Hi, everyone. Hi, and welcome to our Capital Markets Day. I'm Jenny Lundgren, compliance manager at Clavister. With me, I have these two gentlemen, John Vestberg and David Nordström, our CEO and CFO. Before we get started, I would like to state that this presentation may contain forward-looking statements. Such statements are based on our best assessments at the time of the presentation and are subject to risk and uncertainty that could materially affect our business and results. Clavister therefore expressly disclaim a duty to provide updates to these forwardlooking statements and the estimates and assumptions associated with them. The agenda today. First, of course, this opening, we will hear some words from our chairman.
There after, we'll start the presentation and the time schedule here is a bit indicative, meaning that we'll take a break at some point, but around 11. We will end the session with a live Q&A. I will talk more about the live Q&A later, but if you have questions, you can always use the chat already now and during the sessions, and I will ask them later. Now, let's hear some words from our Chairman of the Board, Viktor Kovács.
Welcome, ladies and gentlemen, to the Clavister 2021 Capital Markets Day. My name is Viktor Kovács, and I am the Chairman of Clavister Holding. I'd like to start by thanking all attendees, especially our investors, for your continued interest in Clavister as we execute against our goal of becoming the premier European cybersecurity vendor. What Clavister does is important, and that has become increasingly evident during the massive global IT transformation brought on by the COVID-19 pandemic. Over the last 18 months, we've watched as IT organizations across the planet have had to deal with increasing numbers of employees working from home and on mobile devices, greater use of collaboration tools, and decreasing IT budgets due to cost savings measures brought on by market uncertainty caused by the COVID-19 pandemic.
Throughout all of this, the threat of cybercrime has grown, primarily in the form of hacking, ransomware, and state-sponsored economic terrorism. Two weeks ago, Christopher Wray, the director of the United States Federal Bureau of Investigation, had likened the impact of recent cybercriminal activity to that of the 9/11 terrorist attacks in terms of reach and magnitude of disruption to the U.S. economy. Clavister, with its innovation platform dedicated to protecting its customers from cybercrime, is playing an increasingly important role in the global cyber defense ecosystem. With our focus on protecting mission-critical applications in the area of 5G, military defense, and public administration, Clavister is committed to delivering the innovative solutions required to outpace cybercriminals in these very important market segments while demonstrating growth and eventual returns for our investors.
You will hear today about all of the solid achievements Clavister has made over the last two years in establishing our role in the global cybersecurity market, as well as the numerous growth opportunities we are pursuing with our newly structured commercial office. Einstein once said that vision without execution is hallucination. One thing I commonly hear from our customers and partners is that they love working with Clavister because we execute while many of our competitors in the market just talk. When they show slideware about market trends and their technology advances, Clavister delivers quality product to demonstrate our vision of the future of cyber protection. Clavister executes while others talk. You will see that today as the team presents our technology stack to address Secure Access Service Edge or SASE, an increasingly important approach to network security with an addressable market which is scaling quickly.
You will see the results of Intel's benchmarking of our virtual firewall solution as the fastest in the industry. You will see Clavister's CyberArmour platform, which is currently being deployed to protect active military applications. While these solutions don't represent the full arsenal of tools and solutions we have to deliver cyber protection to our customers, they offer an insight into where we innovate to stay ahead of the market. I hope that you find today's presentations to be as informative and thought-provoking as the Clavister team has intended them to be. As our innovation platform continues to expand and demonstrate our value to customers, we are constantly improving our communication to the market to hopefully deliver the same level of value to our shareholders and the analyst community.
We know we will never be perfect in this endeavor, which is why we really appreciate feedback from you and hope you will be forthcoming at the close of today's sessions. We believe that through focus, hard work, and execution, we will be able to achieve our aspiration of becoming the one of the top European cybersecurity vendors. Thank you, and I hope you enjoy the 2021 Clavister Capital Markets Day.
Thank you, Viktor. Should we get this presentation started now then? What do you say, John?
Thank you, Jenny. Thank you. Absolutely. It's really great to see so many joining us today. This is our first virtual Capital Markets Day, so it's a big day. I'm John Vestberg. I'm the Co-Founder of Clavister and CEO since 2017. Together with my colleague, David, I will guide you through an update of the cybersecurity market. We will deep dive into some of our strategic initiatives and, as well, share some really exciting news with you. I know that there might be a few on the call who is really not that familiar with Clavister. For those of you who don't know us that well, I will start by giving you a very quick primer. Clavister is all about cybersecurity.
We develop carrier-grade cybersecurity solutions, and we take those to mission-critical applications, mainly for selected markets within the E.U., but also with a global reach through our key partners. Over our 20 years of innovation, we have been able to ship over 130,000 products across the globe. Those installations come with a more than 85% gross margin, and we're happy to say that we have a decent amount of recurring revenue. Recurring revenue, by the way, is one of the topics we will address a bit more detail today. At the core of our business is, of course, our technology and our technology platform, which we claim is one of the, if not the most comprehensive and versatile cybersecurity platform on the market. From this platform, we support over 40 distinct cybersecurity use cases, ranging from authentication to advanced threat protection.
The entire platform is designed and implemented and developed in Sweden. We protect the entire journey from the user through the device, through the network, even in vehicles into the cloud. Over the years, we have invested more than EUR 60 million of R&D into our technology framework. That is an important point as most of our investment is still valid, and it's still a part of the current products we take to market. This is another way of representing where Clavister sits, basically, again, supporting the user who is in need of securing his access or his authentication to services. We secure the individual devices. We are part of the networks, whether it's physical networks or radio networks. We exist in sites, in vehicles, and a lot of our recent deployments is in either private data centers or in the public clouds.
From our technology framework, we have derived a set of specific solutions, and this is done to make our platform more consumable for our customers. We do this to address specific industry requirements. It's also worth emphasizing that even though we're a small company and six solutions might seem quite a lot, all of these solutions are derived and based on the very same technology framework. We don't run parallel R&D engines to support all of this. It's based on the same technology. Apart from the actual technology we provide, we also support our solutions with first-class training, professional services, and helpdesk support. Basically, our solutions, it a lot more than just products. We will talk a little bit more about our solutions in a while. Apart from the technology, of course, Clavister is also about its team.
We have today around 140 dedicated Clavisterians who are highly passionate about developing, innovating, and taking our products and solutions to market. We were recently certified as a Great Place to Work, which very much sums up the culture that we really want to build within Clavister. I am also proud to say that even we are a small company, we have been able to attract really senior industry talent from the market into the company and into our board of directors. From that, we will move into talking a little bit about the market trends. We are obviously in the midst of a digital age, and it is a very exciting era to be part of.
All the information is readily available at our fingertips, and we can communicate freely and conveniently with even the most remote corners of the globe, even communicating with Mars. There is, however, a very dark side to that coin. Cybercrime is actually the fastest-growing crime right now, and just this year alone, cybercrime damages are expected to reach over $6 trillion. That is similar to the entire GDP of Japan. We all hear, we all read about the massive attacks, the ones on Colonial Pipeline, the ones on Maersk, and others. What's really worrying and what's really bothering is that the attacks are getting closer, and they are creeping into our daily lives.
Earlier this year, here in Sweden, one of the healthcare regions, Region Gotland, was the target of a very deliberate denial of service attack, which caused the services from the region to be rendered useless for quite some time. Just very last week, to make a very personal reference, the very hotel where I personally got married was subject to a ransomware attack and needed to close down for a full week. That's sort of how personal cyber attacks get. There is obviously an upside on this, a business upside, and that is that the security market continues to grow fast from already high levels. We're looking at a forecast for 2028 of over $400 billion worth of cybersecurity spending. Massive market and massive growth.
There are as well a number of macro trends that are even more relevant to Clavister, and I'd like to pinpoint a few of those. One of the most important one and the most clear one is the digitalization of services, not only from public administration, entities, but also from the private sector in general. This digitalization trend has obviously been accelerated due to the pandemic and due to the new remote ways of working. There is also a lot of regulations going on, especially within the European Union. The agency ENISA, the European Cybersecurity Agency, has published a number of policies, guidelines, and provided the EU Parliament with regulations, especially according to critical infrastructure and recently the EU Cybersecurity Act. The adoption of 5G is another trend that is really supporting the Clavister business case.
We'll get back to that in a while. Finally, among all of these trends, I would like to highlight specifically the increased geopolitical tension. That is something that really drives the attention and awareness of technology origin. It drives suspicion on non-European vendors, and it puts the spotlight on data transfers across the borders. You might know last summer, the Court of Justice of the European Union rejected or invalidated the EU–U.S. Privacy Shield . As a consequence of that, both public administration and private businesses within E.U. have to look both deep and hard on what services they are using and where they place the data. With that, we would like to move into the strategic direction of Clavister. This is the longer section of this virtual capital markets day, and the intention is to guide you through some of the key elements of the Clavister strategy.
We are clearly operating in a very fast-growing market. We have a business that is characterized by high gross margins and high leverage potentials. As such, the obvious and the main way for us to create shareholder value is to continue drive and even accelerate our growth. Even the tiniest of increments of growth rate have significant impact on the value creation and cash generation of this company over time. To that end, we have created a growth strategy where we've found this strategy on the fact that we are well-positioned to expand in the selected markets which we will present. The five core pillars in our strategy are the following, industry focus, which we will talk about in a while, Clavister SASE, which is a fantastic new solution launch, solution-oriented sales, recurring revenue, and finally, M&A.
Still, this is worth emphasizing a lot, our growth strategy does not come at all costs. We are still driving a very strict cost and cash agenda. We do that to reach and to sustain profitability. I think you've seen the evidence on that already by us steadily reducing our operating losses over the last periods. In the coming slides, we will deep dive into a few of these strategic pillars where other pillars will be touched upon more briefly. I will start with the industrial focus. What we're basically doing here is implementing so-called verticalization, basically building a much stronger targeted industry focus towards a few selected customer verticals. This is really a continuation of a journey that we started already when we started the larger transition of Clavister back in 2018.
This is the continuation of that journey and an even more focus. The reason we're doing this is clear. It's to accelerate growth by building critical mass with sales and marketing activities, critical mass in terms of amount of customer base, reference cases, and so on and so forth. From this year and in reality really from the second half of this year, we are focusing on three main industries. Public administration within the European Union, service providers, and defense. The reason we decided to focus on those three came from a quite comprehensive strategic work that we conducted together with partners throughout the end of 2020 and in the beginning of 2021.
It was a diligent outside-in market research where we really wanted to pinpoint what are the key industries where Clavister has the best ability and the best opportunity to succeed in taking market share and drive growth. With the first one, EU public administration. There are, and we already touched upon this in the previous slides, a number of key trends happening in this market and a number of drivers that are driving the investments into cybersecurity. Again, one of the most important and most visible ones, especially here in the Nordics, is the digitalization of government services. Sweden, the Nordics already way ahead of so many other countries in terms of availability of digital services, but it's even more fueled and accelerated by COVID-19. Of course, other European countries are not that much after. We're seeing this trend across the entire Europe.
The implementation of the cybersecurity laws is important. It not only recommends, but it really enforces investments into cybersecurity. As a natural consequence, everyone realizes that the impact, the financial impact on cyberattacks on governments is massive. As such, the willingness to invest in cybersecurity is high. We're also seeing a number of public-private partnership initiatives, for instance, the EU Horizon 2020 investments that are driving initiatives, innovations, and product development all to enhance cybersecurity within the union. It is a market that is growing fast as well, we're looking at close to $18 billion of cybersecurity spending in 2023 or by 2023. It's also worth emphasizing that public administration in E.U. actually represents over 25% of all cybersecurity spending in EU by 2025. The solutions that we are taking to this market are quite few actually.
Our identity and access management solution is a given. You can recall obviously that with digital services, remote services comes a strong emphasis on identity, authentication, single sign-on capabilities, and policy enforcement. With that comes a natural sibling in our portfolio being our firewall solutions and the transition into what's called secure SD-WAN, basically the next generation of firewalling and WAN technologies. We have a number of certifications that are relevant in this market, and I think the latest one that we achieved earlier this year, Cybersecurity Made in Europe, is obviously resonating very well with European Union provisions. There are a number of key values that we bring to this market. First of all, this is not an entirely new market for Clavister.
We have been used, and we are being used by nationwide, by regional, and local government customers since many years back. We have demonstrated our products and solutions viability to function and to deliver value and services in this territory, in this domain. We also believe, and I believe that Clavister being a public-listed company brings also the transparency and the insight needed for public government customers to trust the vendor, to trust the technology, and to trust our values and our core business ethos. This is important. We also believe that we as Clavister is the perfect and natural transformation partner for public administration. What do we mean with that? We have over these many years seen all of the transitions happening on the security market from the traditional firewalls migrating into UTM, into next-gen firewall, into cloud-based services, into complementary security technologies.
Because of that knowledge, we can support the public administration customers when they in turn need to face these challenges. Our technology is extremely versatile, we already mentioned that, we can meet both physical and virtual environmental requirements for security installations. Finally, this is obviously very important for all customer groups, nonetheless for public administration, we are constantly well above industry average when it comes to our support and our attention to our customers. We track this using the classic Net Promoter Score, where we score 59, which is a very good and a very high score. It almost goes without saying, it's of course one of the most critical and one of the most important values we bring. We are a true European cybersecurity vendor.
I strongly believe and I strongly claim that we are also the only one European vendor that brings the full scope of cybersecurity use cases that normally or typically only the huge U.S.-based vendors can provide. Again, coming back to the geopolitical tension, if you have to choose as a public administration customer between a European vendor and a non-European vendor, in my opinion, the choice should be clear. We move ahead to our second focus vertical, leaving public administration, and that is our service provider vertical. To clarify, when we talk about service providers, we mean all of those providers that essentially integrate cybersecurity as part of their offering or as part of their operations. In other words, we're talking about managed security service providers, we're talking about communication service providers, in other words, mobile operators, internet service providers, and so on.
One of the most dominant trends on this market, and one of the key investment drivers is the increasing complexity of cybersecurity. Just years ago or a few years ago, you could solve a cybersecurity issue by investing in a point product. That is not the case anymore. You have to have an extremely comprehensive set of components, technology solutions and policies to really enforce cybersecurity. It goes without saying that this is impossible for a small medium-sized business. Even large enterprise businesses struggle with this challenge. As a natural consequence, the service providers that have the customer base, they have the critical mass, and they have the competence and the domain expertise are the natural partners to provide cybersecurity, be that to consumers or to enterprises.
The adoption rate of 5G is again a very highly relevant driving force in this, and that comes from two perspectives. One is the operators, the 5G operators that need to invest in cybersecurity to ensure the resilience of the actual 5G network. The 5G networks are complex, they are highly virtualized, they are highly software defined, and without cybersecurity, they are basically an open target. That is one aspect of 5G. The other one is really what 5G brings to the market. With all the capabilities, with all the capacity, all the technology capabilities of 5G, it really opens up for over-the-top services, security services to enterprises and to consumer customers. We see an interesting trend being that mobile operators are now trying to explore some of the potential over-the-top services from their investments in 5G.
There is one capability in 5G called network slicing, basically allowing an operator to provide specific set of services, specific set of technology and components to specific customers. This is a perfect area where cybersecurity would be added as an over-the-top service. Again, a huge market, $46 billion of addressable market by 2025 and growing fast. It's quite obvious to think about our 5G security solution as the main solution towards service providers. Yes, it is an important one. As you can see in this picture, in this slide, a majority of our solutions are actually applicable to service providers. For the reasons I just mentioned earlier, that the entire complexity of cybersecurity requires this versatile and diverse set of solutions to really be able to capture and to mitigate threats in this market.
We have a number of important go-to-market partners and customers in this segment, obviously. We have a number of smaller service providers, a number of service providers we are just initiating our work together with. To mention a few, Nokia, Ericsson, Tata represent some of them. I would also like to, of course, bring out the key values we provide to this market. To some extent, it's quite similar to the values we bring also to public administration. We are proven in this environment. We have over 30 operator wins in the 5G space, so we can clearly claim to be a security leader in 5G. We just a number of weeks ago announced our latest innovation when it comes to performance in virtualized software for 5G networks. Again, we are a technology leader in this space.
Since many years, we have been working with the larger, not only the service providers, but also the technology providers to service providers. We have that reference base, we have that experience, and we have that proven capability. Similar again, to the public administration, we believe we are a strong partner to these customers, and that ability comes, of course, from our strong and solid experience. We go more than 10 years back with a lot of our larger network equipment providers and service providers. Again, coming back to the complexity point, the fact that we support all of these use cases, more than 40 distinct cybersecurity use cases, makes us the so-called one-stop shop for service providers who really need to drive security services. Finally, the innovation part. This is obviously a market that do not stand still.
We have to continue to invest, and we are investing in innovation. We are investing above industry benchmark. This is also something my colleague David will speak a bit more about in the later session. We have already reached a point where we provide what's the industry is referring to as zero trust networking, which has been in many years some kind of the Holy Grail in the network security or cybersecurity industry. We are supporting that from our existing solution set. As we're doing that, we of course, continue to develop our technologies also for the future 5G world. I'd like to bring up two specific case studies just to give you a little bit more detailed insight into what we are really providing. The first use case is with our partner, Nokia.
We have a partnership with Nokia that goes back to about 2016, where Nokia really took upon cybersecurity as a strategic pillar in order for them to differentiate themselves amongst the other competitors in this market. They realized that security, especially in the 5G world, is something that has to be designed in. You cannot add it afterwards as an afterthought. That is a recipe of failure. With the bandwidth and the increase in use cases of 5G, everyone realizes and everyone acknowledges that the data volumes are really expected to grow rapidly. As a consequence, the security solutions have to scale following that. Otherwise, security becomes a bottleneck and it's being ripped out in favor of services.
This is where we come handy in, coming back to my previous statement that we are a leader in performance. Our ability to scale in a mobile operator network is second to none. We are really the leader in this case. Our solution covers not only 5G, it covers also 4G and even legacy 3G type of use cases. This solution is taken to market by Nokia under their own brand called the Nokia NetGuard Virtual Firewall. It's part of their larger NetGuard family of security products. We are the only Nokia-branded firewall product in their portfolio.
As the picture on the right alludes to, the blue boxes are a few of the points in a conceptual mobile network where our products gets deployed and provide security, ranging from the interface between the public internet and the mobile core network, the communication between the radio network and the core network, and even communication between mobile operator networks. Clearly, many different use cases, many abilities for us as well to do upsell on our install base. Our strategy right now when it comes to mobile operators and 5G is to secure as many design wins, as many logotypes as possible. We have an inherently fantastic business model where we scale our revenues based on how the data volumes are scaling in the network.
Right now, we're trying to add as many mobile operators as possible to the solution, and while 5G data volumes will grow over time, so will our combined revenues from the solution. The second use case is fresh from the oven. It's very new. It's a case study and a solution that is being taken to market by our partner, Telco Systems. Telco Systems is part of BATM Group, a quite large provider of technology. Telco Systems provides solutions for the service providers, for the operators, including NFV solutions, including carrier grade network and Ethernet solutions, and in the portfolio of Telco Systems, they have customers such as Vodafone, such as PCCW in Hong Kong, and others. What Telco Systems is doing right now, as we speak, is that they are launching a new service, a new solution called Edgility.
That refers to, of course, Edgility. What this is a combined SD-WAN and security suite that they are targeting and offering to their service provider customers. The key thing here, obviously, and the upside for us is that this solution is to a great extent based on our technology. SD-WAN, of course, and our security components. Again, this is a great and nice example on how we scale our business with other vendor solutions without us having to scale up our sales engine. Similar in the case of Nokia, we are through Nokia able to reach the entire vast majority of all the mobile operators in the world without us building a massive sales team. Finally, moving into the final vertical or final industry of ours being defense. This is a vertical or an industry where the trends are extremely clear.
It's again, of course, about digitalization, but in a different sense. Of course, the defense sector is not providing public services or services to other enterprises, but the digitalization of their operations is growing as we speak. That comes from several factors, not only from so-called modernization programs, where all but this industry is super slow, long time to market, long lead times and so on, but there is a massive amount of programs running already now. Modernization of vehicles, of vessels, of aircrafts, all of them in need of cybersecurity. All of them equipping with cybersecurity as they are modernized. There's also a number of regulations and policies in this market, including C2C, CMMC, and so on.
In the slightly broader context or perspective, actually, United Nations and the EU will make cybersecurity mandatory for all new vehicles in 2024. All new vehicle types by 2024 will have cybersecurity as mandatory components. The risks in this operating environment is obviously huge. If you have a failure of cybersecurity or a failure due to lack of cybersecurity, you might have loss of mobility, critical communications, or interception of intelligence. Really, this is an area where lives is at stake. It's again, a huge market, slightly smaller than the other markets we have been looking at, but still $12 billion of addressable market by 2023. Our Clavister CyberArmour solution is the clear targeted solution for this market, but also within other areas like identity and access management and even secure SD-WAN, we start to see traction in this market.
We are working with a number of high-profile brands like BAE Systems, Saab, Eurofighter in Germany, and our U.S. partner, Digital Cloak, to mention a few. The values we bring to this market is again, very similar to the two other verticals, and that's a good thing because it keeps the sort of the red thread in our offering, our positioning, and makes us viable across these three industries without being too diversed. We are proven in this field, defense proven, and maybe it's appropriate to say battle proven, no pun intended. We are trusted by governments. We are delivering these type of solutions to this industry for a while, but it's really recently where we have started to expose this also to the external market that we're doing this. We have strong operational experience.
We would like to marry the experience that we're gathering from other industries, from, for instance, public administration, from service providers, where you have similar types of challenges, and we can take those challenges, take our experience in those challenges and really provide that insight and create synergies based on that for the defense community. The typical scenario is that our competitors in this space are really only niched on defense, and that creates a very locked-in type of mentality where we can come with our synergies from other markets. We have, based on the attributes of our technology, our low footprint, our resilience design and so on, we have a technology that is fitting very well in this industry. We don't carry our own operating system. We have super fast startup times.
All the technical attributes that are really required when you are in a mission-critical operation. I'd like as well to provide a case study. We announced recently a design win with BAE Systems. I think most of you know BAE Systems already, but it's worth highlighting that BAE Systems are the largest defense contractor in Europe and the third largest contractor in the world. They obviously provide and develop a vast amount of different defense material, but specifically related to Clavister CyberArmour, they produce here in Sweden two specific type of vehicles, the combat vehicle and the all-terrain vehicles that you see on the right. The latest versions of those vehicles are implementing cybersecurity. Could you imagine?
This obviously drives a strong demand on carrier-grade, mission-critical, and ruggedized type of security that can withstand not only the cyberattacks, but also the physical environment, which is obviously quite different from the ones in an office or in a data center. Why are they doing this? Obviously, these type of vehicles, they are literally becoming data centers on wheels or rather on tracks in this case. With that, they come with over 50 different computing engines, with weapon firing computers, with video cameras, with battle command system sensors, all of it being interconnected, all of it being subject and potential for cyberattacks. With that, we come in, we provide a ruggedized security platform. It's based on our technology platform once again, but we have augmented it with requirements from BAE Systems and from NATO integrating this into these type of vehicles.
The first end customer contract was won earlier this year. It's for a Western European army or military organization, and the contract to us is worth SEK 50 million. It's a committed contract, and it has an upside as well to reach to SEK 90 million over time. Of course, there are a potential of subsequent end customer projects, each of them worth in this size or in the range of SEK 20 million-SEK 100 million each. Obviously, subject to contract awards to BAE Systems. I would also like to share the go-to-market model in this industry just to shed some light on how this model can scale. Obviously, we start with our solutions on the one hand, and we scale through different layers of go-to-market partners.
It's very clear, obviously, that we are not in the position and it's not our ambition to talk directly to the end users. We are not providing our products directly to the armies or to the end users themselves. We work together with defense OEMs such as BAE Systems, but also more niched system integrators in this industry. Through those partners, we do design wins, we do integrations, which are project-based. In the specific use case or case study I just mentioned, we have now an OEM contract and an integration contract for two specific vehicles. From that integration, we enter into various defense programs run by the respective ministry of defenses or end users or end customers in the respective nations. The contract I just referred to, the SEK 50 million contract, is the first one in hopefully many to come.
Basically, our ability to scale is by replicating, by multiplying, and by scaling those contracts into new contracts into new nations. That's not the only way we can scale. Obviously, just within the group of BAE Systems, there are so many other vehicle systems in need of cybersecurity where we can scale. From those integrations, we can again scale to additional prospects, additional defense programs. Outside of BAE Systems, we have a contract with Saab. With Saab, we can again look at different design wins, different integrations, and from there scale even further to additional contracts. We have a design win, or rather a partner win in the U.S. with Digital Cloak. They are a niched system integrator. They target the U.S. Department of Defense and a number of civil agencies as well within the United States.
We are running right now a first proof of concept for about 1,500 employees of the U.S. Marine Corps. This is an implementation of our identity and access management solution, where the stronghold of that solution was really appealing to the U.S. Marine Corps. On the back of a successful deployment, this is then going to scale further within the Marine Corps and potentially to other parts of the Department of Defense. Naturally, we can still look for additional system integrators and additional OEMs in this space. This is a good example on the super scalability that we get from both the versatility of our solutions, but also our go-to-market model, where we use OEM partners, system integrators as the route to market. With that, we have completed the first strategic pillar in our strategic growth plan.
Before we take a break in some minutes, I will highlight the second strategic pillar, which is referred to as Clavister SASE. It's a very interesting acronym. Typically in this industry, we see a lot of acronyms. SASE is one of the latest acronyms. To shed some light on what SASE really is, it is in the macro context, the convergence of wide area networking and security services that are built together or integrated into one holistic service model with the emphasis on service, because it's predominantly delivered from the cloud as a service. As this image represents as well, you see a lot of different technologies that get integrated and incorporated into a full-blown SASE solution. It goes without saying, obviously, that there is no single actor on the market because this is a very new trend that already has all of these components together.
I will, in the next slide, show you where Clavister is in all of this. As a slight hint, we are well-positioned. The market outlook for SASE is fantastic. It's growing super fast. There are some researchers that claim it's growing in some areas with over 100% annually right now. On a more conservative outlook, we're looking at plus 10% if we look at the entire SASE market. It's growing, though, from quite small levels initially, $2.7 billion up to $5.4 billion by 2027. The more interesting outlook, though, is the second bullet, where by 2025, over 60% of all businesses actually claim they will have strategies and even timelines and projects for adopting SASE.
This is how strong this trend really is. What are we doing about it? Well, we have been developing a SASE solution for a while now. We are taking this to market, and we're launching it in the second half of 2021. Our initial target group for our solution is public administration being the first vertical. Public administration customers, first of all, in Sweden to get a critical mass of customers, scaling it to the Nordic perspective, and then later on to the European context. We realize that we have a smaller brand and a smaller reach compared to some of our competitors and quite many of our American competitors.
What we're doing in parallel of providing this service is also packaging this technology as a solution package for OEMs and for service providers who want to take this to market under their own brand, under their own provisionings. What we're doing as well is that, and this is super important, you will see this as well in the next slide, this is not a new technology for Clavister. We're actually leveraging the software IPR we have been building for over 20 years. The key values we bring here is, and following on to what I just said, we own more of the SASE stack, more of these components taken together than actually most other SASE vendors. Many SASE vendors, most SASE vendors, they act as resellers, as integrators.
They take third-party solutions, they integrate them, they provide that as a semi-integrated solution, as a SASE solution to the market. We' on the other hand, have most of that technology in-house. We can integrate this in-house. We're doing that in-house. As such, we can provide a much more streamlined, a much better user experience to our customers. Another difference, which is an important one, is that we have identified identity as really a core component in our offering. Not many SASE vendors are doing this. We only know one, which is a major U.S.-based network provider, network equipment provider.
We believe our strategy is really that identity is such a core element, so it has to be an identity-first solution. That is why our solution has been built up with the identity management and identity access management solution we have already internally, and we're building our solutions based on this. We're hosting our solution in Europe, again, important from the geopolitical perspective. That means that we can mitigate any integrity issues, any geopolitical concerns that might come from public administration customers. From a technology point of view, we have a multitenant security-first architecture, and we do something which is called infrastructure as code. This is important because it means we can take the entire solution and we can deploy it on any cloud infrastructure. We're not natively tied to a specific cloud vendor or a specific cloud infrastructure. We can deploy this literally on any cloud.
The idea of this picture is not to scare you with acronyms and the alphabet soup of cybersecurity, but it serves a different purpose. It serves the purpose to look at the IPRs of Clavister and how really how far we have come in terms of a SASE solution. On the more comprehensive level, all of these boxes you see on this slide are components that build up a SASE solution. There is more to come. SASE is evolving as we speak, and in the next few years, this image will look even more complex. Here and now, a typical SASE solution consists of these boxes. Now, all the white boxes are areas, technology, or use cases where Clavister has our own IPR. It's our own software, our own products that build up this structure.
The blue boxes are technology that we are licensing from third parties, and there will be, and this is a topic for a bit later in the presentation, there will be areas where we have to look at acquiring technology, either through partnerships or in pure M&A activities. In a nutshell, this is SASE. It's a fantastic evolution, and it's a fantastic new solution that we're taking to market, and we obviously hope to have a good and a strong success with this solution over the next years to come.
Thank you, John.
Thank you.
I think we will take a break now. I think a 10-minute break now. First, I want to remind you that you can still write questions already now. Use the chat or use the Q&A. We will start again at 11:05 A.M. A 10-minute break starting at 11:05 A.M.
Hi, and welcome back again. Before we get started again, I want to remind you again to use the chat to write questions or use the Q&A as well. Now, should we get started, John?
Absolutely. Thank you, Jenny. Before leaving the word to my colleague, David, I would like to guide you through the third element of our growth strategy, namely what we refer to as solution-oriented sales. Essentially, this means that we are transitioning from the broad product portfolio company that we were recently into a solution selling company, a value-added solution selling company. Of course, all the products, all the technology is still the core of what we provide, but we package and we combine those elements into predefined solutions. The reason we do this, we have been through a little bit before, but it's obviously to simplify and to make our technology more consumable and more understandable.
While we were talking about different products, different technologies in the past, when we were talking to our customers, when addressing the influencers and decision-makers with our customers and partners, it's the overall solution set that sets the tone going forward. This is also something that is reflected in how we have designed the business, how we have set up the overall structure of the company in the recent year. David will as well address that in a while. There are a number of benefits that we see from this transition. One is that we are able to have a much more clear and crisp positioning. We will not anymore be perceived as this multifaceted, multiproduct technology company, but more crisp with clear and direct solutions addressing specific customer challenges.
The other and as important benefit is that it gives us a better viability, an increased viability of the portfolio. We can address our R&D efforts into specific areas instead of continuing developing products as they stand alone. Finally, with this move, we believe that we have a good opportunity to also attract and target larger accounts. This is a important component as well of our growth strategy to increase our average sales levels and our average order sizes. To do so, we need to attract the larger accounts. Doing so is a hopefully good result of positioning solutions. With that, over to David for the next part of the strategy.
Thank you, John. When John had taken you through this presentation and started talking about our five pillars of our growth agenda. We've been through pillar one, our industry focus, pillar two, our Clavister SASE solution, pillar three, solution-oriented sales. Here we are now at the fourth pillar, which is consolidating to a recurring revenue model. Why isn't the presentation moving here? Sorry for the delay. Go. We are a tech company without a tech-oriented CFO, but that's, I think, that's what it is, really. Historically, our products, they have been sold on primarily a perpetual license model. Within our current portfolio, we have multiple products sold on different pricing models. This causes a bit of confusion sometimes, both for ourselves internally, but also for our customers.
As John have talked about, we are in a transition from a product-oriented company to a company who brings broad solutions to market. This is a very good point in time to also address how we package and price our solutions. What we're trying to do here is moving away from perpetual sales, from term-based licensing, utility-based licensing, and MSSP licensing, and transitioning that into term-based as a service revenues with the aim to move as much as our revenues as possible to recurring. The exception from this would be project-specific pricing models, for example, in defense. Looking at the fourth bullet here, that might require some explanation. What does introducing good, better, best mean? If I would talk to our solution team, good, better, awesome.
Today, we're having a 2-tier model where we bring two software licenses to the market in our, in our broad approach, and that is a base offering and a more advanced offering. When we have looked at peers in the market and also looked at research, we have come to the conclusion that a 3-tier model where we have a good, a better, and a best solution have the ability to capture more of customer needs, attracting more demand. We can also price this in a better way because what we've seen is that a 3-tier model have the ability to move more customers from the base offering to the more advanced bundles who are also then more pricey. This is we can then capture more demand, but also price it more attractively for both ourselves and the customer.
What are the benefits of such a transition? Well, moving to more recurring revenues, of course, bring more highly visible revenue streams. We can forecast our business better. It creates better stability. It creates a better baseline for growth. We also believe that a high proportion of recurring revenue creates more value for the Clavister shareholder. As we introduce new business models during the second half of this year, we will also enable auto-renewal of all our licenses, which is a difference from today where they require an active and manual renewal. With an auto-renew policy, of course, the renewal rate will be higher and positively affecting churn rates.
The only way to then stop a renewal is for a customer to say, "Well, dear Clavister, thank you for good services, but we are no longer requiring them." Of course, the renewal stops. The third benefit, which is a clear benefit for our customers, is that we will lower the upfront investment. Because as we are moving away from a perpetual license, which requires a high investment upfront and also a high investment in hardware, we are moving to recurring revenues over time, where payments are made over time. Similarly, also when introducing new business models, reducing the price for hardware, since we are not a hardware company, we're a software company that from time to time uses specific build hardware to deliver our software.
Those two initiatives combined will significantly reduce the threshold of buying and introducing a Clavister solution with the aim of positively impacting our sales and our growth. Recurring revenue, is that new to us? The answer to that question is no. Clavister have a large proportion of recurring revenues today, and we have had a clear ambition for several years to increase our recurring revenue proportion to have basically more recurring revenue. If we compare to the situation 2017, 31% of our total revenues were on a recurring basis, and that have increased to 54% by 2020. We have a proven ability and track record to grow our recurring revenues. We wanna go above and beyond 54%.
That, our conclusion to that is new business model and new pricing is required to significantly increase the recurring revenue proportion further. That is something we're committed to do. Looking at the fifth and final pillar in our growth agenda, and that is M&A. Clavister have done M&A in the past. Back in 2016, we acquired the IAM vendor, PhenixID, who is now a fully owned subsidiary of Clavister, and is that since 2016. We have very positive experience from that, mainly for two reasons. The acquisition brought good revenues, recurring revenues, and good profitability. Equally, or maybe more importantly, it also brought high quality identity and access management solutions that we take to market, as John have clearly described during his presentation, and also gave us the ability to incorporate them in more advanced offerings that we take to market going forward.
For example, in SASE, where identity is a key cornerstone in building that solution. Looking at more M&A, there are two characteristics that are of vital importance. We do M&A, it's important that it can contribute to our top-line growth and our EBITDA profitability, and/or add relevant technology, like in the PhenixID case, for example, where we can complete gaps within our solution offerings, where we can bring more advanced and better solutions to the market. With that said, we are actively now considering potential acquisition targets meeting those criteria. John, I think you are required up here again.
Absolutely. Thank you, David. Moving ahead, now we're sort of leaving the growth strategy part of the capital markets day presentation, and just compiling and providing our ambitions going forward. Again, as a summary, our clear ambition is to continue to accelerate the growth we have and improve the bottom line leverage as a result of the combination of growth and our high growth margins. With the recurring revenue that David spoke about earlier, we will have a larger and larger portion of our business that is more predictable, and that will drive a big part of our bottom line going forward. If we look at 2021, this is, again, what we have also included in our public reporting. Our ambition for this year is to outperform the underlying market.
As you've seen in some of the previous slides, there's quite many different perspectives of this market growth. Basically, to be a bit more precise, we say that we would like our net sales growth to increase this year over last year. Our ambition is as well to reach a level of EBITDA profitability which is sustainable. In the more midterm, we will continue to outperform the market growth, and over a period of three years, we would like to demonstrate a net sales growth on average of at least 20%, and demonstrating as well a free cash flow from 2022 and onwards.
We then look at the more long term, looking at the combination of the profile of Clavister, the margins we provide, and the OpEx trends we're demonstrating that David will talk about more later, there is nothing that will prevent us from also providing the profitability levels and the free cash flow levels as of the leading industry actors in this market. This is essentially the Clavister ambitions going forward from a financial perspective.
Great. Then move on to the financial perspective. What is our ambition? Our ambition is growth. Growth is not nothing that is new to Clavister. We have a growth trajectory, but our aim here is to, with the initiatives that we've been presenting during this capital markets day, is to tilt the growth trajectory upwards. If we look at the cumulative annual growth rate for order intake since 2017 and up to Q1 2021, it's 20%. The corresponding growth rate of net sales, it's 17%.
With that said, and the gap between order intake and net sales means that we're sitting with an order book that end of Q1 was SEK 30 million , and the majority of that order book to be fulfilled within 12 months and then converted to net sales. The order book that we're having today are supporting our growth ambition of net sales. As you know, we had a major or a largest contract win yet to date in Q1 with BAE Systems, where we are supplying the firewall cybersecurity solutions to their CV90 combat vehicle platform that they are delivering to a Western European army.
That is also something that is very important in fueling further order intake and future net sales, as the bulk of this contract will be delivered upon between the years 2022 and 2024. The transition to recurring revenue models introduced during the second half of this year, we believe that will have a very big impact on our ability to grow order intake and grow our net sales as we are taking more modernly packaging solutions to market with a better, more modern, and more attractive pricing. We believe that this will be an important component in driving a higher growth rate going forward. To deliver on this, we realized that we needed to refocus and reorganize our commercial department, and that transition was made during the end of 2020.
January 1st, we brought a new commercial organization to light, where we have focused all our customer-facing activities under the same leadership in order to streamline all our customer-oriented activities to fulfill our ambition of higher growth. In order to do all this and to deliver growth, we need to take good and attractive solutions and products to market. Meaning that a fairly large proportion of our generated net sales are translated into investments in R&D. What this slide shows is our total R&D spend in relation to our net sales. We had a build-up of R&D investments up until 2019, where they peaked at 38% of our net sales. We concluded that at such a high level of investment is not viable on a long-term perspective, as that was very costly.
We ran a couple of initiatives to ensure that can we leverage more efficiency out of our tech organization to deliver good products and good solutions, but at a reasonable cost level. The largest initiative taken was to reduce our number of R&D sites from three to two by closing our Umeå office and consolidating further in our offices in Stockholm and in Örnsköldsvik. This have led to that our investments in R&D dropped from 38% in 2019 to 26% of net sales in 2020. This is a level where we are comfortable of maintaining, because high investments in R&D is needed to grow to grow our bottom line or grow sales. We need to keep these investments under control to make sure that we also can leverage good profitability from these investments.
Then, of course, to generate profitability, growing top line and growing net sales is of course very, very important. You who have listened in to our interim report presentations for some while now will have heard this message many times over now, and that is that we very firmly believe that the route to profitability require high cost control. Again, comparing the years 2017 up to 2020 and compare how have our costs evolved in relation to our total revenue, this picture, I think, is very interesting. It shows that our costs, they peak in relation to total revenues in 2018 at 187%. At that time, a number of initiatives were identified in order to bring cost levels down. Closing of the R&D site in Umeå has been one such initiative.
Divesting our operations in China have been another. Thirdly, a continued focus on our costs at running on a day-to-day basis for making sure that we have a streamlined and efficient organization from which we can leverage as much growth as possible. Thanks to this, our total costs have fallen to 150% of revenues in 2020. One other important element here is to grow our gross margin and reduce our COGS costs. Again, compare 2018 to 2020, that has dropped from 34% to 13%. How have we then achieved this? I would say that this relies on two different initiatives mainly.
One is, since we are incorporating third-party licenses in our offering, for, if you look back from a historic perspective, those were on a royalty basis, meaning that a proportion of our net sales were then paid to the license holder. Meaning that we locked our gross margin at a certain rate and reducing it if we would then include other licenses as well. That was concluded to not be a viable way of working, and therefore we have worked continuously to converting these royalty-based licenses to fixed prices. which has been a very successful project, meaning now that lots of our COGS for third parties are fixed.
As we then grow our revenues, costs will not grow correspondingly, meaning that there's a very good leverage here for growing our business and converting a very high proportion of our sales also to increase profit. The second thing here driving this is that hardware is an important component absolutely for our delivery, but we are introducing more delivery options for, of virtually deploying our products and services, and also introducing more cloud-based delivery options. Meaning that as we progress, the reliance of hardware might lower further with a positive corresponding impact of our profitability. The balance sheet. As we are preparing for a transition to recurring revenue, a security-as-a-service offering, we know that that puts some pressure on the balance sheet. That is a fact.
That is a fact if we compare to other companies who have undergone the same transition. For us, it has been very important to prepare our balance sheet to support such a transition. Because we firmly believe that a transition to more recurring revenue will support growth, and it will be more value-creating for our shareholders. We need to be able to sustain that transition. If we look at a timeline between Q1 2020 to Q1 2021, what has been done?
Well, we have conducted a net capital raise, and that together with reducing our operating losses as we have had OpEx and COGS under control, that have led to a SEK 150 million increase in equity. We were able to repay a loan of SEK 50 million in Q3 2020, reducing the risk level then of our balance sheet and reducing our number of lenders from three to two. As said, we concluded a successful capital raise of SEK +200 million in Q4 2020, and by that then strengthening our balance sheet significantly. We ended Q1 2021 with SEK 111 million of cash balance. We have been able to reduce the cash burn from operations as we are increasing our net sales, and we have OpEx under control.
Our conclusion on this is that we have a cash position today that supports the transition to increase recurring revenue, and the moment to do this is now during 2021. Just to summarize, during this presentation, we have talked very much about our growth agenda, our aim to improve our leverage to grow our company and to grow it more profitable, and by doing so, increase the value for our shareholders. From that perspective, it's interesting to compare the Clavister valuation that you can see on the right-hand side of this presentation with relevant peers in the market, or we compare with our larger U.S.-based peers. The blue bars represent IAM vendors, and the black ones are network security peers.
We can see that there is a clear difference in valuation multiples between them and between Clavister. We believe that if we execute and properly do what we have set out as an ambition throughout this presentation, we can close that gap and move the valuation and put them towards the valuation of our peers, and therefore create more value for all our owners. With that, it's over to you, John.
As a summary, we've reached to the final slide in our presentation before we take Q&A. Just repeating some of the key messages that we had over this past 1+ hour . Again, this is a rapidly growing market. There are a number of key drivers, but some of the key ones obviously are the digitalization that spans across our industries, the 5G growth, the cloud efforts that are being made, and of course, the acceleration of all of these opportunities because of the COVID-19 situation. We've concluded that we have a very versatile technology. We are capable of deploying that in most IT environments or in any IT environment, really. You've seen examples of that as well, from cloud to even to cybersecurity products in vehicles.
We are trusted by some of the largest players in both defense and mobile and public administration reference across the Nordics, and especially within the European Union, with focus in the Nordics and in the German-speaking countries, there is a huge opportunity for us to address within public administration only. The technology is as good, in many cases, better than our global competitors due to the way we've designed and invested in this over these 20 years. The fact that we can be proud of being a proprietary Swedish brand, it's really ideal for the EU markets and for some of the mission-critical markets in general. As we've been demonstrating, the growth is happening, and we see ourselves going closer and closer to sustainable EBITDA profitability in the near term.
With that, I think we leave the stage open or the floor open for questions and answers for the next 15 minutes or something, or as long as there are relevant questions.
Yes. Yes. You just said what I was gonna say. I wanna remind you again that use the chat button or the Q&A button. Type the questions, and I will let you in. There's also raise the hand button you can use if you wanna tell the question on your own, which is good if you do. Thank you, John, and thank you to the audience for being here. First question, John and David. You have described the key move into security as a service model. How large is the transition from where you were last year?
I can start talking about this from an operational point of view, and then David can complement on the financial transitions that we're doing. It is on the surface a very big, and it's an important transition and move we're making. Everyone agrees that for the vast majority of customers, cloud is the future. This is not a transition that's happening for Clavister over one night. Obviously, we've been building a technology platform over so many years that support this transition. Already by, I would say, late 2019, and over the course of the beginning of 2020, we had initial customers, pilot customers running our services on a cloud-based basis, for proof of concept reasons and so forth.
It's really now over the past, I would say, past year, half year, where we have increased our efforts into this and when we're now taking this to market on a more official basis. Of course, it has a good attribute as well from the financial point of view and recurring revenue view.
Yes. Doing this transition will as we are selling contracts on various contract lengths. What we have concluded in, as we do the transition, the baseline for the new model will be either monthly or yearly recurring subscription models, meaning that we can And looking at where we are today, where many contracts are on three to five-year plans, that means that the initial investment by the customer is significantly lower, so it will be easier for us to onboard new customers. Of course, the cash flows and revenues from those contracts will be more linear during the course of the contract. That's also a big difference.
Yeah. Another big difference, obviously, is that when we're doing this transition, we can spend more of our valuable sales time into onboarding and recruiting or attracting new customers, and less so of retaining customers, as these new models typically entail auto-renewals and elements of the technology that motivates the customers to be a long-term paying customer. It's a lot of benefits of doing this transition, obviously.
Regarding the focus on the three main verticals, public administration, as CSP, and defense, what verticals have you stopped in investing in and moved employees to main verticals?
To give a little bit of a history description there or history journey. Prior to 2017, and prior to us starting the bigger transformation journey of Clavister, we were acting, I would say typically as any other startup company, basically trying to sell to whoever was willing to pay for your services. That, of course, entailed that we became very broad and very defocused. Already in 2018, as mentioned before, we started to down select into fewer customer groups, fewer verticals. By that time, we took a hard look on what were our main customer groups that we were serving at that time, but we did not provide a real outside-in strategic perspective on that. That was the first step.
The step we're taking now is really the next down selection to look at where we have the best opportunities and where our technology and our products and our solutions resonate the best with those customers. I would say that one of the historically larger customer groups of Clavister have been the mid, small side, and small-sized enterprise customers. They are still a very important end user group for Clavister. The way we approach them now and going forward is through service providers and through partners who are addressing those customers. The complexity again and the competition in the enterprise market really triggered a move towards this new type of selling model and us using service providers as the means of reaching those customers.
We will still see our products being used by many different end customer groups, but our own sales floor, our own marketing efforts is really down selected to these three verticals.
Looking at the hardware-software mix, orders, how should we assess the ARR mentioned in those?
I think that's a good question for David.
Yeah. If we look at our business now, we'd say that what we will be doing is reducing the pricing on the hardware, as we have concluded that what we bring to market is our own built software that is not the hardware itself is something that we source from others. Let's reduce pricing on the hardware to enable a shift where more of the value is placed on the software. The software will then be on an auto-renew policy, as we've been saying.
The recurring revenue proportion will, from that perspective, increase as we move more of the revenues to the part that is actually recurring and make sure that the hardware component is not something that is blocking a sale because it's priced in such a way that could be especially in certain types of hardware, seen as a bit steep, and preventing us from doing the sale of the software, which is what we have built and what is really the value creator here. More of the value will be shifted then to the recurring proportion of revenues. I hope that answered the question.
Moving on then. How will Clavister be affected by the Swedish government public investigation, SOU 2021:1, Säker och kostnadseffektiv it-drift, and with the new law that enters into force in January 2022?
This is one interesting example of one of the areas, one of the trends we spoke about earlier, where the breaches, the attacks and the geopolitical tension places much more awareness on these things, and this new proposed resolution is obviously one effect of that. If I recall it correctly, there are over 220 data centers being operated by public agencies just in Sweden alone. We have all seen in the past, over the past years, interesting types of data transfers to third parties, which has really, you know, brought this question to life and this topic to life. From a security vendor perspective, I only see this positive.
Obviously, that it raises awareness and it again puts the highlight on where is data stored, what origin is your technology of, and so on and so forth. When we address public administration, we typically do this through partners. Partners who are well, well-acquainted with the public administration legislation and all of that to get the best traction and get the best momentum in this market. In general, I only see it as a positive trend for us.
Going on to competition. What does your competitive landscape look like, and how many European competitors do you have to offer a similar software solution, and who are they?
Good question. I would say first on a macro level, our main competitors, which we meet on a daily basis, talking to, especially in the past, talking to enterprise customers, but also to a great extent with service provider industry. We're looking at the huge American competitors, such as Palo Alto Networks, Fortinet, Check Point, of course, to some extent Cisco, Sophos, those typical suspects you would see in the cybersecurity industry. In Europe, it's a little bit trickier to define the competition because as we alluded to earlier, there is really no world-class dominant single player as you would see in other parts of the market. A lot of small actors, we have a number of them, obviously in the Nordics, we have a number in Germany. Many of them are very niched.
I'm, of course, I'm biased in this, but I honestly believe that Clavister is one of the few or even the only one that has this comprehensive solution set. We haven't seen that in any other European vendor. To be proven wrong, of course, but it's my honest conviction that that's the case.
You have already answered this somewhat, to give you the background of this question, Clavister is very small compared to many of the competitors. How can Clavister compete with necessary R&D for the ever-increasing complex cybersecurity area?
Very good question. It's true, we are a small vendor. We are, however, a very focused vendor, we've built our solutions, we built our products, and we built our history from a very structured strategic investment in R&D. Most of our large competitors have built their entire solutions based on an M&A strategy, not alone, but M&A strategy being a very dominant and important part of their history. As a result, you get many dispersed technologies, many code streams to manage, many different integration points to handle, which is super complex, super advanced, and not necessarily efficient. That's one part of the puzzle.
The second part is really that the reason why we are driving our business towards these three key industries is because we know that our technology has attributes, our business model has attributes, and the entire market has attributes where we benefit. As David said earlier, we know that we need to maintain a higher investments into innovation and R&D compared to the industry benchmark. Just because of the fair size of the company, we need to be at the forefront. It's also natural to look at partnerships, to look at potential M&As, also in the case of Clavister, to continue to build and evolve our portfolio.
I think when we get asked this question by customers, the best response typically is to show other customers who have selected Clavister, and they've done so in favor over other vendors who typically have 10x R&D capacity of ours. We're humble to that. It is a fierce competition, obviously, but I think over these years, we have also proven that a small company can really build sophisticated technology solutions that are viable in really key industries.
Yeah. Adding a bit more to that question, because I think some of the answer also lies in the question itself, and that is Clavister is a quite small company. That means that we can also be, as John says, we can be focused in what we do because we can be more selective in to whom and with what solutions are we selling. Meaning that compared to very large peers in the market who need to sustain very broad, and as John said, complex and integrated solutions, we can be more lean in what we do since we are servicing parts of the market that we have actively chosen which serves us best. I think that is also a part of the answer.
I'll tie the Net Promoter Score that you mentioned before into this one. You mentioned it before, 59, which is above the competitors within the industry. What do you see is the reason behind such a good score?
Several reasons. I think it all boils down to the people really and the culture that we've been building over so many years. If we look, and this is another element where the smallness of Clavister, if you like, is a benefit. Where larger companies, larger competitors typically have come to a point where technical support, for instance, is being outsourced to a low-cost country somewhere where it's remote from engineering, remote from innovation, remote from development. It's not integrated third-party training facilities. All of those elements or something that we have deliberately stated and decided early on that, no, this is core competence for Clavister. Our support engineers are literally door to door, next doors with our developers. Our trainers, our pre-sale engineers, our salespeople are all part of our innovation culture.
When we bring all of that together, as a natural consequence, you get very engaged, committed team members. The customers, of course, experience that as a result, as very positive, very committed, and most importantly, very knowledgeable Clavister team members. As a response to that, obviously, the ratings are high.
One more question that has come in is typed in Swedish, but I will try to translate it. Does Clavister measure and compare the own picture of Clavister with and its products and solutions to market with how the customers and the markets experience?
That is something we do on a daily basis. Our pre-sale engineers, our solution owners, and our tech teams are in close contact with our key customers and to some extent, in some cases, with the broader customer audience to pick their feedback, to gather feedback. One very good example is what I just mentioned earlier with our SASE solution, our security as a service solution that's been deployed not as a big launch event, but as a slowly but surely launch taken to the market through pilot customers to proof-of-concept customers where we constantly iterate and get their feedback. Yeah, the answer is yes. We are as well, from a more formal perspective, we're being audited by our larger customers on a regular basis, be that Nokia or BAE Systems or Ericsson.
That really forces us to be on top when it comes to processes, routines, policies, quality, and so on. Yes, I think we have a good temperature check there.
In relation to the valuations, I believe that the relatively low insider ownership, both from management and the board, is a concern with a few exceptions. You could see it as management and the board are not really believing in the outline strategy. Are there any discussions to address this from a company perspective?
Well, obviously from a company perspective, we are not in a position to enforce people to buy. More importantly, we just launched a warrant program to management team and key individuals. This program was fully subscribed to, and it obviously reflects the management team's trust in our strategy and in the outlook we have going forward. I don't know, David, if you would like to add something more to that.
No, I don't have any more to add to that.
Another questions. You have reduced the number of employees in recent years. My question is, do you expect that this trend will continue in the near time, or do you expect that you will need to expand the workforce?
That question has been answered. Where are the major reductions? There are two. One is the consolidation of R&D activities to two sites. We closed the office in Umeå, which was mainly an R&D site, and with the aim to then gain more efficiency out of the existing tech team. They have also been reorganized, and I believe that has been a very successful endeavor with our also new CTO in place for a little more than one year back. The other one, other large initiative was the sell of our entity in China, which reduced the number of employees as well quite significantly. Other than that, it's more of refinement or streamlining of the organization.
It's hard to pick any specific large initiative, I would say. John, you need to help me for anything else, but I can't really see that. No, we don't foresee to reduce the workforce going forward. It's rather we believe that we have to a very large extent, the structure in place to drive more growth and to drive good R&D. It's rather selected investments in key talents within, say, tech or go-to-market to make sure that we are relevant in our R&D endeavors and that we go to market in a good way. We're talking of individuals rather than very large investments.
I think that summarized it very well. We, over the course of the past years, made a hard and deep look on the organization, what we could initiate in terms of cost savings to get a better balance. Going forward, again, alluding to where do we create the highest shareholder value, it's obviously from growth, and growth requires specific investments. The profile we have on our cost base right now compared to our revenue streams is a good balance. That's what we like to maintain.
Yeah. Maybe just to add one thing to that, to that answer is that to make sure that we have efficient teams, there are, say, competence outliers within technology that doesn't really fit in our larger core teams. Meaning that we have introduced a nearshore initiative where we, together with a consultancy company in Poland, sources for a very long-term perspective, key talents in areas where we don't have a key competence, but it's very important in fulfilling our technology roadmaps. That is a good way of making sure that we have relevant expertise, but also at a good cost. I think that is also a way of we don't recruit very niche competencies that can be hard to sustain because it's only one or two individuals.
That is a way of being more resilient, but also cost-effective in our sourcing of competencies.
Thank you. Sustained EBITDA profitability is a near-term target. How do you define this? Two consecutive profitable quarters?
I mean, in the end, it's about us reaching a level where we feel comfortable that we won't see any major dips going negative again. It's clearly a trajectory that we've been on for quite some time now. In 2020, we reduced our EBITDA losses with almost SEK 20 million, and we continue on that track. The key element in building shareholder value is growth, keeping costs in control, keeping cash in control, and to reach and just to demonstrate that profitability level is important, of course, but it comes as a consequence of growth. So that's in essence what we're doing.
Regarding recurring revenue, what is the average length of your recurring revenue subscriptions, or are they on a rolling basis?
It's really a combination. We could say that there are three major buckets. Let's look at value is rather than individual contracts, because I think that can skew the picture a bit more. This would be one-year, three-year, and five-year contracts as we're having today. I would say that a bit more than half of the value comes from one-year contracts. This is a bit of ballpark now, though. Then the rest would be quite evenly split between three and five years.
What is the churn on those contracts?
No, that is a very good question. To give a quite lengthy answer to that question. When I joined in October 1st, we have since a while back concluded that we need to update and refine the way we first define churn and also how we calculate churn because our systems have not been tuned in a way and data have not been structured in a way, both in Clavister and also in our subsidiary, that we measure this in a cohesive way. I would think this is a question to give a very clearly defined answer. That is a question we need to come back to.
Is there a way for you to increase the value of those contracts over time through upselling?
Absolutely, there is. This is again a benefit of us being able to provide multiple solutions to the same customer group. Typically what we see is customers starting with investing in a selected solution or a selected product from us. Over time, as they grow mature with that product or solution, their needs increase. We have an ability to upsell with additional solutions, with more licenses, with more users, more capacity or whatever the metric might be. It's really a multidimensional upsell potential.
I have actually two questions now. What OpEx items do you expect to scale on? Can we expect that you will continue to have a high share of incremental gross profit converting to EBITDA?
I'll start with the second question first. Yes, we believe that we can maintain a strong gross margin, convert that to profitability. Without adding lots of operational costs to extract more revenue, rather, finding more efficiency and leveraging the cost base that we're having. I would say what we have been looking at a lot is how we have reorganized the commercial department under same leadership to drive a clear focused sales agenda. As a consequence of that, looking into the roles where we see that in order to be successful in solution-oriented selling and in order to be successful in more direct customer engagements, there is a, you know, investment in training of our sales force to be successful in that.
Also redefining roles where more people get the responsibility of directly generating new business rather than taking care of a run rate channel, which will then be appointed to a select few. Do you wanna add anything to that answer, John?
No, I think that's a good summary. As business scales, I mean, the typical elements that always will follow from a cost and investment base is, of course, go-to-market. We have a good platform right now, but to scale the business much bigger, go-to-market investments will follow. We already presented the level of R&D investments which we feel comfortable of sustaining. Those elements are clear. We don't necessarily run a large operational team and no need to scale that. We have our administration under control and in good hands of David, obviously. Another element which we can keep lean to the benefit of sales investments, which clearly drive sales and generate growth.
Yeah. We don't need to go back to any slides, but we have seen a growth in our consultancy business. That, of course, I mean, my background is in consultancy before I joined Clavister. Of course, it's a quite close relationship between number of consultants and amount of revenue you can generate from that business. We have seen, you know, a build-up of orders for more consultancy services. Of course, to be able to deliver on that, the number of consultants will need to grow. They grow in a defined structure. The overhead of that structure is there, and then we're filling it with more productive consultants. That will scale quite well and gain better leverage from that structure, I would say.
Thank you. Actually, with this, I would like to conclude the Q&A session. I want to thank both John and David for the presentations and for this. I want to especially thank the audience for participating. Thank you.
Thank you very much.
Thank you.