Welcome, welcome, dear guests online. I'm admitting people online. Please mute your microphones if you are not talking. Thank you. We'll start in 10 seconds. Also, if I can ask everybody to shut cameras if you are not talking. So, let's kick off our today's call. One moment. Yes, welcome to our investor call on SSH Communications Security's business review, July first to September 30, 2023, Q3. This meeting will be recorded, and the recording, alongside with the presentation, will be available on our webpage after this call. My name is Lauri Koponen, and I'm the communication lead here at SSH, and I will be the host of this call. Results will be presented by our CEO, Teemu Tunkelo, and CFO, Michael Kommonen. You can ask questions at the end of the event by asking to speak in the chat or writing your question there.
Please keep your mics and cameras muted and shut it whenever you don't have the floor. I can see that people are still joining the call, but let's move to the financial results. Please, Michael, floor is yours.
Thank you, Lauri. So, in the third quarter of this year, we recorded net sales growth of 12%, while our EBITDA was positive EUR 1 million and EBIT also positive in this quarter of EUR 0.1 million. So net sales accelerated... The growth accelerated, compared to the first half of the year when we saw 9% sales growth and reached EUR 5.2 million in the third quarter. This sales growth was driven by the continued momentum in our subscription sales, which grew 33% in the quarter. And, driven by the sales growth and the subscription sales growth, our ARR increased by 10% and reached EUR 19.4 million at the end of the third quarter.
The EUR 1 million in quarterly EBITDA was a clear improvement, both compared to the previous quarters of this year, and also a clear improvement compared to the third quarter last year. The improved EBITDA was mostly driven by the sales growth and supported by, our cost control and our control in spending overall. This last quarter was also our tenth quarter consecutive of positive EBITDA. Looking at the achievements during the third quarter, some highlights, then we will go into this in greater detail, but some things worth mentioning. We closed our third major lighthouse customer for PrivX in the U.S., a deal worth approximately $250,000 in annual recurring revenue. This was to a global financial institution who chose PrivX solution. We also launched Secure Collaboration 2024, our suite for human-to-human interaction.
In the third quarter, we also announced a partnership with Beyond Identity. We will collaborate to improve endpoint and session control security with Beyond Identity going forward. Next slide, please. Looking at the overall trend of the last quarter seen here, we can see that our sales momentum continues. As previously mentioned, our subscription sales grew strongly, 33%. It was then partially offset by a reduction in license sales in line with our strategy, and also a minor decline in maintenance sales, which declined slightly in the third quarter. Deferred revenues increased, reaching EUR 12.5 million in line with the overall growth of the business. EBITDA and EBIT, as mentioned, EUR 1 million and EUR 0.1 million. Cash flow from operations was EUR 0.8 million in the third quarter.
On a quarterly basis, cash flows will fluctuate a bit depending on the timing of invoicing and the closing of larger deals and the cash flows related to them. We ended the quarter with EUR 2.6 million of cash, which is the same amount we had at the end of the second quarter and close to the same number as a year ago, so EUR 0.1 million below the third quarter of 2022. Next slide, please. If we look at the overall cybersecurity market, this picture is to illustrate kind of one perspective of how the market looks. It continues to be a market characterized of companies investing significantly in growth.
So this chart shows on the Y-axis, it shows the EBITDA percentage as share of net sales, and on the X-axis, it shows net sales growth. Many of you will be familiar with the Rule of 40, 20% net sales growth and 20% EBITDA. If we look at the picture overall, we see ourselves, and then we see select competitors in the cybersecurity market. Not all of them are direct competitors. All of them are in the cybersecurity market. Most of them are also operating in the same segment of the market as we are.
If we look at the numbers, we can see that for the last reported six or nine months, depending on availability of numbers, many of the companies do achieve the growth component of the Rule of 40, so growing 20%, even beyond and above 20% annually, but very few of them are actually profitable on an EBITDA basis. We continue to grow and aim to grow profitably. So if we look at SSH in the picture, we can see that, even though our growth is not as fast as some of our competitors, we're doing... we are still growing robustly and sustainably, and we also have a profitable EBITDA profile in the company.
Finally, on the chart, the size of the bubbles or the circles you can see in the company are proportionate to the size of the net sales of the company. So that's the- that's what the chart is showing. So with that, thank you for my part, and please go ahead, Lauri.
Yes. Thank you, Michael, and I'm now stopping sharing because let's just talk next about the business highlights of the quarter. Please, Teemu, floor is yours.
Thank you. Going behind the numbers that Michael was presenting, I think our quarter was okay. Taking into account, it's also the vacation period of Europe, which is nowadays our biggest market. So... And the other thing is that we've done some major developments on our portfolio moving forward, so we have more things to sell, more cross-selling opportunities, and we have achieved in some of them already. So PrivX has been implemented now as a platform for Zero Trust suite, which encompasses Tectia, UKM, CollabX, which is the rebranded Deltagon with a new technology based on PrivX. NQX with PrivX is getting a lot of traction, so we are finally getting to the stage that we are really able to sell solutions instead of specific point solutions.
The integration of PrivX with our core products has been now completed, and we have started to launch a wider marketing campaign to build a new approach where the customer can buy best-of-breed products that all work automatically out of the box together. We want to emphasize the topic that we are communication security between human systems and networks. We are not the traditional access control company, and at least with the bigger customers, with stronger own IT organization, they appreciate our focus on the access control instead of building walls. We were able to complete the partnering with Beyond Identity to help our customers to get easier, secure device with secure person from a secure location.
So basically, in my mind, a way to get rid of these clumsy SMSs as the MFA method, which is not even fully secure, but at least it's not convenient. And with Beyond Identity, we have an element in the, in the PrivX, so it's not a separate product, integrated in the PrivX technology that makes the device safe from wherever you use it, and you can put a lot of triggering points to make sure that the right, right place with the right device can access the system and the cloud and the data center, whatever your needs are. Deltagon we acquired some time ago, and, and, now it's time to move over and really also naming wise, put secure collaboration, human-to-human interaction, as part of our main offering. We also want to expand it to video calls, to instant messaging.
In a way, it's a tool for B2B business, which is pretty much driven by Wall Street and the Securities and Exchange Commission requirements that the financial institutions have to be able to record the communication between customers and their employees. They've got some significant fines because they haven't done it, and for this niche, the secure collaboration is now focused to take its own fair share. And it also has to do with other collaboration, where we want to really make it seamless. We will talk about them later, but we want to make it seamless experience with secure authentication, identity, device, location, going either cloud or data center. The end user will not see any difference. That will be the next step of the secure communications offering that we are working on. Partner program, we have established our first phase.
Roughly half of our business is with partners, various partners, some new ones, a lot still from the history. We are moving the partners to sell the solution portfolio instead of the point products. We have also now started to get traction with our OT partners here, industrial automation, system integrators that are not used to selling cybersecurity. In that area, the partner business is focusing on the story that don't lose your keys to the kingdom. The end customer should keep the keys to their factory and the keys between the factory and the cloud in their own hands. Because the problem with most of our end customers in OT side, they work with many automation vendors who have all their own security architecture, which makes it very clumsy and expensive to have a really secure factory-to-cloud connection.
And for that, we have the solution. We have sold it directly, and now we want to expand it through the partner channel as well. So we have upstream and downstream partners. We are increasing our cooperation with the open source communities, which is, of course, the history of Tectia. We put SSH into open source initially and with PrivX, and now with human communications, we also want to be more integrated part of various open source projects. Our numbers side were okay, and we are still investing back to the business. So we have increased compared to third quarter last year, our R&D spend with 12% and our go-to-market spend with 7%. Both limited on our financial capabilities and remaining to stay on the profitable EBITDA track.
We are still, I think, significantly putting effort to the R&D for the main customers to develop together with them the features they want. On the post-quantum side, which has been for us a really good way to get to the table with government organizations, big, big companies, it is still, as I said earlier, it is still more consulting, architecture building, understanding the part of—which part of your network needs to be post-quantum, and which fits well with our history, that we, we are focused always on super and power users. We are not focused on the whole installed base. And, if I now look at the discussions we have with our major customers, where we participate on their post-quantum journey, one of the things that rises above others is health data, because health data is something that you have to keep protected forever.
especially with people that have a significant role in the society or in the company, that is a thing that you want to keep safe. The other big thing is that certain parts, the lifeline of the corporate backbone between key systems that are essential for the business, has to be safe from denial of service attacks, and Post-Quantum and NQX, both in their own right, give us a good position to offer something that is not widely contested in the market. We have products that have Post-Quantum tech there, NQX, UKM. We will have that in all products. Most of our competitors nowadays also speak about Post-Quantum, but they don't have the ready-made products.
To support this, as we historically have done a lot of IP right development and patents, we are joining this post-quantum cryptography consortium, where we are among a little bit bigger companies, but based on our deep cryptography knowledge, they have invited us to be on the road of building the post-quantum future. We are also actively cooperating with IQM, which is the Finnish quantum computer, and you will hear more about that in the near future. If you want to hear more or do some self-studies more, we had the Capital Markets Day at the end of August. That is on our investor website. The data is there that you can study on your own, and we are, of course, always available to answer deeper questions on the topics that interest you with the SSH Communications Security.
So a little bit explanation on the Beyond Identity topic. I already a little bit touched it. So what we want to have is never trust, always verify. Verify means that you know that you have the identity, which comes from your system where you have the identity provider, Active Directory, maybe the most common. And then the new things that are coming is that endpoint security. Endpoint security, as we used to know it, is going away. What comes is hardened, the browsers that run on Apple, Android, and Microsoft, which will go or provide biometric recognition. So the operating system takes away big part of that you know that it's a safe entity or, or actor, so a system or a, a person who is addressing your, wanting to address your systems. And we want to have biometric authentication as standard.
I also myself use Windows Hello to greet the screen. I don't almost anymore remember my password. And what we add there is the secure device, secure location, secure trigger points that you can know from indirect signals that you are dealing with the right person, with the right device, with the right location. And then you are, with this technology, you are getting rid of one of the fundamental challenges of the SSH protocol, which is that the protocol, the SSH key is not connected to an identity, it's connected to a system. So you don't know which human uses the system.
With our cooperation with Beyond Identity, you also know who uses the key, and this, I think, is a unique value proposition we are offering to our customers, and we are getting very good feedback on that approach, partially from ease of use, but also from higher security coming from more parameters and active monitoring of the status of the device, of the location of the user, and the identity in practically real time, constant control what's going on, possibility to monitor the actions, what is happening on the conversation. Now, moving to human-to-human communications, which on secure communication has been dominated a lot by secure mail and signatures. We have had historical Deltagon suite with sign, with form, with rules, and that we will continue to support our installed base of thousands of customers and hundreds of thousands of users in the Nordic countries.
On top of that, we want to go to the next level of technology, so embed secure mail into the PrivX platform, get secure messaging, get secure video, all that will be able to be monitored and real-time controlled access. Also, secure collaboration is made ready to be able to be provided also as a PQC edition in a later date. For our outlook, we remain. With these words, I hand it back to Lauri.
Thank you, Teemu. So, let's move to the next and last phase of our call, which is Q&A session. We have had a couple of questions in advance. I will start from those, and I'm very happy that we have also in the chat many questions. You can post your questions there, and if you are willing to raise your question out loud, you can raise your hand or write in the chat. But as tradition, we have first question coming from Fredrik. So please, Fredrik, floor is yours.
Thank you very much, and good morning, Teemu and Michael, and, congratulations to a very solid quarter. I have just a few questions. I mean, the first question is to Michael, that you increased R&D and sales activities during the quarter, but I mean, at the same time, you improved the profitability and the EBITDA margin of 19.2% is very impressive. And you talked about the sales growth, cost control, and spending overall is a factor, but I guess there should also be a pricing factor in here as well?
Yeah. You mean pricing on our products?
Yeah.
Yes. Yeah, it's definitely one of the factors, of course, that would be contributing to our sales is the overall pricing. And-
And maybe expanding a little bit on that, we have chosen, since we see the recession coming, we've chosen to keep our price level as high as we can. So we, we marshal our salespeople with, "Hold the line, keep your ground. We don't give discount." We don't see that our price is the problem. Surrounding price, the customer overall price might be, but there also we are better than the competition in the system integration. So we have been able to keep the price levels high. Maybe we've lost some business with it, but it's still better for us overall because it gives an impression of a quality product if we are proud enough to say that we want the proper price.
That is for me also a more strategic question that when you sell software, the price elasticity is perceived to be easy because the gross margin is almost 100%. On the other hand, we have a fixed block. 70% of all our costs are people, and they don't go away. So this is a volume game, which is volume is units multiplied unit price, and that's why it is utterly important for us to keep the price level, and that we have succeeded so far, far very well.
Okay, great. Thank you. And about that, the R&D spend is up 12% year-on-year. Can you give us some more color on the specific areas of the R&D? And then, of course, will you continue to increase the R&D for the rest of the year?
Well, R&D is a good question. It's very... I'm very happy that you asked because a big part of our R&D, what we are improving is making installation easier, making testing more automated, making our manuals more readable. So a big part of the investment has gone to the surrounding things that we are almost as easy to use as an app. The other topic is that since we have gone to bigger environments with PrivX, we have customers who have 1 million sessions per day. We need to do performance testing, stress testing, intermittent testing, different things that we can really trust in our lab. We can simulate an environment of 100,000 servers and 1 million sessions per day, thousands of users, and that is, it is R&D, but it's a different skill. It's different kind of people.
It's actually investment also in the equipment, because we want to remain industrial grade also in the big environments.
Okay, that makes sense. And, yeah, just two quick questions before we're done. How fast did the PrivX grow in the quarter? And then can you say something about the growth rate in NQX?
Yeah, so we've... What we've given out is the year-to-date growth number on PrivX, and it was the year-to-date growth is now 23%. We haven't talked about other products on a product level. Is that something you want to comment on, Teemu?
Well, the NQX is still on a, I would say, infant phase. So the percents are impressive, but the absolute numbers are still disappointing. And, NQX is at the phase that we are dependent on single orders. When they come, the growth rate is huge. When they are delayed, the growth rate is not impressive. So the growth percent with NQX is not yet relevant.
Okay. Thank you very much.
... Thank you, Fredrik. Did you have any more questions? No. Okay. Yeah, please continue writing your questions in the chat or raise your hand, but now I will start from questions which came in advance, and then I will move forward with the questions from the chat. So first question is that: Do SSH competitors on the market offer PQC-ready solutions similar to SSH products, and has SSH protected its own patents in this aspect?
A lot of companies market PQC-ready products. Very few have actually general release on, on those products. We have not patented it, and we are still looking at that area because the standardization is not complete. What we have been lucky so far with PQC, that we have been guessing the right NIST standards that we have implemented. Some of our competitors and some open source alternatives have chosen things that are not approved standards, so we are in that sense good. But itself, the PQC algorithms are standard, so there's nothing to patent.
Where the patent areas we are looking at is how we implement them, how do we bring it into the environment where you have a hybrid environment, 90%, 95% of the traffic is still PQC, 5% is non-PQC, and that's the area where we are looking at possibilities to patent something.
Thank you. Next, next question is: Has the entry into force the NIS2, in one year's time already, so it has been in force, had any impact on the demand side of SSH?
We've done campaigns recently on NIS2, too, in the Nordics, and the results were quite promising. It was, unfortunately, still an email campaign, but we got an open rate of 30%, and we got actions from 6% of the answers. And compared to our other email campaigns, this is tens of times more than what we typically see, because I also typically don't read the emails I get from an uninvited source.
If I may comment that we have ongoing campaign in all our channels regarding NIS2. We have excellent guide, so please download it from our webpage. My comments is that governmental agencies from Nordics are very, very interested in the topic.
And maybe one topic from the U.S. front, we are also active there and talking about the NIS2, even though it's a European standard, but it's for American companies who have operations in Europe, they have to comply with NIS2. And that's kind of perfect because the American vendors don't have a clue what's going on. So we can really tell something that they have to react, and it's a foreign government imposing new rules for them, and we are from that area, so we can really guide our American customers who have operations in Europe.
Yes. Thank you. Let's move forward because we have a lot of questions. What are SSH expectations for the SSH Secure Collaboration 2024, CollabX solution now launched? What features differentiated it from others on the market?
It's the suite approach that you don't have to have a separate signature program, you don't have to have a separate email program. It all comes from one hand collaborating, easy user experience. We haven't seen a lot of competitors taking the same route. We haven't seen any other competitor going for instant messaging and video calls. We've seen them as separate products, but not as a part of the total solution. So it's really a comprehensive human-to-human communication, be it interactive, semi-interactive, or passive data distribution, all comes with the same one tool. People don't have to learn, same look and feel, and I think that is a big differentiator in the market.
Thank you. Next question was about NQX, and that I guess we handled. Maybe as a follow-up questions, is that when are the first solution expected to be sold outside Finland?
Commenting future is always difficult, but we, we have projects in several countries, where the challenge is a little bit that every country wants to have their cryptographic part somehow under their own control. So we are looking at licensing the technology that the target countries would be able to give them their own final touch. So do we ourselves directly sell NQX in other countries? Probably in certain countries, not the biggest countries in Europe, not probably in the first phase in the U.S. Certain countries in Asia, which have similar problems as we have with Russia, but another big country....
Those are kind of the areas where we're talking, but it's a technology transfer topic because the target country wants to be able to do it in the country for the country, and that is delaying the expansion of NQX outside Finland.
Thank you. And last question, which came in advance: Has Finland's membership of NATO already been reflected in increased contacts and interest in SSH?
We have gotten our first contract to implement the architecture of NATO compatibility and different technology compatibilities to be NATO compliant and also to be able to run Finland separate from NATO and interconnected to NATO. So that work is already happening as our PS initiative, and there's a lot of activity that everybody wants to understand. We are eagerly waiting with our partners in Sweden to get Sweden into NATO, because at the moment we can't share things with them because they don't have the same level of data as we have.
Thank you. Then moving to questions in the chat. First question, invoicing decreased from EUR 5.9 million Q3 2022 to EUR 4.7 million Q3 2023, meaning 20% decline. Reason for this?
Yeah, I can maybe comment on that. Yeah, I think the question is asking second quarter 2022 compared to this quarter twenty... But I guess it's a typo. Anyway, as we discussed on the, or was mentioned on the cash flow comment, if you look at quarterly numbers, they will fluctuate quite a bit. So in this case, we had some renewals, some larger renewals that took place in the second quarter of this year instead of the third quarter, so the invoicing happened earlier than it happened last year. So if you look at the year-to-date number, or first of all, if you look at the second quarter number of this year, you'll notice that it's over EUR 1 million. The invoicing is over EUR 1 million higher than the previous year.
If you look at the year-to-date numbers, you will see that they are broadly in line with last year's numbers. So in short, the explanation is timing of renewals.
The more we go towards bigger average deal size, meaning our sweet spot is $250,000, that is already over 1% of our revenue, so timing of these deals will impact a lot how a single quarter or a single month looks like. It's easier to look at us from running 12 months to see the trends.
Thank you. Next question: How many new customers have you signed in Q3 2023 and year to date during 2023? What was the average deal value in ARR, and how has this been developing?
I think we don't go to that level of detail. The average deal size has increased. We still have a huge spectrum of new customers that pay us EUR 500 per year, or pay us EUR 200,000 per year. So the number of customers without that data is kind of irrelevant, but it's more than we are willing to disclose at this point of time. But the basic trend is clear: we go for bigger deals. We are increasing minimum purchase amounts that we get our customers to buy more because we are B2B, we focus on large customers. So the customer count is irrelevant. But for me, what I focus on is new logos. Logo means a customer that everybody knows the name.
We can't disclose the names, but I'm proud of the logo customers, and I'm happy even one good logo customer per quarter, it will take us a mile ahead.
Thank you. Yes, one moment, please mute your microphones if you are not talking. Thank you. Let's move to next question. Profitability improved significantly to EUR 1 million EBITDA. You mentioned the reason being revenue growth and cost control. Please elaborate on the cost side. What costs specifically were managed? Did you manage sales or marketing costs in Q3 2023, and would this have a negative effect to future quarter sales growth?
What we did were that the other topic that was already mentioned is that we were able to keep the price level, so the product mix has been favorable. On the cost-cutting years, we were this year especially careful with out-of-pocket marketing spending in Q3, partially because we have also learned over the years that actually, especially Europe, is on vacation either July or August, and on September, people are reading their emails. So, being too active on that market doesn't make sense. Also, there is the issue that the bigger marketing events we joined, they happened to be not happening in third quarter, they were in October. So it's a mix of many things, but I would say the most important thing, which I'm proud of, is that we've been able to keep our price level.
Yeah, maybe to add a bit on that further is, like, expand on what Teemu was saying. We continuously manage all costs and focus that our spend is done wisely and carefully. So part of that is the sales and marketing, but it's the overall cost of all our cost base that we are continuously managing.
One topic which is not big part of the number, but as such, but of course, compared to past our post-COVID, our travel budget has exploded, which we feel is important for us to build the logo customers further, to take care of the installed base. But of course, that also was limited travels in the third quarter compared to the beginning of the year for understandable reasons.
Thank you. Next question was actually about PrivX ARR growth that we handled. Next question is, can you please open up more of the relationship to Beyond Identity and SSH? Which party was active in opening up this venture? Was it the timeframe in which you see... What is the timeframe in which you see this partnership contributing the revenue and profit of SSH?
The cooperation was initiated by us a good year ago. They got interested in us as an OEM partner for them, so we are not the reseller. We embed their technology into PrivX, and we want to have a two-way cooperation. They can also embed PrivX to their solutions, and they see that we are taking them closer to the customers because the combined offering is something different, and it goes very well with our strategy of optimizing data traffic throughput with minimum hindrance, but maximum output and full security. And what Beyond Identity does is the next generation of endpoint security by hardening devices, get rid of SMSs. So it was kind of a... It took some time to get them see that, okay, even though we might be smaller than them, but we are very savvy on our technology.
They are also a very technology-focused company, and they saw that there is a kind of a, the one plus one is more than two, so that's why they were happy to join forces with us. And the impact will be seen in faster PrivX growth when it kicks in. We have serious customer discussions, what we do together, partially, that our sales people learn to explain their identity. We also have projects going on where Beyond Identity takes us to their customers. So... But it's, of course, early phases. I would expect something coming in the next spring, might be kind of realistic timeframe. Don't expect anything to happen this year that we will get the mega deals together with Beyond Identity. We will be able to sell it, and we sell a lot, but great deals closing this year, I would say unlikely.
Thank you. And I see more questions coming. Thank you for your activity. We have still time. You can write them in the chat. Next question is, do you expect to have steady increase of annual recurring revenue in Q4?
That is our target.
Next question: What reference value do you expect to have a new U.S.-based lighthouse customer order received end of September?
I'm not sure if I quite understood the question.
Yeah, I think the question was the reference value, or is there any reference value to the lighthouse customer on PrivX?
In our business delivery period, I think there is. The biggest impact we see with our logo customers is that where the technical people in the U.S., they move jobs much faster than in Europe. So where we have gotten the reference value is that the person who has worked on PrivX on a customer goes to work to another customer, says, "I want to work with PrivX here as well." And that's where we've gotten the best leads. And in the right circles, when we have customer advisory boards, we encourage customers to tell their success stories. And so behind the closed doors, there is a value, and there is certain clear pattern. Like, you know, Finland typically follows what Sweden does. The same with the big banks, they follow-...
What each other is doing, and they talk with each other, but they will of course not disclose it in public. But that is the way we succeed in the bigger European banks. We can really clearly see the hierarchy. If our lead customer goes for Zero Trust, everybody else wakes up and said, "I want to hear about Zero Trust as well." So there is a reference value, but it's not like a normal, transparent business.
Yeah. Thank you. Next question: Do you see potential to merge or interest to initiate discussions?
No, I don't think we have anything to comment on that.
Next question: Do you see potential for more than EUR 1 million customer orders?
You mean single orders?
Yes.
We have. Yes, we have. The biggest PrivX customer is on that range. We have several on that range. A million is a funny number because then you typically end up in customer's governance. It goes to higher levels of management, which is slower decision-making. That's why we still say that the quarter of a million is the sweet spot for PrivX. But as I said, we do have interest in these big environments, and, and that's why we are investing that the product is ready for that. And, of course, average deal size increase comes best if we can really kick the glass roof for the product size bigger. It's just in that environment, you can't fail. So when we sell the first major new customer on that price range, then we have to be really sure.
So we want to go after customers, as I said, logo customers that have a potential of being a EUR 1 million or EUR 2 million customer, but we start with land and expand. We do something that we win the confidence, we get it working in their environment, in their infrastructure, in their network, and then we roll it out over time, which also reduces the sales cost then. So we rather go with the sweet spot in and then do land and expand.
Thank you. And now I see last question, but we have still time, so you can post your questions in the chat, but let's go forward. So you still have the around EUR 10 million hybrid loan. What is the interest rate at the moment? Any thoughts to do financial arrangements related to this?
Yeah, so the hybrid loan is... the principal amount is EUR 12 million, and the interest rate is 11.5%. Other than that, we don't have any plans or thoughts on arrangements that we can communicate at this stage.
Yeah, maybe softening it a little bit, that now that we have EBIT positive quarter behind us, one of the challenges is that software companies don't have a lot of bankable assets. So our bankable asset is the Rule of Forty, and that's our main target we want to aim. And then once we get the confidence of the financial institutions, we might be in a position of, of refinancing it, maybe on more favorable terms, but it's, it's not a big deal at this point of time.
Thank you, Teemu. Thank you, Michael. Thank you, dear guests, for your activity. We are very pleased and happy about your questions. I think that at this point, we don't have any more questions. Thank you once again, and materials for this call and the presentation will be available on our webpage later this day. I will start wrapping up the call. SSH Communications Security will release its financial reporting calendar during 2024 Q4. I mean, the calendar for 2024 will be released during Q4. My name is Lauri Koponen. I'm Communication Lead here in SSH, and on my behalf, I also thank, thank you and see you next time.
Thank you.
Thank you.