Good morning. Welcome to the Q3 Report Presentation for Yubico. As mentioned at the start of the call, on the call today are Camilla, Yubico's Chief Financial Officer, and me, working as Yubico's Chief Executive Officer. And we'll start with a short recap of our company to give some background before we dive into the quarterly numbers. So, Yubico, we're active in the advanced multi-factor authentication sector. And, we're a proud hardware company. The core product that we have is the YubiKey. For the last 12 months, we posted sales of approximately 2.3 billion Swedish kronor, or about $220 million. We're about 470 employees. And in spite of us being a hardware-based company, we've been able to maintain healthy gross margins over the years, pretty consistently in excess of 80%.
And the reason for that is that most of our product offering is really the software that goes on the hardware. And there are typically two things that we want to highlight as the things that we're really proud of when it comes to our company. The first one starts with the product, of course, the fact that our product addresses a very real and tangible need for our customers. There's a high level of cybersecurity threats, and those customers that have been using our product have experienced zero account takeovers. So that's, of course, the foundation of our success. Based on that success, we've to date sold and deployed more than 30 million YubiKeys, and our focus has been on selling into some of the world's largest companies and organizations. We have about 5,000 business customers today.
As an individual and as a consumer, you're even able to buy our key online, but our focus is on working with large companies and organizations. Today, already some 30% of the Fortune 500 companies are customers of ours. To dig a little bit deeper and talk about our product, what is it that we do, and what problem does our product solve? If we flip to the next slide, please. Fundamentally, what we're selling is a key. A key is only helpful if there's a lock at the other end. Our key is used to ensure that there is no account takeover. It's used for safe logins to access data, information, and systems. We've invested a lot in making sure that our key fits into all the relevant locks out there.
It covers today the authentication requirements for that are found within a big organization or company, whether it's for remote access, whether it's for privileged access, whether it's used for different types of system access. We've spent a lot of time making integrations and building support for all the systems out there. We have developed what we like to call a Swiss Army knife type key, i.e., a key that fits into all the locks, meaning that a company can use this for all the authentication requirements within an organization based on the protocols or functionality that is on the key and the integrations that we have made with the different systems. The fact that we combine this usability and that it's easy for the user to use our product with the highest level of security, that's the foundation of our success.
If we talk a little bit more about the customers, on the next page, we can see a subset of our public references. It's worth noting, perhaps, that you see a lot of high-tech companies there. That's where we started our growth journey, working with the largest tech companies in the U.S. But today, we have a very broad composition of customers across a wide range of industries. To go from the visuals into the statistics, if you want to flip to the next slide, please. As I explained earlier, we can sell our product to a very wide range of customers, and you can even buy it as a private individual. But our focus in terms of our sales efforts to date has been on working with the largest accounts.
If you not just only talk about the Fortune 500, but instead the Global 2000, today, already about a quarter of them are customers of ours. That share has increased over time. Back in 2018, it was about 12% of the Global 2000s. Today, it's more than a quarter. However, our penetration among our existing customers, if we compare the number of keys deployed compared to the number of employees, is still very low. Typically, we start with a small subset of users, PAM users or call center or people with access to all the critical areas, and then we expand from there. So even if we've landed a lot of big accounts, the big opportunity is expanding within those once we've got our foot in the door, so to speak. We do have two different business models.
Camilla, we'll get back to that when we talk about the quarterly results. We sell on a perpetual basis, where we sell outright, sell the key, with a perpetual license without any additional cost to use any associated software. And we also have a subscription model. But no matter the buying model for the customers, we see a lot of repeat business and very loyal customers. And one example, one illustration of that is that if you look at our biggest customers, and what their repurchase pattern looks like every year, if we take a five-year perspective on that, pretty consistently, we see annual repurchase rates in excess of 100%. Part of that is, of course, because of that expansion that happens once we've landed a big customer.
But part of it is that they want to make sure that they have the latest version of the key, that they find out new use cases, and that they want to cover for employee attrition, etc. We've also diversified our customer base, as I mentioned earlier. We started out with high-tech, so five years back, about two-thirds of our sales was high-tech. In 2023, high-tech was still our biggest sector, representing almost a quarter of our sales. But this year, it's actually even been eclipsed by financial services, bank, and insurance companies, by a small margin today being our biggest sector. So, in summary, we have some very large accounts as our customers.
However, the journey has often only started with those accounts, and we see a lot of opportunity to upsell within the existing customers, in addition, of course, to continuing to attract new customers all the time. So that's a little bit of a background about our company and our business. And then, going into Q3 and some things to highlight. We feel that Q3 was a very strong quarter. We'll get into the details shortly. But high level, we feel that we've had strong growth in order bookings, which converted into strong net sales or revenue growth. And because we're able to maintain a healthy margin, healthy gross margin, and we have cost control that turned into a good profitability, and we were able to translate that profitability into strong cash flow.
So overall, we feel that this was a strong quarter, and we're very pleased with the results that we've got. We should highlight, as we did with the security advisory that we released on September 3rd, that there was a vulnerability that was found in our previous versions of our YubiKey. We rated this as a moderate severity vulnerability because you literally had to have physical access to the product for an extended period of time. You needed to rip off the plastics. You needed to apply advanced machinery, and in most cases, even know the associated password or PIN code, and then you could theoretically make a copy and then slip the original key once remolded back to the original user.
In reality, and this is definitely a vulnerability, and it shouldn't have been there, but in reality, I think very few customers saw this as a big security threat. We've been in contact with the major customers, and it's been a very moderate, or minor, I should say, impact. So it didn't really have much of an impact this quarter. Long term, it's, of course, very important that we're able to maintain both high security but also strong transparency when it comes to the security and the integrity of our products. So, another thing that we'd like to highlight, other than, of course, the financial numbers, is that we're seeing strong growth across a broad set of customers. So it's not just one geography or one sector or one specific customer that stands out. It's been broad-based. There are two sectors that were particularly strong during the quarter.
It was the public sector and high-tech, and it was broad-based among those sectors. One thing that we'd like to highlight is, as mentioned earlier, the majority of our sales is for enterprise use internally. But we're seeing more and more signs that our customers want to take our product to their end users, in particular among banks. It was released during the quarter that we've initiated a cooperation with the largest bank in Central and Eastern Europe, the largest bank in Poland, PKO Bank, who has now built-in support for use of FIDO and YubiKeys in their online platform and recommending their customers to use YubiKeys to ensure their accounts don't get hacked. This is, of course, a motion that we're really happy about. It's still early stage.
Didn't have a large impact on our revenue, but we're running now a number of pilots together with our customers to get to end users. That, to us, is the best route to getting to end users and consumers, working with customers and partners. Finally, on a more admin point, we have announced the nomination committee in preparation for the 2025 annual general meeting, but that, of course, didn't have much of a financial impact for the quarter. With that background, I'm going to hand over to Camilla, who will go through the details of what I feel is a solid quarter.
Thank you very much, Mattias. Yes, it feels quite strong when looking at the numbers. On the order bookings, we see a continued strong growth, 53% year-over-year growth, but in local currencies, even more, so close to 58%.
Notable is that subscription share is 15% of the total order bookings, which is the same level as last year. But of these $89 million we have in subscription order bookings, actually $62 million is related to renewals, so where we have customers that are now starting on their second contract period for subscription. On net sales, we also saw a good growth, as Mattias said. The order bookings are coming through to net sales. So we saw a growth year-over-year of 45%. And in local currencies, even 49%. Subscription share declined year-over-year, and that is due to that even stronger development within the perpetual customers. And we saw the subscription share declined from 14% down to 12% this quarter when it comes to the net sales.
On the gross profit side, we are happy to see that we have a stable gross margin of 81% this quarter. As you have noticed, we are around 80%-82% during the quarters here on the gross margin. On the profit side, we, despite that we are continuing investing in R&D and sales and marketing to secure also the business going forward, see a substantial improvement in the EBIT from SEK 16 million to SEK 111 million. Of course, that is related to the volume growth that we have seen this quarter compared to last year's Q3, which was an unusually weak quarter, we should say. Looking deeper into bookings, we see that here in this chart that the Q3 bookings is substantially higher than last year. Year to date, we see a growth of 61%. It's fairly even over these first three quarters.
So we grow from 1 billion 155 million up to 1 billion 862 million year to date in bookings. And as I said, this is the first year with renewals of the subscription contracts. And looking at the TCV, 56% of it is related to renewals. And year to date, there is 56%, I would say. And of course, we are happy to see that these renewals are coming through as a confirmation from our customers that they really have trust in our security solution and want to continue. The share of subscription bookings for this quarter is the same level as last year, as said. But year to date, we have increased the share, actually, to 18% from 12%. So that is positive.
And the order bookings this quarter came from a diverse customer base. Largest orders from public sector major tech companies. But we also see continued interest from European defense sector in the market here. And looking then deeper into the net sales as well, we see that year to date, net sales amounted to SEK 1.7 billion. And there was a growth now year to date close to 34%. Subscription sales represented 12%, versus 14% last quarter. And of course, this decline is then in share contrary to bookings development, as you see, as that we had actually increased the share year to date. But this that because we have the stronger development in perpetual and where we see the net sales coming through directly. And also that we have an effect of renewals, and which is not new revenue then.
We also see that we have larger contracts, larger contracts with longer contract periods. Also, we see that geographically, we see an increasing diversity. We see that EMEA and also Asia-Pacific is actually growing more than Americas and becoming a larger part of the total sales. On the ARR side, we have a growth of close to 15% compared to last year and are now running our subscription yearly value of the subscription portfolio of $293 million at the end of September. So this is measuring the value, the yearly value of our subscription portfolio at the end of the quarter. So it's kind of a, what is it, future-looking revenue stream with the current contracts. On our profit side, you see really a hockey stick here coming up on the rolling 12 months.
With the volume growth that we have now and the stable gross margin, really supports the growing profit. Now, leaving, as you see, the quite weak Q3 last year behind us, we get this increase in the rolling 12 months EBIT from SEK 360 million up to SEK 411 million, actually. We also have investments in the R&D and in sales, specifically, as we are a growing company and the need to continue to grow our organization and with our people. Our adjusted EBIT margin was 18.8% this quarter compared to 4% last year's quarter. You see here also looking at the EBIT, and that's we have adjusted EBIT, and we have the EBIT.
And this is the quarter, the only quarter we have had, Q3 last year, where we actually have one-off item that is related to the merger between ACQ Bure and Yubico a year ago in September last year, where we had some transaction-related costs, a total of SEK 93 million that is included in last year's EBIT, which was negative of SEK 77 million. We mentioned the LT program we have, the PSUs here, because it is kind of a cost increase. This program was launched in June. We commented it also in last quarter's report. This is the first quarter where we see three months' effect of it. And the reason why we commented is that it's the impact is higher due to we have our own financial targets as measuring the performance of this PSU program instead of having the share performance as target.
And thereby, the cost that you were recognizing is three times higher, approximately. And with this, we also saw an unrealized currency effect of -$9 million in this quarter. The first half of this year we have had quite minor effects from currency changes. And finally, looking at the cash flow, which is also a nice story, as Mattias said. And as you remember, we have talked about during last quarters that we are investing in our inventory. We started to build up the inventory from a very, very low level, 2022, and during 2023, and up to Q1, actually, this year, to both reduce the risk we have in the business when it comes to critical components and if they would just have a hiccup when it comes to deliveries. So that's the dark blue part of this chart.
But also as a growing business, we also need to make sure that we can deliver quickly when we get large orders. So we have strategically built up the inventory during these last quarters. But as you also see, we are now continuing the downturn of the ratio between the inventory levels and the rolling 12 months net sales. So we had the peak in Q1, 30%, declining Q2, 29%, and now we're going down to 28% at the end of this quarter. And the net working capital, changing working capital, is negative this quarter, SEK 74 million, except from that we also increase our inventory in absolute numbers this quarter as well. We also see growing accounts receivables due to strong billing.
But and we also see effects of subscription contracts that we have been invoicing earlier this year that we are now recognizing the revenue and having a negative impact on the cash flow. But despite those things, we see a strong operating cash flow of $67 million. We have a cash and cash equivalent position, which is strong, $727 million. Net cash at the end of the period, $676 million. And thereby, we have some interest-bearing liabilities of $51 million, where $22 million are office leases. And the rest then that's an external loan that we have, which will be amortized in full during December. So that is pretty much the financial numbers for the quarter. And I leave back to you, Mattias.
Thank you, Camilla. Just to wrap it up real quickly. So what's going on here?
I think we've delivered solid growth for consecutive quarters now. And that's, of course, driven by some tailwind in the market. The cyber threat level is very high. And as I think I was able to highlight earlier, we do offer a solution which is a very tangible and cost-efficient way to mitigate one of the major threat vectors when it comes to cybercrime. Again, to repeat myself, when you look at meta studies of cyberattacks, you'll find that in 80% of the cases, compromised login credentials was a critical factor. So by ensuring that you have strong MFA, you are addressing one of the major cyber threats out there. So that's kind of the underlying market dynamics that are working in our favor. That's even faster propelled by the AI-enabled attacks that we're seeing on a broad basis now.
As I highlighted earlier, the bulk of our revenue and our focus when it comes to sales remains internal enterprise use. But we find it very encouraging that our customers are now, in an increasing number of cases, taking our products to their end users. That could be an important revenue source in the future and an important way for us to even help individuals and consumers uplevel their security. Part of that too is that we're active to ensure that we can not just protect logins, but even protect users. To do so, we need to cover the full lifecycle of a consumer. That's the lifecycle, the efforts that we're making when it comes to different projects for identities, especially in Europe, where we're working with the EUDI Wallet initiatives.
And finally, I'd like to highlight the fact that we have started our structured CSRD work, more to come there. Of course, fundamentally, we feel that our product does have a positive impact in protecting identities and making people safe online. But of course, we want to review our business and see how we can ensure that we run our business properly from an environmental, social, and governance perspective. More to come there. I think we've built a solid base for future growth. We're quite happy with the quarter. With that note, we'll open up for questions. I believe we'll start off with some of the questions from some of the people standing in line, wanting to ask questions. Over to.
If you wish to ask a question, please dial pound key five on your telephone keypad to enter the queue.
If you wish to withdraw your question, please dial pound key six on your telephone keypad. The next question comes from Joachim Gunell from DNB Markets. Please go ahead.
Thank you. Good morning and good evening, Mattias. So our favorite topic on these types of calls tend to be how the current quarter has started. So I'll give it a shot. I mean, we're halfway into Q4 now. Q4 was a very strong quarter last year on bookings and to grow versus that higher base, of course, our main question here. So just take us through what gives you confidence to actually grow the bookings versus that higher base and tougher comparables. And then perhaps also discuss the pacing of Q3 bookings momentum, how that progressed on a month-over-month basis throughout Q3.
Thank you, Joachim.
As you know, we don't provide guidance on a quarterly basis. And as you also noted, we did have a record Q4 last year. I think we reported in excess of 80% growth that quarter, which means that the comparables look much more challenging. On the positive note though, as we just talked about, the market trend is definitely working in our favor. And I would say that given that we have, again, a very broad-based growth in Q3 across several different geographies, industries, and customers, and we see a lot of repeat business from existing customers, that should set us up for continuing on a growth trajectory. So I'm optimistic about our ability to continue to deliver growth.
That's helpful.
Taking a step back and looking a bit forward here, Microsoft Entra enablement of FIDO2 passkeys as of January 2025, in my world, that is a true hurdle remover for a potentially very large user base of organizations to go from good enough security with apps to also step up their game with YubiKeys. Can you just provide some quick thoughts whether, I mean, how you envision that opportunity unfold for you, both in the short term, but also long term?
I agree with you. This does help. I mean, the most common use case for YubiKeys, which is used, as I mentioned, across a wide range of server operating systems and devices, but it's no secret that the most common use case is in a Microsoft environment.
The fact that they're issuing this mandate, these mandates, and that we're seeing a growing realization that security, to have strong security, you need strong MFA. This does set us up for growth. I mean, there's nothing new when it comes to the security level, but it's more the fact that now it gets easier to implement our solution. There's a stronger realization that a solution like ours is needed. So this is definitely an enabler for continued growth. Microsoft is a huge company and it's difficult to always know where they're heading. But this to me indicates that, yeah, this is definitely a positive development from our perspective.
Encouraging.
The final question for me, coming back to a topic we've also discussed, but you have a very healthy balance sheet here and the cash flows also compounding nicely here. So can we discuss just the ongoing M&A appetite and the consolidation amongst U.S. cybersecurity players? I think like two companies were out just in conjunction with the Q3 results announcing a potential sale of the businesses here. So just talk a bit about your thoughts on the best possible uses of this capital you have in the business, whether that is to invest more in the business on an organic basis, or instead some sort of dividend or buybacks, or even potentially like pursue M&A to take a step up in the value chain, or what would the dream acquisitions look like for Yubico?
Sure.
I'll try to address that question. As you know, we have a stated policy that we won't pay any dividends for the foreseeable future, and the reason for that is, of course, that we see a lot of growth opportunities in the market. Whether we're going to execute on that based on organic growth or through strategic acquisitions, a little early to tell, but we're definitely analyzing how we can grow our solution to help our customers based from the stronghold that we have. I may have mentioned on earlier calls that our customer, the feedback we're hearing from our customers is that once they've implemented our product, they don't have a problem with compromised logins. However, what they're really looking to do is to protect their users, and to do so, we need to cover the full lifecycle of a YubiKey deployment.
So there are a number of opportunities as we to expand our footprint there, either through organic development or through potential acquisitions. But we'll have to get back to you with a more firm answer on that, Joachim. But I agree with you, there's lots going on in the market. We have a very solid balance sheet and we shouldn't, there's more growth to be seen.
Thank you very much. That's all from me.
The next question comes from Predrag Savinovic from Carnegie. Please go ahead.
Hi, Mattias, Camilla, and Alexandra. Can we discuss the PKO Bank partnership? You've mentioned it two times in your presentation, but you also mentioned potential others as well, during this call so far. Do we have others which have not announced? Do we have other potential banks or insurance companies that are in the pipeline due to be launched soon?
How should we think about this?
Sure, Predrag. So with PKO Bank, Poland's largest bank, what's really nice about that was that they were very public with this initiative. It's a little hands-off though. I mean, they've built support and they're recommending their customers, but it's really left with the individual users to decide on what authentication method they want to use. So it's not exclusively using YubiKeys in any shape or form. So the story is really that when we look across the different bank pilots and projects that we're running right now, they all look very different. Some are only targeted on specific high net worth individuals or commercial users. Others are more broad, like the PKO Bank initiatives, and others have identified a slightly larger set based on kind of a use case where they want to start testing this.
Again, what's nice about PKO Bank is that it is a very public case and they're referenced that way. For the others, we'll have to get back to you on the deployments there. But we also, over time, want to standardize our offering there because what's important is, of course, that we see a success as this gets deployed, that we have high pickup on the customer side and that they get a good user experience. We need to be a little directive to make sure that you identify the right users, that you offer a good UX to support the customers as they uplevel their security.
Right. But it does sound like you have other partnerships in place which have not publicly announced based on how those contracts are structured.
Correct.
Okay.
The EU NIS2 Directive and the U.S. National Cybersecurity Strategy, do you see this supporting you already now as a tailwind, or can this be a further catalyst for bookings going forward when these respective organizations announce a firm roadmap or process? So we conclude this is how cybersecurity process should look like. And will that trigger more deals for you, do you think?
I think we're already seeing tailwind and I expect to see more tailwind. Sorry, that was. I was interrupted there. So we already see tailwind from it, and I think we'll see even more tailwind from what's going on on the regulatory side. However, there's no one silver bullet there. It's more kind of a general, increased awareness of the need for strong MFA and the resulting regulations and recommendations.
It's not just one piece of legislation which makes the world of difference. It's kind of a general motion that is driving demand within our segment.
Okay. Very clear. And finally, on pricing, what is your strategy on making increases here? I always thought of YubiKeys being a high-value product that offers a lot of bang for the buck. And considering the growth you have in, I mean, bookings and sales, are you offering this a little too cheap maybe?
Historically, what we've typically done is we haven't done, with a few exceptions, any type of inflationary adjustment on the pricing. We typically like to increase prices when we offer more functionality or a new version. So, but the even more important part is wanting to make sure that our customers buy the more advanced products.
As you may be aware, we have a single protocol key, which is competitively priced because that's more open to competition. But when it comes to our more advanced versions, including the certified versions, there, it comes at a higher cost, because of the higher functionality and the higher certification you have there. The other part of that is that we want to develop our subscription offering to make that the enterprise-grade product. And that comes with offering unique functionality and services that are only offered on a subscription basis. I'm not saying we're going to abandon our perpetual sales, but we want to make sure that we develop our subscription offerings and more enterprise customers realize that that's the most, that delivers the highest value to them. That offers an opportunity for us to adjust our pricing.
Very good. Thank you very much.
Thank you, Predrag.
The next question comes from Erik Lindholm-Röjestål from SEB. Please go ahead.
Good morning. I wanted to follow up on Joachim's question to start with on growth rates. This year has been strong, of course, 62% organic order growth year to date. And comp next year will definitely be tougher at this. But I mean, in the light of this, do you think you can sort of sustain your long-term growth target next year as well, or will this be tough to achieve? Thank you. I'll stop there.
Thank you, Erik. As you say, this is arguably our fourth consecutive quarter where we're reporting strong, really strong growth. Of course, the bar goes up. However, I feel that given that it's a very broad composition of geographies, segments, and customers, I don't feel that this is a one-off.
So I see no need for us to revise our long-term goals based on the fact that we've had higher growth now, for a rolling 12-month period. So I think we're able to continue growing and no need really to revise the long-term growth targets recently.
All right. That sounds encouraging. Then on the subscription offering, you talked a bit about maybe making some tweaks to sort of accelerate growth here. Can you perhaps, I mean, growth has been a bit slow there. Is there anything you can mention in particular that you're doing to, yeah, tweak this offering and make it grow more again? Thanks.
So there are two sides of that. One is short-term, the share of subscription, compared to perpetual sales is to some extent determined by the segments that are strong in a particular quarter.
Even if it was broad-based, we highlighted that in particular public sector and high tech was strong this quarter. When it comes to high tech, unfortunately, we haven't been able to convince a lot of our more traditional high tech customers about the value of buying it on a subscription basis. So there is some customer composition part of explaining the subscription sales pattern. However, like you say, for this to be more attractive, we need to offer new functionality. To date, the only unique functionality which is only offered on a subscription basis is the integration we have with Okta, enrollment or pre-reg, as we call it. Over time, we will develop more features and functionalities which only lends itself to sale on a subscription basis.
And another important part of that is that we want to be a partner as we sign up a subscription customer, making sure that we assist them with a successful deployment and management of the installed base. So that goes beyond the pure physical product and the core functionality there, kind of lowering the thresholds and making sure that you have a successful and speedy deployment, enrollment, and maintenance of installed base. So we want to add the software and services part of the subscription offering too. More to come there, but I agree with you. We want to go down that journey, but it should be based on what the customers feel that this is the best way for them to get the highest value.
Okay. Sounds encouraging. Final question from me.
I think you touched on this a bit, but I mean, your EBIT margin has been around your midterm target now for two quarters in a row, and you're growing very steadily. I mean, is there anything that indicates that you sort of wouldn't be able to sustain this level going forward, or do you have any major planned investments co ming up? Thank you.
So, as I think Camilla highlighted, we did not capitalize any R&D cost during the quarter, and we haven't done so in the past either. So our investments in the building our product in the future are really charged as cost today. And we want to make sure that we maintain our R&D spend at a level which sets us up for success long-term.
I think we're at a level which is pretty good there, but we may even increase that a little bit. When it comes to scaling, yeah, G&A has pretty consistently been going down. Sales and marketing has been a little bit more stable, and it probably will be stable for a little time, but over if you take midterm, so in a couple of years, I think there's opportunity for us to drive down our sales and marketing cost as we were able to explore indirect sales model more effectively. Today, most of it is direct. So, I don't see any reason for why we shouldn't be able to maintain our margins. I, similar to the earlier question by Joachim, there are also some adjacent markets that we may want to explore, and then it comes in two different ways.
Either it's organically that we develop this, which may require investments, or that there's an M&A track for, for getting specific functionality or specific competence. But yeah, we'll have to get back to you on that.
Great. Will be exciting to follow. Thank you.
The next question comes from Thomas Nielsen from Nordea. Please go ahead.
Hello, and thank you for taking my questions. I have two questions. First, in this quarter, we saw increased sales in EMEA and Asia Pacific. Can you elaborate on your strategic priorities in these regions, and are there any particular industries or partnerships that you're targeting? And second, your inventory levels came down to 20% of last 12-month sales. What would be a long-term level you would like to see in terms of inventory as % of sales, and when do you expect to get there? Thank you.
Thanks, Thomas.
I'll start, and then I'll ask Camilla to help me out on the second question. But to start with, our go-to-market approach in EMEA and APJ, as a reminder, we are pretty much exclusively working with a two-tier channel model, which means that we do have salespeople who engage with the bigger customers, but all businesses run through the channel. We found that that actually has worked out really well in certain markets where you get a reinforcing effect as you start working deeply with some value-added resellers. The most obvious example is within the German automotive industry, where we started working with our great customer BMW a long time ago, and our channel partner there is now very active in making sure that we expand our reach in that market, which we're super happy about.
So we want to do more of that, making sure that we identify the right disties, but also the right value-added resellers, and become better at enabling them more quickly. So, that said though, we also want to make sure that we have sales reps that are able to work directly with the customers, because the big deployments that we have and the big customers we have typically are complex enough for us that it makes sense for us to have a direct involvement. But we want to make sure that we can enable our partners to cover most of the customers, what we call the commercial customers, without any direct engagement from our end. So I think that the market is really working well. Sorry, that model is working really well within the DACH market.
We're seeing a lot of growth now in the U.K. and in France. I'm more of developing that model is how we think about approaching EMEA and APJ. So that's the first part of the question. The second one, yes, as Camilla explained, we did proactively build up our inventory levels, both on components and ready products to ensure that we have security in terms of our ability to deliver and also to be able to deliver for large deployments on short notice, and as Camilla also mentioned, we have seen that level, even though the absolute numbers are still growing in terms related to the last 12-month sales, it's actually come down a little bit.
We don't have a specific target for that, but rule of thumb, Camilla and I feel that we probably should be in the 25%-27% range long-term. There are individual quarterly swings based on large deliveries of components, whether they happen early in the quarter or late in the quarter. So it's not, right now it seems like a very smooth journey down. There could be individual swings there, but I think we're still a little high, but it's not nothing, no real major level changes that I anticipate there, but perhaps it should come down a little bit. Camilla, I'll hand it over to you for more details there.
Thank you, Mattias, and I think you covered it very well. It's not much more to say, actually. Absolutely. We'll continue the journey downwards.
might vary depending on how, especially the net sales in the quarter, or certain shipments, timing effects, etc. But continue downwards, but just a couple of percentages perhaps. We will absolutely prioritize that we have the ability to ship and meet our customers' demand and also for larger orders where they need a quick deployment.
Okay, thank you very much.
Thank you.
The next question comes from Joachim Gunell from DNB Markets. Please go ahead.
Yeah, hi again. Just a quick follow-up on. You've provided this on a quarterly basis, the number of keys sold in your presentation material, and then this was, I think 33 million here, to date in Q3.
You had the number 32 in your Q2 presentation, and I would assume that there's some rounding here, but when I look at your bookings number in relation to that, what the incremental new keys sold, it would imply that there is a step up on either the value that each new key brings in relation to where it has been in recent quarters. So are you seeing what it allows? I mean, even if you aren't raising prices the way you, I mean, answered Predrag's question, are your customers going for more advanced solutions from you? Are you seeing any such trend here, or am I reading too much into this figure?
Thank you, Joachim. Quite frankly, I think unfortunately you're reading a little bit too much to it. This is more as an illustrative number.
The fact that we've only adjusted it by one, there's some rounding out there, and maybe it should be plus 34. It's a plus in front of it. It's only a level where we're definitely sure that we're not overstating it. That said though, there is a long-term trend of our customers going for the more high functionality and therefore more costly versions of our products. We have seen an average sales price increase long-term, but I wouldn't infer it from the overall number. That's more illustrative to show kind of the impact we have in terms of how big the deployment is.
We'll have to talk about whether we should be more precise in reporting that number or whether we should be even more, let's say, rounding off and have it at the nearest 10 million, because we don't want people to draw too many conclusions on that number on the overview page. So apologies if we've caused some confusion there.
No worries. I'll go back to sleep. Thank you.
All right.
There are no more questions at this time, so I hand the conference back to the speakers for any written questions or closing comments.
Exactly. And Mattias, do you have?
Yeah, there are a number of written questions. Maybe we should read them out and take them one by one.
Yeah.
Start from the bottom. So the first one says, congratulations on a strong Q3. Thank you. Two comments.
Could you confirm that the negative EBIT results is only driven by the 68% dilution due to Bure acquisition? Camilla, do you understand that question? The negative results?
I can say like this. I think this is a mix-up of two parts perhaps. The negative EBIT, in Q3 last year, yes, that is driven by the transition, the transaction costs. Perhaps this is related to EBIT per share. Looking at adjusted EBIT, and EBIT per share, yes, the increase in number of shares, that is totally related to the dilution in connection with the merger when quite many more shares were created or issued.
Great. Thank you, Camilla. Second comment, we would like to congratulate you on releasing your cryptographic library. This is a huge de-risk for industry who might be affected by industry-wide issue, and the Yubico product would stay immune.
We believe this aspect is not well understood by investors. Thank you. I agree with you. I think it's really important that we have a robust, secure architecture, and this is part of that effort to make sure that we're in control and on top of all the risk factors that are introduced by suppliers and making sure that we understand the risks that are associated with our product. So, I agree with you. This is an important feat. And then we'll move on to the next question, which is in Swedish language. Congratulations on a strong quarter. Thank you. Given that this is your first year as a publicly traded company, as commented today, you have a pretty high level of volatility and fluctuation when it comes to cash flow, inventory, and working capital. How would you want to work?
How would you want to work with this going forward? And would it be suitable to set explicit targets around these measurements to increase the visibility and transparency as a fast-growing company? I hope my translation was okay there. As you know, we only have communicated three long-term targets. One is on the growth, that it should be long-term at least 25% growth on revenue and 20% on profitability on EBIT level, and that we're not planning to pay any dividends for now. We agree that it does make sense for us to be perhaps a little bit more explicit about certain aspects of our business, because we realize that we are new as a publicly traded company.
I think when it comes to setting more detailed targets is probably not the right way forward, but I want to make sure that we're transparent about how the development looks and what you should read into it. I think you highlight cash flow, inventory, and working capital are definitely areas where we need to up our game when it comes to how we provide that transparency on what to read into the numbers. I think, however, from my perspective, Camilla did a pretty good job in explaining that just now. Please feel free to provide input with us on how we can improve in how we communicate so that you can understand our business.
Just would like to add, one aspect there also when it comes to the working capital, the inventory we have talked about, but the other part there is, of course, related to customer receivables and also then our deferred revenue, related to large subscription contracts. As we are addressing the enterprise market, especially and working with the largest customers that you have in the world, and then of course, we see some of these large contracts, and when we do those billings at the stage as we are now in the size we have now, then that will have timing effects on our balance sheet and our cash flow.
We try, as Mattias said, to be as transparent as we can when it comes to describing, but it's very difficult for us to, yeah, set a model for how this should be looked at, going forward. Of course, over time, increasing the portfolio of subscription contracts, a bigger portfolio of more customers, etc., etc., then this will even out over time, and therefore as we grow, I expect it to be less fluctuating. But where we are now and the coming years, I expect that we will continue to see these timing effects over the quarters, which are very difficult to foresee, and as we don't really see that we have any specific seasonal effects in this either. It's more timing effects.
I'm sorry. Sorry, let's make sure we're transparent, but I don't think it makes sense to provide guidance on those metrics. Great.
The next question is, why did you not make the market aware of the hacking incident when it was first made aware to you in April 2024? I understand the question as the security vulnerability, because I'm not sure that anyone really got hacked, but there definitely was a security vulnerability in the product. The reason for why we didn't go public, as we first learned about this, just to take a step back, this is an industry-wide vulnerability that was because of a vulnerability in the Infineon chip. So the first ones that were notified about this vulnerability was, of course, Infineon, and they notified us once they've, and I think we even heard directly from the hackers, sometime after that.
And then there was a process of establishing whether this was a real vulnerability or not, and then we went through what's called a responsible disclosure process. Now, there are, depending on the severity of the vulnerability, the process looks different, but we followed a generally accepted industry-wide process for making sure that we could mitigate any negative effects as much as we could. And of course, I mean, theoretically, we could have gone live as soon as we found out and communicated this, but that would effectively have meant that we couldn't be part of any responsible disclosure process in the future because people wouldn't trust us anymore. So, yeah, long story, long answer to a short question, but yes, we did abide by a responsible disclosure process, which was set by the supplier that was experiencing this vulnerability in this case.
I'll move on to the next question. Given that, that this was your first quarter with subscription renewals, what was your retention rate as a percentage of contracts which were eligible for renewal? How much churn do you expect from subscription contracts? To be clear, this was not the first quarter where we saw subscription renewals. The first subscription was actually happened back in 2023, in Q3 and Q4 2023. However, we are seeing contracts coming up for renewal, and it's overall we see a very high renewal rate, but in some cases, the user population or the use case has changed. So we have seen a few cases where the user population went down because simply the number of employees had decreased quite significantly. We had one instance of that in Q4 2023.
On the other hand, in I think it was in Q1 2024, we had an existing customer that made an early renewal and expanded the user audience. So you saw a renewal, but it's but an expansion at the same time. Overall, there are only very few customers that haven't renewed their contracts, and in most of those cases, it is because they have been part of some M&A activity and that they're moving to either a different authentication solution or that they want to convert to outright buying the keys because of policies within the merged entity. Those are relatively rare and few. So we see a very high renewal rate of our subscription contracts. I don't have an exact percentage, but we see a very high renewal rate of our subscription contracts. I don't know if you want to add anything to that, Camilla.
No, I think it's crystal clear.
Great.
The final one, I'll hand over to you, Camilla, fully. Actually, there's one more, but the next one I'll hand over to you. How is your bookings metric defined? You define it in your report as total value of bookings received during the period, but this doesn't actually spell out how bookings are calculated.
Okay. Yes. And this is the total contract value we have in the contract, signed with the customer, and we are booking the total contract value, the period where we actually have the signatures on. So then what we take, when we take the booking as such. If there are options or so, we are not recognizing them as bookings until we have a confirmed extension or usage of an option, and then that's a new booking.
That means also, of course, that for subscriptions, we take the full booking value, the full contract value, over the time of if it's three years or four years or five years. Therefore, it's quite, could be quite high, and thereby also taking quite some time before all that value is actually turned into revenue in the P&L. I hope that answered the question.
It did for me at least. Hopefully it did. Final question, that of the written questions that we've got. European sales have now grown quicker than Americas for the last two quarters. Do you expect this trend to continue? Is Europe growing quicker because it is a less penetrated geography than the U.S., or is this a transitionary impact from the NIS2 Directive? Correct.
We see European sales growing more quickly than sales in the Americas for the past two quarters, and if you take a look at an even longer time period, say five years, that is also very much the case. I do expect this trend to continue. I think the biggest reason is because we're seeing very similar threat levels in Europe compared to the U.S. and Americas, and our penetration is much lower in Europe, so as we build up our ability to sell and deliver in Europe, it's realistic over time to think that we would get similar, say, penetration levels in those different markets because fundamentally the threat level and the technology used is very similar.
I don't, of course, there are some directives and there are some initiatives when it comes to regulation that drive particular deployments and use cases, but overall, I would say it's part of a broader trend with an increased cybersecurity threat and the fact that our product addresses an important aspect of that, and, and we are less penetrated in Europe. So I expect this trend to continue. I don't know if you want to add anything to that, Camilla.
No, I agree with you fully there, and I, I don't have anything more to add. Thank you.
Just one final comment from me. A market where we have even lower penetration is Asia-Pac. So that is one where that should grow at an even higher growth rate going forward. At least that's, that's our ambition. Right.
I think that wraps up the written questions, and we're four minutes past the hour. So unless there are any final questions, I think that's a wrap. Thanks everybody for listening in. Looking forward to connecting at least in three months' time when we'll deliver the full year report. Yeah, that's a wrap for us. Thank you so much. Thanks for listening, and let us know if you have any questions and you can reach out to us always, and we'll try to respond to it as quickly as we can. Thanks so much.
Thank you very much.