Welcome back everyone to ABG Investor Days. My name is Simon Jönsson, equity analyst here at ABG. Next up, I have the pleasure to welcome John from the cybersecurity company, Clavister.
Thank you.
Without further ado, I will leave the floor to you.
Thank you very much, Simon. Welcome everyone. Clavister, so for those of you who are not familiar with Clavister, Swedish cybersecurity company. We are delivering cybersecurity solutions to what we refer to as mission-critical applications. So in essence, customers who are important for the functioning of the society, and I'll get back to what that means. We are primarily focused on Europe. We have roughly 50% of our sales in Sweden, and the rest being distributed in Europe and a few selected countries as well outside of Europe. Our headquarters is in Örnsköldsvik. We have offices here in Stockholm and in Gothenburg as well, and a distributed workforce with salespeople also outside of Sweden. If we look at the Clavister history for a while, taking a little bit of a retrospective, Clavister's been around for quite some time.
We were founded back in 1997. So basically, that means that Clavister is one of the earliest cybersecurity companies, not only in Sweden, but I would say in Europe and in the world. For the initial years, actually, for the initial many years, Clavister was very much a, you know, typical Swedish tech innovation company. We were able to deliver and produce and innovate great tech, great products. You will see some examples of that later in the presentation. But the other blunt side of that coin was that we were quite worthless in taking our products to the market. As you can see, we needed 20 years to reach SEK 100 million of revenue. That's all good, or maybe not, but it is what it is.
We've come really far since then, and the good thing is that we have a tech base with us that is heavily invested, that has very little sunk cost in it, and that we're taking to market. So as you can also see in this graph, in 2017, we started a new phase of the Clavister journey. Basically, a phase where the focus was more commercial, more growth, taking the company to more profitable levels. And yet again, in 2021, we took the second iteration of that phase, where we changed our business model. We took further steps on our focus journey, looking at what type of customers we serve. We took quite a strict cost control action, reducing our OpEx, and the results are clear. Back in 2017, we had significant EBITDA losses, obviously.
Rolling 12 months now from Q3, we are double-digit positive EBITDA, and that trend continues as we see it. What are we doing then, practically? Well, at the heart of our business is software, so we are a software company by heart. We have two primary software stacks, if you like. One software stack, which is in the identity and access management area. The other software stack, which is a next-generation firewall software stack. In quite many cases, our customers are, to be honest, a little bit lazy. They would like to see turnkey package solutions. So what we do, we procure hardware appliances, turnkey hardware products from various vendors, including MilDef, including a few Asian companies as well, and we package and sell these combined products to the customers.
We've picked four specific customer groups that are all part of critical infrastructure or mission-critical customers. Being then from left to right, public sector, including municipalities, county councils, state-based agencies, and so forth. The energy and utilities companies, meaning energy grids, local power companies, basically companies who are absolutely critical to deliver, you know, a functional society. Telecom, that's mainly mobile operators and different, you know, communication service providers, and finally, defense, the defense industry. Those four customer groups are, in essence, 100% of our positioning today. In the past, we were a little bit more all over the place. These four today is the clear direction and the clear positioning of Clavister. If we then take sort of an outside-in view of Clavister, what are the key highlights for... As an investor case, investment case?
I would start with looking at the market, and I'll come back to that as well. We are operating on a very interesting market. It's fast-growing, it's quite stable, you know, non-cyclical, with underlying trends that are absolutely favorable for, for companies like Clavister. We have our software, which is proprietary, meaning we've built everything in-house that drives fantastic gross margins for us and complete control over our software and our destiny. We have a customer base today that we've built over many, many years that are highly diversified. We're not dependent on any single customer. We have no single customer representing more than 10% of our revenues, and in that customer base includes a, you know, a good set of so-called blue-chip customers, large enterprise, well-named customers.
We have a business model, especially now since a couple of years back, which is, first of all, scalable, and the financial profile of that model is really attractive. Gross margins, great. High degree of recurring software revenues and a lot of scalability in it. We've built a platform with a growth strategy that we're executing on now for several years in a row, with tangible results on the bottom line. And last but not least, we have a team, including management, board, and staff, that is highly motivated and, you know, super low attrition rates, extremely high domain competence and industry expertise. So looking at the market, what are the trends? You know the trends, by just following the media. I mean, the amount of rising cyber attacks, especially following the war in Ukraine, that's one of the key drivers.
It's just escalating quarter- by- quarter. Speaking of the war, the instability, geopolitical, that's also driving the cybersecurity trends, clearly. From regulation and compliance perspective, we see a lot of initiatives in the European Union. Legislations such as GDPR, of course, but also, you know, even more close to our domain being the NIS and the upcoming NIS2 Directive that drives the need for European cybersecurity. Speaking of that, Clavister is one of very few European cybersecurity vendors with these type of products. Our incumbent competitors are typically American, the big ones, Fortinet, Cisco, Check Point, and so forth. A few Israeli ones and some Chinese, and in the past, at least some Russian ones. In the European Union, Clavister and tops two, three others who can deliver what we do.
Speaking of the market, it is a growing market, quite fast-growing market as well. If we look at the regions we operate in, the addressable market for Clavister just this year is, you know, double-digit billion SEK of addressable market. So we're barely scratching the surface with our 150 million SEK of rolling 12-month revenues, meaning there is absolutely room for growth. Taking a look at the software offering we have, we'd like to start off by emphasizing the fact that this is security by Sweden. Our software is designed in-house, in Sweden, for over 25 years. And as I mentioned, over these many years, we have really nominal sunk cost. So all the investments we made over these years are stacking up in more and more IPR that we're taking to the market.
Typically, you know, uncommonly, software companies need to deal with a lot of technical depth. We need to do, you know, changes in software platforms. We need to cancel offerings. We have some degree of that, but super, super small. The code we wrote 20 years back is still part of our offering. That's significant. Around 25% of our net sales is R&D. That's slightly higher than the huge American ones, but they come from another scale, of course. I would say this is a good match with the size of Clavister today. We are following what we call a very strict intellectual property strategy. The first bullet here might sound obvious that, you know, we maintain control and ownership of all the development results we're doing. That's clear, but in reality, that's quite a tough one.
I mean, we are trying to get our customers to sponsor our development to the greatest extent possible. And if you get someone to sponsor your development, they would like to own the ownership or have the ownership of the IPR. We realized that we would dilute our value the first day we would start, you know, diluting our IPR. That's impossible, so we have always maintained a strict position. Everything we develop is ours. Otherwise, we don't do it. And similar to that, we have not entered into the quite common trap of developing unique components or unique software to individual customers. That's super dangerous in software, so we have one line of products. That line of products is supporting all our customers, regardless of customer group or specific name of customer. Super important for scalability.
Despite Clavister being a small company with, you know, roughly 100+ people, we have been able always to be in the edge of technology. If you would ask a random customer of ours, having them compare Clavister products with Fortinet, Check Point, or Palo Alto products, you would probably be amazed that a small team from Örnsköldsvik is able to keep up with the big U.S. vendors. Of course, they have a much larger offering, you know, broader offering. We are niched, but still, super, super important and impressive if you ask me. The platform is, as such, super scalable, so we can run our software from the smallest device being installed on a, let's say, power substation in an electricity grid, up to massive terabit cluster capacity in data centers. Same software, full scale.
Couple of years back, we acquired a small startup, which was a spin-off from Chalmers University, that had researched and developed a very powerful AI ML algorithm, patented by this time. Any company with self-respect nowadays needs AI, of course, and we're not an exception. The difference, though, is that the AI you are probably typically used to see and read about are the big data AI models, the ChatGPT's models, the ones that require, you know, massive amount of data, massive amount of computing processing power. That is not us. We have a super slim model that you can integrate in a vehicle, in a substation, in a small device, on-prem, super condensed, without the need of cloud, without the need of those, you know, high-capacity clusters. Why is that important?
Well, keep in mind one of our key business, customer groups, defense. In defense, when you have a combat vehicle out in the field in Ukraine, they are not cloud-connected. They don't have the time to process data in Amazon or Google Cloud. They need instant reaction immediately in the field. That's what our AI model can do. And, and finally, again, connected to, to defense, just the pure fact that we're working with customers who are driving mission-critical operations, our software has to be as close to flawless as possible. So NATO-graded, being developed in close collaboration with our defense customers. When our software stops working, our customers' operations stop working, and if you're the local optician, well, that's not much of a big deal, maybe, apart from a few persons needing to reschedule their eyesight test.
If you're operating Försäkringskassan or a combat vehicle, our software is the matter of, well, life and death, especially in defense, and the matter of millions of Swedish people who can't, you know, subscribe to Vård av barn or Föräldrapenning in the case of Försäkringskassan, so super mission-critical. Speaking of customers, just picking a few examples, we have today over 20,000 recurring software contracts, so spread over a lot of customers, which is good on the one hand, it comes with, you know, de-risking the business for us. A lot of that is recurring, obviously. We have very small, very low churn rate, just north of 3%. Can be improved, but it's not a problem for us. In the public sector, 21 out of 22 Swedish regions or county councils, regioneR, are our customers.
We work with Försäkringskassan, we work with Stockholm Stad, many municipalities. We work typically through partners, partners like Tietoevry, Certessa, Arrow, CGI, you know, well-known, established partners in the partner landscape. On the energy side, protecting energy networks, customers like E.ON, local or regional energy companies, Gothenburg Energy, Skellefteå Kraft, and so on. There are quite, quite many of them. In the telecom field, Nokia is our primary partner. Through Nokia, we take our technology to more than 20, close to 30 mobile operators, including Three U.K., M1, and StarHub in Singapore, satellite communication vendor like OneWeb, that are completely building their data centers with Clavister technology.
And in defense, one of the fastest-growing areas for Clavister at the moment, with BAE Systems, General Dynamics being key partners and customers being the various ministry of defenses, including the Dutch Ministry of Defense, the Norwegian Ministry of Defense, locally in Sweden, the Swedish Defence Materiel Administration, or FMV. Recent announcements include partnerships with Milrem Robotics as well, that produces these autonomous combat vehicles for, you know, for future battles. Quite a diverse, strong customer base. Some words on financial performance, going back few years. So again, quite a solid, not super high growth yet, but, but solid growth, and since two years back, introducing annual recurring revenue as one key metric as we change our business model.
So out of our north of SEK 150 million of revenue, over 110-115 is recurring from our software sales. At the same time, we've been working hard on our cost base, essentially cutting 25% of our rolling 12-month OpEx down to much more, you know, pleasant levels, if you like, today. And that has, of course, yielded a strong impact on our EBITDA and EBIT line. So again, moving from strong negative EBITDA margins to +10% and continuing on that trend. Rounding off with some future. So what's the growth strategy? Essentially, there is a super interesting market. We have a strategy that we're following. We will continue to capitalize on the market, that goes without saying.
The positioning we have right now, being, you know, European vendor, security by Sweden, the offering we have, continue to capitalize on that, meaning that we don't see any need for developing fancy, massive new products in order to grow. We have a good product portfolio. We'll grow with that, first and foremost. There is still room for operational improvements. I'm not saying massive cost cuts, but I'm saying more efficiency. The change to our recurring business model means that we're freeing up resources in sales to look at hunting new customers rather than farming old customers. That's a super important efficiency gainer. We will continue to transform our customer base from the old business model to the new recurring model, and as we do that, we continue to just build a higher level, higher layer of base platform for, for recurring revenues.
As mentioned, defense represents one of our strongest growth areas right now, so we will continue to focus on defense, increase our efforts even more with more partners and more deals to take us basically to the level we need to be. Strong, profitable company, growing, increasing our growth pace. We've communicated to the market that where we need to be, where we want to be, where we can be, is in average 20% growth for the coming three years. Final words on the team before Q&A, especially would like to highlight a couple of guys. Mats Wenner, driving our telecom sales. He has over 20 years of telecom sales. He was heading the Telia account when he was at Nokia with SEK one billion of revenue. Stefan Brodin, heading our defense sales.
Relevant background as a product guy from Ericsson, but even more relevant, being a major in the Swedish Armed Forces. So that's his spare time job, not working at Clavister. So his connections and his understanding of the defense business is quite vital, of course. Board of directors, small, slim board. Andreas Hedskog, recently elected as a chairman with 4C Strategies. Staffan, founder and CEO of HMS, and Stina with Tela vox. And just super quickly, Simon, before Q&A, what's cooking? I mean, two things that are super important that we're dealing with right now. We've announced this as well. We are, as we speak, in the final contract negotiations for a very large defense contract with a European defense customer. The deal is estimated to be SEK 160 million committed contract.
We're looking at supplying this type of box with the Clavister software, again, to defense platforms, to basically fighting vehicles that are equipped in the field. We expect that this contract is to be signed this quarter. On our balance sheet, we are living with quite a substantial debt with the European Investment Bank as our main lender, EUR 20 million, south of that. We are in the final rounds of negotiating a better repayment profile so that we're not, you know, seeing as much burden on our liquidity as the current plan, and we're quite confident that we will reach a much better arrangement with them. So that's key, of course, for our balance sheet.
We took advantage of the COVID-19 support from the Swedish government, and we're confident that we will be able to also repay that, not in a lump sum originally planned, but over a longer period of time. We're already partly in a program like that. So quick notes on the balance sheet, just to communicate that we're actively working on improving that one. And finally, we have been engaging ABG as our financial advisor to look at also additional options to strengthen our balance sheet, apart from the two ones we're dealing with. So with that, a bit of a rush in the end. Sorry about that.
Thank you, John. We have a couple of minutes for questions. I wanna start off with you know the go-to-market side of business. It's quite clear to me at least, that you have good products. You have a competitive advantage being European, so maybe you should take more market share from the Americans. The problem, and you alluded to it, is the go-to-market strategy, it seems like. You have not been focusing enough on the sales force or... Yeah, your focus has not been good enough. So what have you done in recent years? I know, for example, you have changed around a lot in the staff around selling and the go-to-market. So maybe you could elaborate a bit, what has changed now, and what do you expect going forward?
Uh, absolutely
... for you to grab better market share?
Yeah, yeah. No, so I mean, you're right. In the past, we had no clear go-to-market direction. It was basically the customer who wanted to buy got attention, and you need to do that to some point. But, you know, when you have the ambition to grow, you need to be more picky about your customer groups and start really becoming relevant for few customers rather than average for all customers. So I think the biggest change we made was this focus on critical infrastructure customers with those four specific customer groups, and make sure that our sales teams are working only with those customers. And that yields result. We see that, you know, for the past, you know, year now, that it yields result.
All right. And, coupling that to sales growth target of 20%, you're still a bit below that.
Yep.
When can we expect to see you picking up more steam?
So one important thing to remember is that, you know, given that we changed business model from perpetual to recurring, just, you know, 1.5 years back, typically, what you see when you do that is an immediately flattening of your growth because you're spreading out revenues over longer period of time, but on the other hand, you get more stable revenues. So that's one part of the reason why we don't see higher growth in the past, you know, one-two years. Now, we've secured significant defense contracts that are delivered during next year, not hope to deliver, but delivered next year, that constitute a big part of growth already next year. We have an extremely nice momentum in our firewall business right now.
So if you looked at the quarter three report, our firewall channel business represented the vast majority of our order growth that fuels revenue recognition next year. So many components taken together that drives growth for the coming years. So we're confident that, you know, we will see our growth rate picking up now.
Lastly, on the defense business, you talked about the geopolitical tension. It's escalating, for over almost two years now, at least 1.5 year, we have seen an escalating trend. You, of course, have the order with the BAE Systems that you expect to deliver on next year.
Mm.
But you still haven't really signed any other major deals. So we can't really see in the orders that you have any results from that, that the activity is up-
Mm-hmm
... in terms of customer activity-
Mm
... that you have talked about before. When can we expect this to be seen in the orders?
Right. So, I mean, on the contrary, I would say there has been a lot of activities and a lot of announcements, and if we look at the typical sales cycle for a defense contract, you mentioned BAE. We started working with BAE already 5 years back, with initial design that led to framework agreement, that led to commercial contract, that led to commercial shipments. I mean, that's all several years of a project. And you know, building up a pipeline in parallel so we can fuel the business with more of such deals, which is why, you know, half a year back, almost, we announced the design win with General Dynamics. That has sort of the same trend, the same pattern as with BAE.
So we started engaging with them a couple of years back, which led to design win half a year back, which means that we're now moving into proof of concepts, which then results in, you know, orders along the line. And similar announcements what we made with Milrem Robotics and, you know, several others in the pipeline. So we have to look at these parallel activities as a stacked line of quite long, long, long things, where BAE represented the first ones with significant value. But as you saw in the slide with customers as well, customers like MBDA, Eurofighter, they are fueling us with revenue as we go. Not as big orders as with BAE, obviously, but relevant. So we're seeing... we're starting to see critical mass, both in deliveries and the pipeline.
Basically, we haven't really seen the full impact yet?
Correct.
Yeah. Great. Thank you so much, John, for attending.
Thank you.
Thank you, audience.