Good morning, everyone. Thank you for joining us for the interim results for NCC Group. Just to recap, these are interim unaudited results up to the 31st of March 2025. I'm Mike Maddison. I will start with a bit of a, firstly, a recap. I think it's important just to reset, just to refresh a few points in terms of the overall group. We've been very consistent. This is a group of two distinct businesses. We have a cybersecurity business, which supports organizations managing cybersecurity risks, and Escrow, which is a business that focuses on providing a very diverse client base with escrow services, software escrow, and verification services. We are a trusted partner to organizations, public and private, a very diverse client base. Both our businesses operate in a market which has a number of diverse but multiple drivers for growth.
Very positively, as a group, as a technology company, we have strong financials. As we will talk through today, hopefully that continues to come through. Just a few highlights, and I will deal firstly with our two individual businesses. Let me start with Escrow. I am delighted to say that as a business, we have had now 10 consecutive quarters of growth. Very pleasingly and really importantly, that is sustainably improved gross margin as well. I would just like to confirm we are indeed investigating options for Escrow and are holding a number of discussions with interested parties. Clearly, if they conclude successfully, it would enable a return of capital to shareholders, which would give us the optionality to invest in our cyber business, particularly as we see significant opportunities in that domain.
Now, clearly, it is a confidential process, and as a result, I won't be taking questions on the process, although obviously we'll be discussing in more detail the financial performance of that business as we hand over to Guy. If I could then just move on to cybersecurity. Now, clearly, we've seen a slight revenue decline in the cybersecurity business, and I wanted to just give you some of the nuances of that because there's quite a lot of detail as we play through in terms of under the numbers. Firstly, let me deal with, I think, the NCC historic and highly successful, let's face it, high volume but lower value transactional business, particularly in penetration testing.
Now, that's been under pressure for quite some time and due to the challenges both what our clients face in a macro environment, but in H1 that became particularly evident and was amplified those trends which we'd historically seen. There's now more than ever a greater emphasis on larger, more strategic projects that focus on risk reduction and remediation with our clients, and that is quite a shift from a market perspective. The challenges that we see in that transactional business, the penetration testing space is not unusual to NCC Group. We certainly see that in our competition. We're not unusual in that regard. In our managed services business, we've continued to win some marquee clients. The proportion of revenue from this area has increased, as we always intended in terms of our strategy.
That is despite an incredibly competitive environment, particularly in the renewal space and particularly in the SME sector or the mid-market. The strategic growth areas that we focused on, such as digital identity and operational technology, are experiencing strong pipeline growth in H1. Again, that is from a standing start. These were new areas of investment, and we're very pleased with the build of the pipeline which we are seeing revenue growth in H2 and also into FY2026. These are longer sales cycles because they're more strategic, more complex, and therefore need the support of an entire team to actually close out. Very positive progress in those investment areas. I wanted now just to sort of maybe give you a little bit of a feel for the market environment in which we're operating.
Actually, some of the positive market tailwinds, which I think we are very well now placed to capitalize on, give us confidence for our future growth prospects. They are really important as we continue to pivot the business from where we were to our goal. Firstly, let me talk about the escalating threat. I think this is very evident. We see it reported every day. It is very clear that a number of the sectors in which we operate are completely unprepared for the level of challenge in which they now face. This is now a core business risk. It has been elevated to the executive layer and indeed to the board from the Chief Information Security Officer as a fundamentally IT problem. It is also facing increasing regulatory risk.
is greater momentum in this domain, which is something that we are very well placed to capitalize on because of our relationships within the regulators and also within various government institutions. There is a very clear shortage of talent globally. That is important as we have over 1,000 deeply technical cybersecurity experts. It is also important from a client perspective as we see greater emphasis on strategic shifts, the need to outsource and use third-party suppliers to achieve strategic change within an organization. As I say, changing buyer habits. This is very evident, that shift from transactional compliance-driven activity to strategic, impactful programs of work that focus on remediation. That is driving it from an IT-only issue into a C-suite executive layer conversation. They are all great things, and I think we are, as an organization, incredibly well set to be able to capitalize on it.
With that, I'd just like to maybe give a little bit of context, a little bit of a reminder of the journey we've been on as we pivot this organization. We put in place a strategy that reflected many of these positive tailwinds I've just talked about and to evolve this business into something that is really fit for the future. This strategy launch coincided in very early 2023 with a series of significant market shifts post-COVID, which highlighted many of the operational issues within NCC Group. To give you a flavor, we had very high borrowings, and therefore that limited our strategic flexibility. We were a fragmented and overly complex business in some places. That was the product of multiple acquisitions over a long period of time, and many of these had not been fully integrated to drive their inherent value.
We had limited global infrastructure and systems with a number of geographical silos, with also a complex product set and quite diverse product set. Finally, I think we had an incredibly diverse client base, and we had an over-reliance and concentration risk on our major U.S. tech firms, tech firm clients. All of that in the round highlighted some significant risks for the business. We've done a huge amount, and I've got to pay credit to all of the colleagues within NCC for their incredibly hard work in shifting and changing the business in a relatively short pace of time. We've continued to evolve, and we are now far better positioned and with more resilience to adapt and capitalise on a very different market environment. Today, NCC looks and feels different. We're significantly simpler and a more focused group.
The judicious disposals that we've made, the most recent of which we've just concluded, which was a very complex, highly regulated Fox IT crypto business, means we are now debt-free, which gives us far greater resilience. I think this is really important. Also, far greater flexibility and strategic options. We've also signed new financial facilities on very attractive terms to give ourselves greater financial firepower. We have a world-class technical capability now in Manila, which makes us significantly more efficient and competitive. We're undergoing a journey of transformation. I think that's very clear. In both our client base and in terms of our operations, we've successfully secured a number of marquee clients on multi-year contracts as we shift from that low-value transactional work I highlighted towards broader, deeper strategic relationships with those clients.
Now, the way I see it, we are at a pivotal point in our development from being that complex provider of transactions, single capability services into what we aim to be, which is a strategic cybersecurity partner for some of the world's leading organizations and for government divisions. Let me just take that and talk about why I think we win and we are able to win well in the market. As I say, I'm now confident that we are well set to be the business we want to be. We've set the foundations. We've built it. We've now got to leverage it.
Just to recap, our aim is to drive recurring revenues either through direct sales of our managed services, security operations centers, or other as-a-service offerings, and then upsell our professional services capability, or use the strong relationships we build through our professional services to upsell either our managed services or security operation offerings. This is what we describe as our flywheel. We have all of the touchpoints within a client, and it's about leveraging those relationships to get a broader, deeper set of client relationships. The flywheel to deliver the full lifecycle of cybersecurity services. Now, this emphasizes why we're able to win and often actually displace our competition. The points of differentiation are things like we have a truly prestigious global client base, an absolutely outstanding set of client credentials.
We have broad and very deep client capabilities and multiple client touchpoints, as I talked about in terms of that flywheel. We are able now, thanks to the build of our global hub in Manila, to deliver globally competitively. We have a strong brand, particularly amongst the technical community who understand this domain and recognize the pedigree and capability within NCC Group. I think there are proof points. Certainly, as I look at this business, there are a number of things under the headline numbers, which I think really do reflect the trajectory which we have set and which we are executing on. To give you some of those examples, in FY 2022, only 72% of our contracts exceeded GBP 50,000. In 2025, that has increased to 82%. That means we are addressing that lower value transactional component, the tail within the business, and driving value up.
Now, 57% of our contracts sold in FY 2025 exceed GBP 500,000. That's compared with 31% in FY 2022, which is a significant shift into more strategic and therefore visible, impactful projects within clients. I talked about the flywheel and the multiple touchpoints in clients. Very pleasingly, 48% of clients now use two or more of our capability areas. So it's a richer, deeper engagement with our clients. Our average win rate since FY 2022 has increased for contracts over GBP 500,000 by 26%. That emphasizes we are moving to larger, stickier projects, and we're winning really well. FY 2022, we had no strategic global partnerships in the technology space. Now we have Microsoft, Dragos, Splunk, where we were awarded the Global Security Partner of the Year last year. Indeed, last week, we were awarded the UKNI Security Partner.
We're also the paid research partner on behalf of Google, who we do security research on and on whose behalf we publish a number of research papers. There are significant and really, really key brands, which I think demonstrate the credibility and the reputation and the abilities of the colleagues within NCC Group. I talked about a shifting client base and types of projects, particularly in terms of that regulatory component and the momentum in that space. Our red team, which is effectively the true hacking team who operate in that regulated space, have seen sales in H1 FY 2025 double compared to previous years. In fact, it's double the average of every half since FY 2018. We're expecting revenue growth in that domain alone to be over 25%. Now, it wouldn't be a cybersecurity conversation without highlighting a very topical area, which is ransomware.
Clearly, incidents remain widespread, although trajectory they were maybe less in the first half. What we've seen is a client's response tends to be to turn immediately to their embedded technology relationships. This emphasizes to us the need to build and maintain long-term conversations at a senior level within a client and to remain stickier as those are the partners that clients will turn to. I'm very pleased to say there are great examples of how we are continuing to support a number of clients in this domain. Now, quite often it's highly confidential, but there are names within the public domain, which I'm very happy to mention, such as the British Library. There's a very good case study about Eindhoven University where we supported them through a very targeted attack.
Microlise is, again, another great example where we helped them through a very challenging incident. Great work from the team around that, and we continue to be able to respond and support clients around the whole ransomware agenda. Now, clearly, if I think about our areas of focus, there are many positives. We operate in a positive marketplace, but it's fair to say we still have challenges as we transform the business. There are things we need to address and areas to invest. Historically, we've not invested enough in our sales and go-to-market, particularly around business development and marketing. As we seek to reflect the focus of being a multidisciplinary cyber consulting business, that requires quite a shift.
More specifically, we've also need to re-engineer our sales and marketing so it's aligned to strategic client needs, meeting that Chief Information Security Officer, but more importantly, the C-level executive layer buyer's requirements. You'll see us focus on that in the months ahead. There is more to do to simplify our business. Whilst we've already done a huge amount, there's still a lot of work ahead to ensure we have a single, coherent go-to-market strategy optimized around delivery across all of our operations and around the world, leveraging the investment we have made in improving our global systems. While we don't degenerate except to returns or have business that aligns to our global model, we will continue to rationalize. Finally, upskilling our people. We have a great track record on this, and it remains a significant area for all of us to focus on.
We're recognizing the opportunity also, though, to introduce more technology to drive greater efficiency. For example, we've got a really great partnership that has developed with leading providers like Horizon 3 AI and their Node Zero technology, which will put AI at the heart of our network penetration testing capability, driving significant efficiencies. How do I bring all that together? I think if I put it all together, I honestly say I'm more excited about the prospects for NCC Group now than at any time since I've joined. The business fundamentally looks and feels very, very different. We've done an awful lot, huge program of change, and we've made great strides forward to position ourselves as the business we want to be.
With the potential sale of S-Code, we may shortly be able to deliver a significant return of value to shareholders, and that return of shareholder value remains front and center to our minds. After that, we'll be able to focus entirely on our cybersecurity division, which is a series of those unique capabilities and areas that where I think we are very well placed to win in a field that has never seen greater demand. Whilst the short-term results for cybersecurity do not yet reflect, I think, the shift that we'd hoped, we've got great confidence that we are doing the right things and will do so before long. With that, I'm very pleased to pass over to Guy. He'll talk you through some of the numbers.
Fantastic. Thank you, Mike. Good morning to you all. I'm going to spend a few minutes going through our financial performance as normal. In summary, our revenue was down 4.9% for the overarching reasons that Mike's just set out, and I will provide a breakdown of in the coming few minutes. Strong operational control plus proceeds from the completion of the excellent crypto disposal at the end of March has resulted in a 97.6% increase in our profit before tax and a transformed balance sheet. In the coming slides, we'll go into the details of the different drivers of all of that at an adjusted measures level. I'm going to start with our income statement.
Everyone will be pleased to see this is much simpler than the income statement we talked through in December, as we've now fully adopted all of the accounting classification changes we announced a year ago. Overall group revenue dropped by GBP 10 million from the prior year to GBP 156.8 million, driven by cyber, with S-Code delivering strongly. Adjusted profit after tax and earnings per share were largely insulated from the revenue falloff as we maintain the benefits of improved operational control of the business that we've established over the last three years, and GP percent improved by 0.4 percentage points. Overhead gains made previously have held, and we've taken action in half one, which will yield incremental cost benefits in FY 2026. Our tax percent dropped to 8.3% as a result of some North American research and development provision releases and a movement in unrecognized tax-deferred assets.
The resilience of the P&L and balance sheet is a result of the strategic actions which Mike mentioned and good delivery against the FY 2025 financial framework that I set out in December and is now shown on this slide. This is the set of financial metrics which we hold ourselves accountable to and slot in directly against the strategy for the business. As I talk through each division in the coming slides, I'll pull out areas of strength and opportunity from the financial framework, and this absolutely remains relevant to us as we move forward to the second half of this year and into future years and beyond. Looking at divisional performance, I'm going to start with S-Code. It has been another excellent half for S-Code. As Mike mentioned before, 10 consecutive quarters of growth and increasing number of strategic sales wins.
This slide shows on the left-hand side, as normal, the revenue in the bar charts by half for each of our three geographies of the U.K., North America, and Europe with an income statement beneath it. To the right-hand side, it shows the revenue by our two service lines of escrow and escrow contracts, excuse me, and verification services. Overall, our adjusted EBITDA rose to 44.4%. That's up 3.1 percentage points year on year, and that's a result of better pricing, delivering efficiencies through the P&L and cost control towards the bottom line. The business is really well set for the second half of the year and for the future. I'm now going to take cybersecurity, and I'm going to do this across two slides.
Firstly, talking about the geographical performance and splitting them out by market, and the second slide will show between our four capability service lines areas. Similar to S-Code, the left-hand side shows the revenue over performance by our three key geographies of the U.K. and Asia-Pacific combined, North America and Europe, and the last four halves. Plus, on the right-hand side, we have the income statement. The revenues decline for the reasons that Mike referred to earlier. We focus our efforts on more strategic, better margin, but slower sales cycle engagements while operating in a challenging investment market for our clients. What is pleasing is that the GBP 10.2 million drop-off in revenue was mitigated through the P&L, and that is a result of solid utilization, leveraging our global delivery model that we now have, improved MI, and strong overhead control. This was not historically the case.
If I look back to the first half and second half of 2023, our gross margins dropped to 32% and 28% respectively. Our resilience is plain. The U.K. held up strongly backed by Asia-Pacific, which dropped by about 11%. North America fell at 13% at constant currency. It is in this market where we are historically exposed to a greater proportion of transactional and compliance activity, which is under the greatest market pressure for the reasons that Mike mentioned earlier. We have naturally seen a greater drop-off in revenue in this market as it is further to pivot, but it is on that journey, and we can see that in the sales pipeline.
Gross profit % in the market remained consistent with the previous period, which is in no small part due to the value of our investment in the global delivery and in Manila, where we're now seeing more consistent and normalized utilization. Our EU business going forward will not include the crypto revenue. As that sale completed on March 31, as Mike mentioned earlier, the revenue relating to crypto in the first half of the year was GBP 11.5 million. Let's look at the performance by capability. Our four capabilities of testing, consulting and implementation, managed services, and digital forensics and incident response. MS saw some excellent new logo wins in the first half, with renewals increasingly competitive. That did lead to a higher churn than previous periods. We're confident that the MS pipeline will continue to build, and we're very focused on improving our renewals performance.
TAS and CNI experienced in the half lower demand for compliance-driven activity, but we're now benefiting from very strong performance in red teaming, as Mike mentioned, AI complemented services, identity and access management, and so forth, where we have invested in the previous 18 months. New logo wins in those new services are already building pipeline across our portfolio, and this is benefiting the flywheel that Mike mentioned earlier. What has that meant for our net debt position overall? Our balance sheet is transformed. If we think back to May 2022, our net debt was GBP 52.4 million. Since then, we've maintained our highly valued dividend policy for shareholders. We've taken advantage of the markets, of the opportunity to make an acquisition of shares for our employee trust last December, and we have cleared all of our debts following the disposal of the crypto business in March.
There was a working capital outflow of about GBP 7 million. This was around about GBP 5 million higher than normal run rates. Circa GBP 3.5 million of that was as a consequence of bonus payments for the stub periods made to our colleagues in December 2024, which did not occur in the prior periods in comparison, and the remainder was down to a seasonal swing in our movements between payables and receivables. As mentioned recently and announced, we have agreed a new rolling credit facility of GBP 120 million for four years this spring. In summary, despite the decline in cyber, there is a tangible improvement in the quality of our revenue in both businesses, and the escrow momentum continues. Our gross margin has been excellent in escrow, and we expect to hold those gains going forward, and we have demonstrated clear resilience in cyber.
Cost has been controlled, and we've taken action which will reduce costs further in FY 2026, and the balance sheet is transformed. With that, I'm going to hand back to Mike. Thank you.
Thank you, Guy. In summary, we are continuing to strengthen the business to make it fit for the future. Adjusted EBITDA remains in line with previous guidance, thanks to the strong operational controls Guy highlighted. FY 2025 group revenues, excluding non-core disposals, do decline marginally, but with a single-digit growth for S-Code as that continues to perform strongly. Our current cyber pipeline is building, particularly in those areas of investment like operational technology and digital identity, and we expect to return to revenue growth in FY 2026. As I previously highlighted, the discussions regarding S-Code continue with interested parties, and updates will follow as appropriate.
With that, I'll conclude the formal part of the presentation and hand over for questions.
Thank you very much. We have a number of questions that have come in. Our first question is, where do you think you are subscale or missing higher value capability that can only be addressed organically, but potentially addressed through M&A?
Thank you. I think we've invested, we have the chassis and the framework for the business. We've hired the right leadership in some of those areas. Those are predominantly things like digital identity, which is at the core actually of every single breach pretty much, and also in terms of operational technology. To scale those, I think there will be a degree of organic, which we've already done in terms of the hiring and particularly in the leadership team. Wherever there are opportunities for inorganic growth in those domains, we'll obviously look at them as long as they make financial sense. The leadership and everything else being in place, I think gives us the options around those areas. We do continue, and we've talked about having strategic flexibility now. Now the balance sheet has transformed.
Where there are opportunities to either grow into areas through M&A, we'll clearly look at.
Domindu from Peel Hunt has a second question. Could you talk to some sustainable improvements that you've made to the cyber business across gross margin, global delivery, etc., that you think will show up when the market turns?
I'm just trying to sustainable. I think the global delivery has been a great example of how we're now able to shift work and have a single visibility of all of our delivery colleagues globally. We're able now to identify work and move it to be able to be delivered at a price point which is commercially advantageous. I think that's one of the core shifts from a systems perspective. From the perspective of building capability, I think what will come through in terms of our consulting and implementation offerings is now showing really good trajectory compared to where we were 12 months ago. We had no leadership, no team.
That has been built from scratch, and I think that is starting to have a very positive impact, both in terms of the way we're winning work, actually displacing competition, but also starting to drive through, come through in the revenue numbers. I think those are some of the very positive things which we've seen embedded now in the business and starting to pay dividends. I don't know, Guy, if there's anything you'd want to add to that.
Thank you. Now, in order of tank, where is the competition greatest and where is it more manageable? For example, is compliance type TAS work now priced out for NCC Group, and is consulting somewhere you think that you can hold your own? Where managed services has not renewed, is it always down to pricing?
Right, there's quite a lot to unpick in that one. I'll try and do it. From a compliance perspective, we're not priced out. We've been able to position ourselves with that more flexible global delivery model, which I think is helping. There will be some work that I think we are now better informed to be able to make a decision on whether it is work we wish to pursue. That was historically not the case. I think that is a really important strategic shift actually to have a much more discerning view about profitability. It's not perfect yet, but I think we've made some strategic, some really significant strides in that. From a perspective of the renewals, I think there are a number of things just to talk about. Firstly, I think the market, if we look at historically, NCC would have played in the mid-market.
That is an incredibly competitive area. There are a number of very small boutiques, frankly, buying work, and I think particularly in a U.K. context, and actually also in our sort of Northwest Europe, I think quite at times NCC and Fox IT, our other brand there, has been the party to displace or beat or emulate. We have seen aggressive competition in that domain. However, the converse side of that is we are winning incredibly important strategic enterprise clients. That is offsetting it. That has been an area where we've seen some churn. From a vendor's perspective, there is definitely a market shift from the point of view of we have a huge Splunk install base as an example. With a Cisco acquisition, there's some changes in strategy there.
We're seeing a lot of competitors to Cisco and Splunk being very aggressive in the market looking to swap out in clients. As we get larger, more strategic, bigger deals, those are very different sales. Our sales experience needs to change. We need longer-term relationships and a very different sales force to achieve that. That's obviously had quite a bit of an impact. Also, if we look at the sort of the revenue mix in terms of those renewals, our original sort of mid-market deal size was probably in the low GBP 100,000 type region. We're now seeing seven-figure per annum recurring revenues from some of the strategic deals. There's a bit of a revenue mix. It's a fluid, very competitive market, the managed services space, but I think we're starting to see ourselves being positioned pretty well for the future.
Thank you. Our next question is a number of listed cybersecurity companies have been talking about increased focus on cost takeouts and demand for flexible purchasing, basically reduce spend without reducing protection. Are you now better able to accommodate these requests given global resourcing and ability to price better due to better tooling like Cantata?
Yes. The short answer is yes. It is very interesting. That is very much one of the strategic shifts and changes in buyer behaviors that I talked about. There is definitely a need for conversations within clients to be able to do more with the same or indeed more with less of driving efficiencies. That is one of those strategic conversations which historically we would just not have been positioned to be able to capitalize on. It had just been a come-of-price discussion. Now we are far better to be able to talk about driving efficiencies, operational gains for clients whilst working in partnership. That is quite a seismic shift for us.
Our next question is from Tintin at Deutsche Bank. Can you give a sense of the size and shape of the M&A you would consider in cybersecurity? Given historic problems in properly integrating previous acquisitions, how would you go about avoiding those?
We do not have a limit in our minds, either large or small. It would clearly need to be something which is strategically sensible for shareholders. We are prudent about that and something we are very confident about being able to deliver. Mike has spoken at length over the last few years about getting to a kind of consistent chassis of the business and making sure that whatever we do is integratable into what we have rather than buying something to leave it as a bolt on the side of the business. That would be a very key criteria that it is something which we can execute. We have gone through an awful lot of change as a business. Internally, colleagues have delivered an amazing amount of change over the last two, three years, as Mike spoke about.
If we're going to bring more change into the business, we'll make sure that we can build on that capability we have now developed in terms of an ability to change and move the organization and adapt. It would be kind of building on those strengths. Are we building on the strengths of the existing business rather than to fill in geographical weaknesses? I think we could certainly say it wouldn't be about flag planting into the Far East, for example.
Domindu has another question. Could you give us more color into the strategic high-value contracts? So over GBP 500,000, where you've made good progress on. What progress have you made across the key areas within cyber to move up the value chain? For example, have you managed to double the red team size?
Yes. Let me give you an anonymous but real example of a recent win that we have, which is a utility company where we are now, and this is a seven-figure project. It is not one of the GBP 500,000 Domindu. It is over a seven-figure deal where we are helping them assess, design, and then implement the operational technology and cybersecurity controls in that domain, which is a displacement of a very well-known competitor. Those are the sorts of highly impactful projects which are multi-month in duration, which are something historically we probably would have done on a very ad hoc basis and would have been very unusual. It is a great example, I think, of hiring the right leadership, putting the right team around them, and then driving that into the market. That is one example.
In terms of some of the managed services that we're now operating, and TikTok again is one where I'd highlight the things we are doing there, which is just phenomenal in terms of, frankly, protecting users across the whole of Europe and engaging with the regulators to talk about some of those things. It's just a phenomenal example of really clever thinking, having strategic impact and huge value at a level where we are having regular touchpoints and engagement, not just at the technical level, security level, but actually at a senior regulatory, legal, CEO to CEO conversation.
Our next question comes from Julian Yates of Investec. Can you talk about how you see TAS in a couple of years' time in terms of margins and mix of higher-end value contracts? How much lower-end do you think needs to fall away still?
Sorry, I missed that one. Sorry. The question is on TAS. To what extent do we think the lower-end will continue to fall away, and how should we think about margins? I think on margins first, we're not seeing we now have a level of MI that never used to exist to be able to see what our profitability on engagements is, and we're able to price on a profitability basis, whereas we used to price on a day-rate basis. There's definitely an element now of some of the fall away as we're not bidding for work, which was never going to be profitable, which I think we're pretty relaxed about.
Within the margin, though, even at the kind of more transactional level, there are investments that we're making into the utilization of software and into the global delivery model in terms of where work is delivered and training, which will mean that we'll have a lower cost-to-serve model to our clients, which will enable us to reduce day rates for them, providing better value. We do not see this as something this is not bad work. This is good work. There are things we can do through our globalized model to make that very compelling to come to us from a cost point of view, as well as the fact that we're renowned as having the very best people and people do a fantastic job.
The overlay to that is the demand profile is famously difficult to predict in those works because it does depend on, candidly, the overall investment environment for our clients and the way in which they're engaging programs and projects.
Maybe just a couple of builds on that, because I think firstly, there's a question about the red teaming, the regulated piece. Regulation is doing nothing but increasing. The model of being able to use very skilled, capable individuals to test an organization's defenses is not going to go away from a regulatory perspective. We have probably the world's largest dedicated red team penetration testing capability, and they are, frankly, outstanding and have a brilliant reputation in the marketplace. That is where we're seeing significant growth from the perspective of that regulatory piece.
The other really important piece about the technical assurance work, and I think it's worth emphasizing, is there is declined buying patterns, then there's the skill sets. I think we need to be careful not to conflate the two. Whilst the way clients may buy and what they may buy may not be at the point we want to generate the profits, those skill sets are highly useful. We are seeing in terms of our repositioning and the story and the engagement we're having with clients, those skills are still incredibly useful to support clients in some of their strategic challenges. For example, we've recently won a project for a client who, again, I'll have to remain anonymous, where we are providing at-scale assurance over their code base.
The technical assurance skill sets that we've got have been redeployed to support them on that strategic challenge. Still very useful, incredibly highly utilized, and as a result, incredibly profitable work. Rather than doing small transactional pieces of work using those skill sets, we're now deploying them on truly impactful strategic projects. I think differentiating between what clients are buying and how versus what our skill sets are, and our skill sets remain incredibly in demand.
Thank you. Our next question on consulting. Can you talk more about the growth coming through into H2 and full year 2026? Looks very strong. What are you delivering? Are you able to sell in a number of capabilities, increasing client depth? And how sustainable or scalable would you see the path forward?
The sorts of engagements that we are seeing around the consulting space, and I've mentioned digital identity, operational technology, and those change programs associated with those. Those are particularly sticky types of projects which are driving the pipeline growth from zero, from a starting base. That's very good. If I take digital identity as a great example, those tend to be long-term projects that can start with an assessment, a strategy piece, but then go into the implementation of various tools, driving operational efficiencies within the client. The really great thing that we have already seen from the very start point is they have a pull-through of our other services as well. That's, again, really fundamentally important to us because what we want to be able to drive is those multi-capability relationships where we have skills all brought together to solve a client's problem.
Digital identity is proving a great example of that already.
Our next question from Tintin again. Fox IT Crypto contributed GBP 11.5 million of revenue and adjusted EBITDA of GBP 2.9 million within the half-year results you announced. What was the year-ago comparator? That was a 25% EBITDA margin. Are there areas of the cyber market you can enter that hold that level of margin too?
I will confess that I do not know the EBIT number from the same period for crypto on its own for the prior period. I am going to have to get back to you on that, Tintin. Apologies.
Follow-on question from Domindu. Can you talk to your go-to-market engine? How can this be better? For example, what sales motions are in place to sell more capabilities to the 52% of clients who use less than two? Can consulting be the spearhead for doing this?
The short answer is yes, consulting can be part of that. Again, if we take the historic sales motion that we would have had in place, it was very traditional. It was almost a product sales mentality. We have a sales team who would approach a client and sell a service, the service. What we are now seeing, particularly in those larger-scale projects, is whilst the initial opportunity may be identified by a salesperson, it is very much often it becomes a team sport where we have consulting actively engaged to shape, scope, scale those opportunities. We have pre-sales involved. We have a commercial team involved in terms of the pricing model. It becomes a whole-team approach, which is, again, really very, very different, not only operationally but culturally from where we were two years ago.
I think some of those examples of the utility I gave, of the confidential client I gave, of TikTok, you've seen that really coming through. Actually, the engagement level and the way we manage stakeholders as a result of that on an ongoing basis is really fundamentally different. It is something that we've got to scale. We go from where we were to where we are to where we want to be. That is an evolution, which is not easy to do. It involves people. It is sometimes very easy to say, but people are at the heart of this, and we've got to make that change culturally and bring some of our people on the journey with us for that.
Our next question is from Andrew Ripper of Panmure Gordon. Why did deferred revenue in the balance sheet fall by GBP 6 million year on year? How would you characterize the mix of business in TAS? How much is lower and how much is lower-end transactional revenue?
In terms of the deferred revenue, I won't give a kind of detailed breakdown on that. There were some balance sheet movements, and there's some seasonality swings as we've changed the year-end. The second part of the question was the margin on lower-end TAS work. I think we don't see that as being different from other margin. I wouldn't want there to be, and we're not going to start reporting gross margin by different kind of TAS capabilities, different skill sets within TAS. We certainly don't operate on a basis of kind of loss leading or operating more commodity work at a much lower margin. That's not the way we operate the business.
Our next question is from Oliver Tipping at Peel Hunt. Back at your S-Code Capital Markets Day, which was about a year ago, you mentioned that you were starting out operations in Australia with a view to formulate a blueprint for taking S-Code to new geographies. I just wanted to check how this has gone. Do you feel there are opportunities abroad and where the brand is less well known, noting Europe and the U.S. are both down?
We did deploy capability to Australia. Literally from a standing start, we've started to see positive progress in terms of the pipeline and revenues from that point of view. It is generating, I think, a good option for us for the future. We're seeing probably more significant opportunity developing in the Middle East. I know we talked about at the Capital Markets Day, some of the client wins such as Doha Metro. We've seen that trajectory continue, which gives us a really positive feel for what the opportunity is in that as a market. We continue to look at options and how best to invest in that as a geography. Definitely starting to see some of those things. We definitely believe that there is upside in other geographies, particularly where there is increasing regulation for escrow-type services.
Our next question from Martin O'Sullivan at Shore Capital. Have you noticed any shifts in the competitive landscape, such as changes in day-rate pricing or increased activity in cyber from value-added resellers?
From value-added resellers, I can't say they're the competition that we have seen most of. The competition tends to be from a consulting services type perspective. We are definitely seeing price pressures. I mentioned particularly around that renewal space where there are a number of boutiques who are trying to buy market share and trying to grow aggressively with all of the challenges that subsequently come from that. Those tend to be our main sort of areas of competition. Again, it depends by service. Quite often, it can range from the sort of the mega SIs to some particularly niche boutiques, depending upon the service and the client requirement.
We have another question from Andrew Ripper. How much visibility do you have in cyber? Can you quantify the pipeline and how that's changed in the last six to 12 months? How much confidence can you have in the return to growth in full year 2026? Do you expect that return to growth to happen in the first quarter of that financial year?
We now have a single instance of Salesforce across the whole organization. That is part of the transformation change. We are kind of seeing improved disciplines about how that is being used. We can see by month how the sales pipeline by stage is now set out. We can see very clearly that the opportunity creation that Mike spoke about back in December, actually, has converted into sales orders. Particularly in consulting and to a lesser but positive extent in TAS, we can see how that is turning into confirmed sales now and is beginning to drop into the diary into the second half of the year. Yeah, that does give very good confidence. I am expecting strong growth in consulting in the second half of this year off the back of seeing what we can see in Salesforce and what is in the diaries.
Yeah, we're pretty confident in return to growth in FY 2025. Six, excuse me. We're in 2025.
We have another question from Martin O'Sullivan. I'd be interested to hear your thoughts on AI agents that simulate ethical hackers and offer continuous penetration testing as a service. I believe you mentioned that your deployment of Horizon 3 AI is expected to deliver significant efficiency gains. Could you elaborate on how those benefits will be achieved and when your team will be fully up and running with these AI-driven pen testing agents?
Yeah, absolutely. If I take our partnership with Horizon 3 AI, that is a great example where we've taken the view about partnering with the best in the marketplace, embedding it in our talent to drive an efficiency in the way we deliver particular elements of our work. Reducing the amount of, frankly, time that a consultant has to work on a particular type of test by using the agents is a big part of that. We're also deploying agents increasingly within the context of our managed services. That's really important. Within our own organization, in terms of from an operational perspective, we're also using AI to help drive efficiencies in terms of, for example, proposal generation. That's another element of our AI strategy. It continues to evolve. I think AI is about use cases.
It's not about the technology and really understanding how you deploy it. A great example is we've been very clear upon the strategy about Node Zero and how we deploy that in our network penetration testing. We have a team which have deployed it. They've taken it to market. They're working very closely with our sales team in a geography, proving it, working closely with clients, refining it, and then we're rolling it out on a global basis. Like I say, this is evolving really quickly. AI is clearly at the top of mind for many people. Having a very clear use case and being very deliberate about how you execute on it is pretty key.
We have two questions now from Bob from Zeus. Digital Forensics and Incident Response revenues have fallen consistently for four quarters straight. What trends are you seeing in that business and market?
By the nature of incident response, it's highly flexible. Increasingly, we're deploying people and teams from across the business as part of an incident response rather than it being all about a single dedicated team. It requires a multidisciplinary response, whether it's from, so a great example, if we are supporting a breach, actually an increased part of it would be the crisis management component, which comes from our consulting domain. A big part of the sort of the response would come from our engineering domain, so in technical assurance, for example. The incident response team are very much the blue light responders. The flex, and this is a really important part in terms of having the multi-capability and multidisciplinary team. It is about all of them coming together to deliver something to a client. It's not always just about the individual team.
Incidents, I think, do vary. I think we saw a reduction in the number of incidents we certainly responded to in the first half. That has changed significantly in the second half. There is a flexibility to it. I would bake it all together in terms of how we're servicing clients rather than very much it's a small team doing one thing.
His follow-on question is, we did not see a reiteration of medium-term guidance in your press release. Are you still confident of reaching mid-teen growth in margins in cybersecurity?
Yes. What we'd expect to see next year is revenue growth of 4-5% in cyber in terms of what we can see in the books at the moment. We would expect our gross margins to tick up a tickle from where they are today back to the kind of 37%, which we normally talk about, 37-38%. There are inevitably most businesses facing some cost headwinds, and we've also got the benefit of some cost-saving activity that we've done. I do believe we're on track towards head towards mid-teens, even darn. We can absolutely see a kind of a route to getting there. Whether we get there in FY 2026 will depend a little bit on some of the market tailwinds and how consistent the investment arena remains for our clients.
We have one last question. The cybersecurity platformisation vendor rationalisation seems to be in full swing. When you listen to results meetings from the likes of Palo Alto Networks, Zscaler, CyberArk, CrowdStrike, it sounds like managed partners and integrators are crucial enablers for them. Are you taking active steps to broaden your vendor relationships beyond the ones you mentioned?
Yes. It is a very active element of our strategy. I do come back to the point I made in the slide deck, which is in 2022, we had zero. Now we have some of the largest in the world. I think it is a testament to the hard work because these require legal support. Our legal team have been very actively engaged on a number of topics as we have gone through the process for the last few years, not least three disposals. The answer is yes. We have a very active plan. We are very close to a number. It is an element of our strategy.
Thank you very much. There are no further questions. Mike, I'll hand back to you for any closing remarks.
I'll just close by saying thank you very much. Again, reflecting my thanks to the whole of NCC Group for an incredible amount of work to get us into a far more resilient position and very confident for the future and exciting times ahead. Thank you very much.