Right. Well, welcome everybody. Thank you very much for taking the time to come and, first of all, listen to us, and then after that, perhaps ask us some questions as we talk to you about the results for the financial year to the end of May 2022. I'm standing up to start this presentation, because we've had a change of chief executive since the year end. I'm gonna give a brief overview of what are a very strong set of results. Tim will then take you through the detail of the financial performance of our last financial year, and then Mike will give you a little bit of a view about the market and how he sees the way forwards. I should start by saying, just a couple of words about Mike.
We had a change of CEO because the business reached an inflection point in its progression. We'd put a lot of hard work that was absolutely needed into stabilizing, restructuring, and sorting out the business so that we could go from the slightly chaotic period up to 2017 through to a period where we've been able to create stability and deliver some really strong financial performance. Now that we've done that heavy lifting in systems and processes, we felt that there was an opportunity to really focus hard on driving growth in some of the specific market opportunities that are in front of the business. We've gone and found somebody who is a market expert as well as an excellent leader and general business manager to drive our business into what we see as a very exciting opportunity over the next few years.
I'll leave Mike to tell you more about himself and his first thoughts about that later on. It's been a long time since I stood up to present a set of numbers because it's been a long time since I was a CEO. The good news is I'm standing in front of some really excellent numbers, and so I will take full credit for them for this very brief period that I'm standing here. In the financial year, we drove revenue up through GBP 300 million. We drove our EBIT and cash performance up through GBP 50 million on both of those measures. Really excellent performance. Tim, as I said, will take you through the details. I just wanna pick out a couple of highlights.
Our Assurance business grew at 12.1% for the full year and over 15% in the second half of the year. We'd set out to all of you that we were gonna try and accelerate growth in that business, and indeed, we were able to do it. The Software Resilience business, obviously, significantly different business now that we own the Iron Mountain business in the U.S., a much better business, did come back to organic growth in the second half, 2.2%, but this is a business that is always fluctuating around small percentage movements either side of growth to slight decline. What is really important about this business is its huge stability and incredibly strong cash generation, and Iron Mountain has only added to that strength. A couple of other things I want to call out.
We were able to grow our technical team by over 270 people in an incredibly tough market. Now, one of the unintended but positive byproducts of interviewing leaders in all of our main competitors around the world, as we were looking for what turned out to be Mike, was I've been able to talk to people who are leading businesses in this space, and I've asked them a number of important questions. One of the things we found out through that is that our attrition rate, while we're not happy about an attrition rate at 20% for our technical people, is actually better than average. Many of our competitors are reporting attrition rates in their technical force of over 30%.
Having set out to add capacity, we've done that, but we've also found that another positive impact of the pandemic has been that we've broken the link that we used to have with customers, where customers would insist that work was done on premise. A lot of the Assurance penetration testing and delivery work, they would insist had to be done in their offices. Well, having broken that link when we simply couldn't go to offices, of course, we've been able to accelerate our move to a global delivery model, which is an important part of how we will continue to grow our business and be able to find ways of managing our gross margin in the future by using a broader resource pool drawn across the world to deliver work for our clients wherever they may be.
All of those foundations are in place, and we're ready to go faster. I should close by saying we've made a positive start to the year. Everything is moving ahead, and there's every expectation that we will meet market, what we call these days, management expectations for the full year. That's the overview. I'm now gonna hand over to Tim to take you through some of the details.
Chris? Good morning, everybody. It gives me great pleasure to present again record financial results. As you can see on this slide, all the arrows are positive, going up. Revenue up, gross profit up, adjusted EBIT up, cash conversion up, free cash flow up. Net debt's down because we bought a small thing called Iron Mountain for GBP 153 million last year, which is why we've gone from cash to net debt. A really good set of strong financial results. Moving on to operational KPIs. This is a reflection of how we're doing underlying those numbers on the business drivers. They're split into growth drivers, sales drivers, delivery drivers, research and people. What you can see is it's mostly green, so we've got lots of positivity around the growth drivers. Escrow as a Service, the cloud offering within Software Resilience, grew 64%.
Remediation sales within Assurance, where we say, "Here are the problems, now we'll fix it," that's the remediation sales. They almost doubled to GBP 9.5 million. Our new, upcoming star of managed services, which is Microsoft XDR, which used to be called Sentinel, has grown to almost GBP 12 million in sales from a standing start last year. That's great news on the early growth drivers that's coming through. The way we look at sales, you can see gross sales orders are up, and orders over 250K, which say we're moving in the right direction towards larger sales with higher recurring revenues. That's going up as well. When we look at the efficiency of our model within delivery, you can see that we've got higher day rates of 2.1%. We put the price up to our customers.
That's gonna come through over time, as contract by contract comes through. Our global resourcing days have grown up to that level of 12,800 days. That's a reflection of hiring local talent and delivering in higher margin regions, so it gives us a margin kicker. Below here, even though you can't see it, our utilization has increased by 1.4%. Those are the three strings to our bow on efficiency that help gross margins. Research days are down because we've had high utilization, because as you know, in research, we let our technical consultants have days off to do research. Because we've, you know, utilized them more, been more productive, there's less research days. I'm pleased to say the quality of those research days has actually had a higher impact.
We've had more top tier one conference attendances, more white papers delivered to those conferences, like the Black Hat Conference, than ever before. Even though it's gone down, our impact has been greater. We have a growing capability and capacity, which reflects in the people numbers. Although attrition has gone up to 20, almost 21%, when we compare to our competitors, it's at the lower end. When we checked in with competitors, they're 20%-30%. The real key stat here is the fact that we've grown our technical consultants by 271 people, which has gone up, and we've recruited more people than we've lost. In terms of global headcount, that's increased by 22%, which we see that actually should be a green, not a number on this chart.
It's hopefully the only mistake on the slides. That's a growth, 'cause we've grown the capability, the management capability and the technical consultants to get there, along with the salespeople. Moving on now to the impact on accounting changes and the acquisition. This is to help everybody orient themselves around a true sort of like for like performance. If you strip out the cloud configuration customization cost of last year, which was the GBP 5.1 million you see there. The famous revenue haircut within IPM. Anybody who wants to know about that, see me later. The acquisition itself, net of acquisition costs of GBP 13 million. If you make those adjustments, you end up with a 16% increase in underlying group adjusted EBIT. On to the group income statement.
You can see there the record revenue and profits come through as we successfully execute our strategy with strong second half growth in Assurance and IPM. As Chris mentioned, we've got revenue growth of 12% at constant currency, but in the second half it was 15%. Software Resilience was down 0.6% for the whole year, but up 2.2% in the second half. IPM trading was in line with what we expected when we did the acquisition, and the integration is significantly advanced. Gross profit has gone up on the back of the IPM acquisition, but has slightly come down within Assurance as we've invested more in technical talent ahead of the demand coming in. Overall, it's gone up.
Our overheads are in control, once you strip out the non-like for likes, like the IPM overheads coming in and other things, and it's gone up by 8.5%. ISIs, as you know, we're not very keen on, and they've dropped down to GBP 0.9 million from GBP 13 million last year, and we still intend to keep those as low as possible. That GBP 900,000 was actually the tail end of the costs from the IPM acquisition. EPS has increased by 13.7% on a year-on-year basis. Moving on now to Assurance. This has been reaping the benefits of the global model, especially in the global resourcing area. You can see that all three regions have increased. UK and APAC are up by almost 12%.
America powered forward at almost 15%. Europe has come through at 8%. Increases in all regions, with a growth in the second half that's come through at constant currency. Profitability has a slight decline as we've improved the metrics around our staffing. As you can see, we increased our resourcing by 271 people, which came through in our cost line, that slightly held back the margin. You can see that global resourcing increased by 47%, effective day rates by 2.1, and utilization by 1.4 percentage points year-on-year.
With that technical increase of 24%, that really has had an impact across the world and is now, as you know, we're now, if you like, supplying mainly America from all around the world, which never used to happen pre-COVID. In terms of service lines, strong revenue growth in both service lines, so professional services and managed services. Within professional services, up by 11%, remediation doubled, resourcing days went up, and we're really pleased that our Next Generation Talent Program, where we take people in from schools, universities, and from other walks of life, have come in and increased our technical heads by 115, and we bring them through to be the cyber talent of the future. Almost half of our intake has come in directly.
On global managed services, Managed XDR has accelerated to almost GBP 12 million, and it has got a growing capability. We're now seen as a leading partner by Microsoft in this area. What it actually does gives greater intelligence across the whole suite of Microsoft services, and it reduces the onboarding time to clients. There are significant benefits. You can see within there, we've got 9.1% growth year-on-year on orders, but 13% in the second half, so you can see the managed services coming back. Moving to Software Resilience, transformed by the IPM acquisition. If you look at the stats by region, you can see that the growth in the UK, slight growth there. Huge growth in the States as IPM was added onto it, and then 2.5% up in Europe.
Again, all the regions moving forward. Within that, there is obviously a mix on the service lines, which I'll come to. The IPM acquisition, as we said, is substantially incomplete. The things that we've now done, we've done the sales team amalgamation, and we're just finishing off the systems and operation team integration, and that's where we're up to in that area. In H2, as you know, we returned to growth within Software Resilience, with renewal rates improved to 91%, or the opposite, which is the attrition rates, and Escrow as a Service growing as an important piece of the jigsaw. The reason why the margin was held back was because we invested more in the management and capability of that division in order to professionalize and get it back to sustainable growth.
From a service line, it's been a continuation of what we've seen before. We've got 60% growth in contracts and 46% growth in verifications. When you strip those back to the original business, you can see that we had a decline in contracts of 5%, offset by an increase in verifications of 8%. A word about cash. Our cash conversion has improved, as Chris said, to almost 102%. Now I say this at every presentation, I expect a normalized medium-term average of 85. I think for the last three years, we've been over 100%. At some point it will drop, but we've just been more effective in working the working capital efficiency throughout the cash pipeline. You can see that our facility headroom at the end of the year is GBP 102 million.
Free cash flow improved by almost GBP 47 million, with net cash from operations up by GBP 62 million. Lots of cash coming off there. The tax paid is slightly down because we did some advance payments within the year. An important point to note on FX on this slide is that that represents the impact of the US dollar impact, which has come, you know, strengthened, and its impact on our RCF, where we did a lot of borrowings to fund the IPM acquisition in dollars and on cash balances within the US as well. We have an unchanged final dividend of 3.15p, and we have the balance sheet strength to fund both potential organic and inorganic opportunities. With that, I'd like to hand over to Mike, who will talk about the market and the future.
Thanks, Tim. Morning, everybody. I'm delighted to be here. What I'd like to do is maybe just give a bit of an introduction, a bit of a background, how I've ended up with NCC, a little bit of a view of the market, how I sort of perceive it from the time I've spent dealing with clients, and some very initial thoughts on sort of the direction of travel, obviously with a view to building the strategy going forward. In terms of myself, I've been involved in security, intelligence, technology risk for my entire career, 30 years. There has been various iterations of that. I ended up as a Chief Information Security Officer, so actually a buyer of NCC products way back 20 years ago, in financial services.
If anybody is paid by direct debit or paid by direct credit or has direct debits, I was actually involved in the development of that system in the very early days of IP network in financial services. Worked in telecoms and media as a chief information security officer again, and then moved into consulting in about 2005, where I built and led a security consulting business within the UK, then took on a broader role within EMEIA. I've worked in the Middle East, and most latterly, I've been responsible for the security cyber practice for a Big Four in Europe, Middle East, India and Africa. A long time in the market. I've worked pretty much across every single sector.
Very much came from that financial services background as probably the most mature sector. I've worked in energy and resources, in the public sector, and very much usually in the sort of transformation space. How do you take an organization from a certain level of maturity to a different level of maturity? Typical client examples of that would be I've worked with some of the largest UK banks, very large utility companies and oil and gas companies, and helped do investigations into major cyber breaches with everything from retailers to central government departments.
Very much I've been in the industry, I've been a buyer of services, I have been a deliverer of services and obviously had a lot of connections with very senior individuals within the sector and also, as we'll come on to the boards and the C-suites around this as a risk topic. Obviously, I'm 9 weeks in, very much, I think getting around the organization, meeting the teams and the talent, and what I'm doing is working with the team to actually then come to some conclusions about building the strategy, which we will obviously share in the future, hopefully at the half-year results. Just in terms of the market itself, just some initial impressions. I think it's very clear that cyber resilience is a topic of the day. It's and it's that for a number of reasons.
COVID has been a great example of why digital transformation is so key. It's accelerated that entire topic of digital transformation. I think McKinsey mentioned it's accelerated by something like seven years. That's a long-term trend. The digital transformation of organizations will continue to be embedded, whether for the reduction of cost or whether it's engagement with customers or even the citizen from in a government context. It's continued to expand and it's continuing to be embedded in every single type of organization. In addition to that, I think our reliance on technology as a society has never been greater. I'm sure everybody is on Facebook. I'm not clearly. I'm too old for that sort of thing. It's clearly an integral part of the way we operate that technology piece.
As that increases with the Internet of Things, with the convergence of technologies like operational technology, process control networks and IT type networks, that is going to create a completely different perspective in terms of the data environment and also the risk profile that goes with it. Clearly, when you put that into the context of threat at the moment, I think that's something we've probably got to think about a little bit. It has never been more significant. Information has an intrinsic value. The disruption of systems can drive the goals of organizations. It is very clear we are living in very uncertain geopolitical times. The war in Ukraine, the conflict between power blocks, has never created more uncertainty in terms of the geopolitical situation, and one of the immediate outlets for that is in the cyber domain. The threat is changing dramatically.
Equally, at the same time, there's that blurring line between the protagonists from nation state to criminals and the ability to extract value from disrupting systems. We continue to see even in this current political climate, ransomware is a great example where we are still seeing significant focus from those threat actors. The threat has never been more dynamic, it's never been more significant. Many governments and society in broad is trying to respond to that, it's very difficult for the legislation to keep up. What we're seeing is a significant growth in regulation and legislation globally around this domain. That is an incredibly difficult challenge for organizations to tackle.
Whether it's the GDPR type regulations, whether it's cyber resilience regulations, that complexity is very, very difficult to navigate, and organization needs significant help to get through that. In short, I think the challenge has never been greater, both from a technology perspective, from a threat actor perspective, and also from societal response. Given all of that, it's clear that this as a topic has changed fundamentally in terms of its profile within organizations. Again, speaking from experience, this is one of those topics now that has become a true C-suite issue to tackle. Interestingly, it's a very hard topic to tackle 'cause it's an existential threat.
I've worked with boards as an external advisor on a number of occasions. They are looking for guidance and direction and support to understand what is an appropriate response around cyber resilience and cyber threat. It's great time to be in the market. That's the market opportunity. That is the level of conversation we should be aiming at. Why do I see NCC as an outstanding organization in terms of that? Well, it is a leading cyber business, cyber resilience business. There's a number of points I just wanted to emphasize, which we've got here on the slides. Firstly, from a talent perspective, talent is an absolutely crucial component in addressing cyber risk. We've heard and we see all the reports about the extent to which cyber talent is in demand.
NCC has an outstanding track record of developing that talent, and I think Tim's mentioned on a number of occasions about the increase in that technical talent. The technical talent is truly outstanding, and the development of that technical talent is formalized and incredibly well embedded. We've also got a very, very important alumni network, which again, for those who've operated in the cyber market for some time will recognize it is a very well-connected market. There's a lot of sharing of information. That alumni network is incredibly important, not only as a source of insights, et cetera, but also in terms of identifying opportunities. The other thing about NCC, which I think is incredibly powerful, is the global nature of the way we operate. These threats we talk about are truly global in nature. Our clients need a global response.
They need to be able to action things locally, but within a globally consistent model. NCC has that capability given that we operate in the major markets. It's also very important, and I'm delighted Chris mentioned it, and I think Tim did as well, that what we're able to do is actually build the capability to service those clients with the right talent, irrespective of geography, for the right client. We can use our global resourcing model to put the right people in front of our clients to solve their complex problems. Incredibly important, and obviously there is an incredibly important commercial component to that as well. We also have those global relationships. I've worked with some of all of the largest tech providers. Microsoft is an incredibly important partner who we're working closely with around our XDR proposition.
Also that broadens into some other domains which I'll talk about in terms of going forward. I mentioned the talent element within NCC, and I think the important piece is also to look at the how that reflects in terms of capability. It has an established set of capabilities of incredible breadth and depth. Our managed services piece is established, and it's a very hard type of business to build, but it's established, and we are growing into new capability areas that are adjacent to it, such as XDR as that builds out. We've got key alliances in all industries. We've got some superb insights.
An interesting segue, I met one of our junior analysts at one of the roadshows most recently who were telling me about the testing they do of connected cars and some of the high-end sports cars. Absolutely phenomenal. Then they say, "Well, yeah, but we've also done it for all the other high marques as well." The breadth and insights we've got from particular industries is really quite exceptional. We work very closely with government, as you will probably be aware, and we are just obviously expanding our footprint into new security operation centers down in Asia Pac. Again, adding to that global reach. The depth of the technical capability I mentioned is really underpinned by the continued focus on some of our research areas.
Again, it is an incredibly motivating factor for our people to be able to contribute to the industry through that industry insights, industry research, and we're gonna continue to do that and continue to use it to actually demonstrate the capabilities that NCC has. In terms of the regulatory piece, again, one of the things I think NCC is perhaps not as famous as it should be for is the extent to which we contribute to actually setting some of the global standards, but also some of the legislative initiatives that are currently ongoing in a number of jurisdictions, that we are asked for insights by anybody establishing regulations and legislation. NCC is a phenomenal organization and with a real breadth and depth.
In terms of trying to develop the future thinking, where are we looking to go? These are obviously at a very high level. We are working very closely with the team to establish the sort of the themes going forward, but just to sort of touch on some of them. Firstly, in terms of building out our consulting and implementation capabilities, we have an absolutely great track record in the very deep technical space. Actually, what we wanna continue to do is use that and leverage that to build out of our consulting and implementation services and capability, and solve our clients' most complex problems. We wanna fix the issues for our clients. We'll continue to build out our Technical Assurance.
It's at the heart of the organization, the way that we see ourselves and actually, that is the way that I think we build credibility with the market, that deep technical expertise. We need to drive some of that, but we actually need to drive the automation around it and actually, look at how we do some of the execution and delivery around our technical assurance services. Managed services will continue to be a fundamental pillar, and I've broadened that out into other forms of recurring revenue. We have a great base. We have excellent plans to actually build on top of that with things like XDR, but clearly a really important dimension to build that underlying platform for our services.
Software Resilience, I think, again, Chris has mentioned that, we'll continue with the integration of that and look to actually build that and leverage the capabilities there to actually grow the revenues and profitability of that piece of the business. All of this has to be underpinned and actually embedded far better our insights and innovation, which we currently have, and the intelligence that we see from the market, which again, is an actually crucial element of our intellectual capital. All of that put into a wrapper, which is fundamentally making sure our brand is perceived as it should be in the market. It is.
We're not as famous as we should be, and that is clearly gonna be something that we need to focus on. Some of the other areas around client centricity, building our sector focus, some of our verticals which are already well established but we need to expand upon. More of our market leading research. And built again in a culture around diversity and inclusivity, which I think we are making some phenomenal traction with. Absolutely superb element. That's the future. But in summary, we've had, I think, a very strong second half growth. Fantastic. I think all credit to the team, delivered double-digit growth in Assurance with a positive underlying growth in Software Resilience. So a very strong end to the year.
There's been a very successful execution, as Chris mentioned, in terms of putting in some of the operational processes that lays out the basis for our strategy going forward. We will, as I've mentioned, and the thing is you've read in some of the announcements, we'll be looking to develop our strategy to bring back at our half year results, building on some of the themes I've touched upon. In terms of this year, we've had a strong start, positive start to the year, and we maintain we are confident in meeting management expectations. Thank you very much. It is great to meet everybody. I look very much forward to having further conversations. In the interim, I think we can take any questions.
Right.
Hi there. It's Julian Yates, Investec. Just one question. Just picking up on one of the comments you made, Mike. It's on the brand piece, and to go with this in terms of sort of reaching up, I guess, the value chain, how do you see that happening? I mean, NCC has tried to do that at times in the past to build on that deep technical experience it has. Is that necessary for the business to move up there to access other growth avenues? Is it gonna be incremental? I guess the question is, how do you see it working this time around? Results demonstrated you can do pretty well.
Yeah.
Without accessing up there at the moment because the market's buoyant. I'd just be interested in that piece.
I'd start with the, do we need a technical component to actually do that? I would say yes, and the reason I would say that is it is the foundation of credible, of credibility. I think you need that insight and market credibility to be able to take perspectives upwards. What we need to do, and I think this is where we would look to and maybe change some of the areas of focus, is actually taking our insights and putting into an engagement plan which is far more aligned to a different set of buyers. More around the CIO, COO, CFO, CEO, potentially. We have to, I think we have to do that tilt.
We'll do it through the usual sort of channels to market that we would try and build relationships or at least the brand permission to be able to say, "Look, if you need to talk to somebody about this topic, we've got the technical capability. We know how to translate that into the problems that you're facing." The industry verticals are a really important channel for that. I don't think we've made enough of them historically. Taking that insight, say from an automotive perspective and then sharing that through the automotive channel I think would be really important.
Do you see that as an essential part of taking NCC forward? I guess the reason for asking is it's been tried before, and it's kind of been folded back into the business.
Yeah.
Should we be sort of seeing that as an important juncture or just as an incremental sort of part of the overall strategy not to get too fixated on moving up the value chain?
Yeah. I would never get too fixated in terms of driving, if you like, the marketing component. We have a great operating business. We do some great stuff. I would say it's that incremental next evolution piece. I'm trying not to think about what failed in the past. I'm trying to think about what is the things I would like to take forward to actually drive the market in the way that I've seen work before.
Thanks. Totally sort of moving on to the other part of the business, Software Resilience. Be great to sort of hear your thoughts on that. I guess sort of coming anew at this sort of business model, how do you see this sort of type of business model unfolding with, I guess, the challenges and opportunities it faces?
Yeah.
As sort of fresh pair of eyes.
It's still very early days. There is clearly a very different business model. Incredibly important in terms of the overall performance of the business. I think we still want to keep that under review to see where we want to take it in the future. It's very much a situation of wait and see. We're still sort of trying to see where it all fits together. I think I don't know if that's fair, Chris.
Yeah. I mean, it is a very different business. At the time that we made the Iron Mountain acquisition, we said, "Look, you know, we see the future growth driver of the business organically is clearly on the Assurance side because that's where the market opportunity is." We have a wonderful little business, and the Iron Mountain opportunity came along. We're a very good owner of that asset. We've bought it. We're in the middle of putting it all together. We've ended up with what looks like, you know, more or less, don't quote me too much on it, but more or less a GBP 60 million revenue business doing north of GBP 30 million profit and north of GBP 30 million cash. That's a wonderful
Lovely
Little business. Quite how it fits together in the overall strategy, we're waiting and giving Mike some time to think about how that fits.
That's great. Thank you very much.
Thanks.
Hi, it's Charles Brennan here from Jefferies. Can I do three questions?
First of which is, can you just talk about the gap you're seeing between day rates up 2%, and I assume wage inflation up substantially more than that, and what it means for the dynamics in the business? Secondly, just a very quick modeling question. The tax rate's come down. Can you just help us out with some tax guidance for the current year? Thirdly, I fully understand that this is probably a bit tricky to address, but if we think about your strategy going forwards, if you want to try and accelerate growth sustainably, that's gonna require some investment. Can you put some framework around that? Should we assume that investment is organic and therefore taken through the P&L or is that investment going to be inorganic and therefore through the cash flow?
If we assume that it's organic investment through the P&L, do you feel like you have to fund that investment in savings elsewhere in the business to maintain the current financial outlook, or are you happy to lower short-term profitability to drive a more sustainable growth engine?
Wow, okay. Tim, do you wanna start? Or
I'll start. Charlie, most people normally ask 3 questions. I think you asked 3 plus 2 within that set of queries. On the day rate to start with, day rates are coming in gradually, so we put the day rates up actually from January this year. As you can imagine, we have a series of individual contracts that are like delivered within 3 months, and it comes through on those. We have framework agreements. We have 3-year deals. It's a whole gamut coming through. The 2.1 is just the start. It will go up higher than that into this year, okay? That's the first thing. The way it interacts with cost, I think we described it to your predecessor, was that because it's on the revenue line, it's about 100% of a cost, which is about 50%.
If you put your day rates up by 2%, it covers a 4% increase on labor rates, okay? That's the way to look at it. We've given a mandate for about an 8% increase on day rates for the whole of this year across all of Assurance businesses. Now, some of them will stick, some of them won't, depending on where you get to, but we'll give you an update on that at the half year. They're going up, okay? Offsetting the cost. On tax rates, I think you'll notice the stat rate is 25.8% this year, 32.4% last year. The adjusted rate is 24.5% this year, 27% last year.
They've come down because we have some US tax credits, which we are now utilizing, which we haven't utilized before. We've had to wait the statutory period until the IRS can't challenge us anymore, and now we've released them. We'll have that every year coming out 'cause we have that investment in R&D in the U.S. I don't think it will come down much more because as our profits have become more American dominated, they have higher tax rates than the U.K. Generally, I think it'll stick around where we are at the minute, unless something substantial changes. In terms of your third and lots of subsidiary questions about accelerating growth, which we discussed already.
Obviously, we can't give you a quantum of the cost of investment of Mike's new strategy till we see Mike's new strategy, which we haven't yet seen. Once we do get Mike's new strategy, we'll know how much we need to put against it. There will be some cost of investment, but we don't know yet how much. In terms of organic versus inorganic, if it's organic, we're already investing. The XDR we mentioned, we're setting up and building within our budgets this year, a 45-person team to drive XDR, which we ring-fenced and driving that business worldwide. We've already put that within our budgets within the GBP 57 million of adjusted EBIT you see as the consensus for the year. That's one of the areas. That's done organically. Anything like that, we will do organically.
Anything that's very material or going out to buy something, we could do up to, you heard the facility headroom, up to GBP 100 million of headroom. You could do that with bank support without touching shareholders. If you do something bigger than that, even if it's large, we'd probably get the shareholders involved. It depends on the scale of it.
Thank you. Damindu Jayaweera from Peel Hunt. I will also go for three questions, if I may. First one is actually for Mike. More of a higher level question. I mean, two things that I've been impressed with these sort of results is one is the global resourcing days that
Yep.
Seems to go up a lot. Then the other one is obviously the headcount growth, which is at 271 is impressive. What I was more intrigued about is the 115, 120-odd next gen leaders. I assume these are non-cybersecurity people who you guys are training. On board, can you kind of tell us where the industry trends are? I mean, is global sourcing a well-established thing? Are other people doing more of it than NCC? Also the pyramid thing, let's say in the training of the juniors, is that a well-established thing in the cybersecurity consulting industry, and is NCC kind of catching up? I'll stop there and then I'll go to the next question.
If I talk to the resourcing piece first, I think Chris referred to this actually. Yes, the global resourcing piece is something which I don't think NCC has capitalized on to the extent to which some of the other parts of the industry are doing. That to me is clear, and I think that's a huge opportunity. Actually, I think it comes back to the day rate piece as well and profitability. That is going to be clearly something that we will look at quite hard. Actually the direction of travel is really positive so far already. I think that's great. From the development of resources and therefore the building of the pyramid, you're right.
The next gen piece is actually bringing in talent who are coming from a hugely diverse set of backgrounds. Degree, not degree. In fact, I was talking to a young member of the recent cohort who came from previously a care worker. Absolutely fantastic way of bringing in very, very diverse talent, and new types of talent to this piece. I think that's a great thing. It's great that we've got the foundations in place. I think we've got to do more of it. It is probably as good or if not better than some of the industry peers I've seen. I think that is again a great place to start, but we want to accelerate that.
In terms of the overall pyramids, I think it's something that we probably need to look at and I don't have hard metrics for it, but I would sort of intuitively think it's something we need to look at more, particularly in light of different types of services we may want to execute in the future. There will be different pyramids that are optimal for different sorts of services. Managed services are completely different view to, say, pure consulting or implementation services or even very high testing services. We will need to look at the pyramids, and part of that pyramid mix will be where do we source those resources from onshore, near shore, offshore.
Next question is, in what is an excellent-
Sorry, just before you do. I'd just add one point. One of the things that Tim mentioned that gets to how do you support this better pyramid and the better, you know, sharing resources. You need bigger average orders.
Yeah
To be able to do that. One of the really important metrics that Tim called out is that we've significantly increased the number of large orders that we've taken through the business, and it's those big orders that allow you to then manage the resource pool more effectively.
Yep. Thank you. The next question was, given what is an excellent set of results, I guess the only thing that I was not that impressed by was the managed services piece. In there, obviously, XDR is just amazing. It's two-thirds of our, I guess, growth. What else is in there that's kind of holding back the growth? Could you kind of unbundle it a little bit?
Managed services is a mix of very many services, so within it you have the growth areas of XDR and incident response. You have within it the steady Eddies, as I call it, like the cash cows that come through like PCI. Then you have things like DDI, which are, you know, have been good servants in the past, but they are sort of withering on the vine if you don't invest in them. Within that, what we need to do is sort out, which is what Mike's doing, obviously, one of the priorities of the strategy is to go through that and sort out managed services to make sure we have a sort of growth-focused area.
Can I squeeze in one last? Just, a question I had this morning from an investor, because I know the answer to this, but I would like to hear it. The product sales piece, which went from GBP 5 million to GBP 10 million.
Yeah.
Could you kind of remind us what's in there, which geography and what's happening?
Yeah. As you know, we're not focused on products. We're a service-based organization. We believe in our ISPs and our people. The product really comes out of Europe and within Europe, we deal with many customers, government as well as non-governmental, and they tend to buy products like data diodes, things like that, which is military hardware and things like that. They have them as part of the software then, but they want the hardware as well, and we have to put them together. That's just a reflection of selling more products that our customers wish to buy rather than us wanting to sell them.
Thank you.
Okay. I think that's it. Is that all the questions? Fantastic. Thank you very much. Look forward to seeing you in the future.
Yeah.
Yeah. Thanks very much.
Thank you.