
Yeah. I fully understand that. Speaking of organization then, I mean, this change in organization that you have announced moving away from business units per region and instead centralizing the functions. Like, can you give a comment what do you hope to see as the clearest outcome of this transition here in the future?
Yeah. It's really much about, like I said in the presentation, it's about focus so that we can, as a whole organization, focus on the highest growth opportunities. By combining, for instance, all R&D and engineering together, we have more flexibility to guide our development resources into, for instance, PrivX development and have a sharper focus on that. In the marketing side, by establishing a Chief Product Officer role and enhancing product marketing and go-to-market, which was kind of divided between the different business units earlier. Now we get a much better competence development and competence centralizing, if you wish, for go-to-market.
Okay. That seems like a reasonable move. Final question from me is, I think you mentioned in the last report and also, in this conference call as well the 40 opportunities with Leonardo since the start of the partnership. First of all, is it still 40 opportunities? Second part of the question is your focus on adding more and more opportunities or processing the ones you already have with Leonardo? Thank you.
Yeah, both. I mean, some opportunities have gone away already. A few have been won already. A few more are in the pipeline. For sure we also are continuing to work on those opportunities that have been established. Some of them have longer lives, lead times. Some will have to even probably go to public tendering as well. Then for sure we have also been adding handful of cases, actually pretty large cases. As an example, we just had a training for 60 salespeople at Leonardo for NQX network security, and concluded that, hey, you know, with that sales force, we need to find for each salesperson, we need to find a few cases with their customer base.
We're now going much more actively and even I would say aggressively after the customer base and prospect base of Leonardo. Now that our solution suite is integrated into the Zero Trust solution offering. Certainly. Of course, the main focus now is in bringing home some of those opportunities that we've been working on, and I think it looks very promising. Timing is maybe the question, how quickly can some of them come through? For sure there will be new opportunities moving forward as well.
Okay. Sounds very encouraging. Looking forward to following that. Thank you, Rami and Michael, for taking my questions.
Thank you, Jakob.
All right. Thank you very much. We have a couple of questions in the chat from our analyst, Roni Pärssinen. First of all, does the USD weakening affect mostly maintenance revenue or also subscription revenue?
It affects both, but the maintenance revenue, a larger share of that is in USD, so it has more impact on the maintenance revenue than on the subscription revenue.
Right. A second question is, PrivX is growing nicely, but can you open up development of other products?
We are continuing to develop other products as well. For instance, for the Key Manager solution, we added now GenAI-based enhancements to the product, mainly for finding the key environment and reporting on that for the Zero Trust. We've been using AI very heavily in development for sure as well. For NQX, we just released or releasing 3.2 version of that which has many enhancements. The roadmap on NQX is also very strong. For SalaX, secure messaging, we have brought out in the Q1 two different variants and versions, so enhancements to that solution, and also integrations to other communication networks like TETRA networks, you know, the government networks here in Finland.
All right. Thank you. Can you comment what's the average deal value of Leonardo deal pipeline or range?
Range is from EUR 50,000 to millions. These are typically larger deals for sure. Maybe an addition to that is that the customer behavior has also changed. I mean, if five years ago, 10 years ago, you made a big deal for the whole infrastructure and paid upfront, customers are now more in the kind of pay as you go, pay per use model. Many of the cases I estimate will start a bit smaller. You know, you start with one use case or one entity or one segment of the network, and then it will expand over a couple of years' time.
All right. Thank you. Has the win rate of Leonardo pipeline been what you originally expected?
Yes.
Okay. I don't see any more questions in the chat, so I think we will thank our analysts for the questions, and thank you Rami and Michael for the presentations. Our next investor call is on July 17th. Thank you again for joining us today, and we will see you in July.