Joining us for Plurilock Security 's conference call to discuss its financial results for the quarter ending June 30, 2025. I'm Ryan Freemantle from Safi Capital, and we handle Plurilock Security Inc.'s investor relations. On the call today, we have Plurilock Security 's CEO, Ian Paterson, and CFO, Scott Meyers. During the call, all participants are in listen-only mode. Following the presentation, we will conduct a question -and -answer session. We encourage you to submit your questions through the Q&A tab at any time, and management will answer them following their prepared remarks. Before management discusses the results, I'd like to remind everyone that certain statements in this call may be forward-looking in nature. These include statements involving known and unknown risks, uncertainties, and other factors that could cause actual results to differ materially from those expressed or implied in our forward-looking statements.
For caveats about forward-looking statements and risk factors, please see Plurilock Security 's MD&A for the quarter ending June 30, 2025, which can be found on our company profile at CDER Plus. Unless otherwise stated, all dollar amounts referred to in this call are Canadian dollars, the company's reporting currency. I will now pass the call over to Plurilock Security' s CEO, Ian Paterson. Ian?
Thanks, Ryan. Good morning, everybody, and welcome to Plurilock's Financial Results Conference Call for the Second Quarter of 2025. I'm Ian L. Paterson, CEO of Plurilock. Today, as we review the quarterly results, I will provide highlights along with a business update. Then we'll go through some financial performance, and finally we'll conclude with the prepared remarks by discussing our outlook, and we will leave some time at the end for Q&A. Before getting into business specifics, I'd like to give a high-level overview of the global cyber threat environment. In the second quarter of 2025, organizations faced nearly 2,000 attacks per week on average, up more than 20% year-over-year, and close to 60% higher than two years ago. Europe saw the sharpest rise, reflecting geopolitical tensions and regulatory fragmentation, while North America experienced a 20% increase in weekly attacks.
These incidents are being driven by AI, nation-state actors, and supply chain vulnerabilities as cyber criminals continue to target high-value and highly visible sectors, including government, education, and manufacturing. In this environment, cybersecurity is a boardroom and national security priority. Plurilock remains focused on meeting this rising demand with real-world solutions and a more selective strategic bidding approach, serving organizations across North America and NATO-aligned markets, where the cost of failure is simply unacceptably high. We have a healthy growth pipeline built on longstanding relationships, partner collaboration, and targeted business development, with line of sight to second-half activity benefiting from seasonal budget flows and ongoing strategic initiatives. During the conversation today, we will be talking about two interconnected business segments. Our Solutions Division provides technology and cybersecurity products through an extensive network of partners and customers. It also serves as a key entry point for our Critical Services.
Secondarily, our Critical Services consists of a specialized team that delivers tailored cybersecurity services to help clients address security challenges and build long-term resilience. Here's how we're positioning Plurilock for the next phase of growth. To better reflect the full breadth of our capability and our focus on mission-critical cyber challenges, Plurilock is now clearly articulating its identity as services-led, product-enabled, and AI-native, a delivery framework that defines how the company operates and delivers positive outcomes for clients. Plurilock 's unique positioning at the intersection of critical infrastructure and Critical Services enables it to mobilize rapidly in support of federal, enterprise, and defense sector clients. Critical Services has become our core growth engine since its launch a couple of years ago. It carries higher margins, creates long-term client relationships, and positions us as a trusted advisor on compliance, security architecture, and technology integration.
Our strategy is to grow these engagements into recurring managed services while adding adjacent high-value offerings that deepen customer relationships and boost profitability. Looking ahead, we are scaling this model internationally, building on our track record with Canadian and U.S. federal clients to pursue NATO, Middle East, and other allied defense and commercial opportunities in partnership with major integrators as Plurilock seeks to capture a share of accelerating global cybersecurity spend. Let me walk through a few highlights from the quarter. With the implementation of our new accounting policy in Q4 2024, which focuses on recognizing revenue from software and services over time rather than upfront, recognized revenue for the second quarter of 2025 was CAD 16.4 million, which was an increase of 15% over the new adjusted Q2 2024 revenues of CAD 14.3 million. Our Critical Services business grew 159% year-over-year to CAD 4.3 million.
This business line remains a core strategic priority, and we will continue to keep it front and center as well by shifting our revenue mix and growing recurring service relationships for driving margin improvement. Gross profit decreased CAD 100,000 from CAD 2.1 million to CAD 2 million, with a slight dip in gross margins to 12% from 14.7%. This was largely due to a one-time larger lower margin resale order that impacted overall margins this quarter. Our higher margin offerings led by Critical Services remain strong, and we are positioned for expansion in the second half. The company had CAD 1.7 million in cash and access to an additional CAD 8.5 million in unused credit facilities on June 30th, 2025. The balance sheet remains stable with cash on hand and unused credit capacity providing sufficient liquidity.
Like previously mentioned, while occasional large resale orders may create quarter-to-quarter variability in blended gross margins, Critical Services remains again the primary driver for recurring higher-value revenue. In the second quarter of 2025, we announced nearly CAD 10 million in new business across a range of high-value clients. Several of these include five to six-figure contracts as part of our land and expand strategy, which is things that we've seen in the past, where those land and expand deals ultimately are a thin end of the wedge. They get us into a client, we get very sticky engagement, the client sees our delivery success, and ultimately that leads to six, seven, or even potentially eight figures' worth of business over the lifetime of that account. I'd encourage folks to refer to our investor deck where we have actually a case study of what that looked like.
We continue to leverage longstanding relationships with U.S. and Canadian government agencies while accelerating into commercial markets where enterprises face equally complex challenges. Partnerships with global leaders such as CrowdStrike and Forcepoint extend our reach, strengthen our credibility, and continue generating direct referrals and new business. During the quarter, high-level engagements in Ottawa and Brussels reinforced our credibility and highlighted the unprecedented levels of allied government investment flowing into cybersecurity and defense, as we have seen with all of the news around increased levels of commitment to NATO, as just one example. At this point, I'd like to walk you through some of the Q2 2025 financial results. As Ryan stated at the beginning of the call, all dollar amounts I'll refer to are in Canadian dollars, which is Plurilock's reporting currency.
For more detailed information, please refer to the financial statements and management discussion and analysis document that we filed on CDER Plus. Turning to our second quarter financial results for the three months ending June 30, 2025, total revenue for Q2 increased 15% to CAD 16.4 million as compared to CAD 14.3 million for the second quarter ended June 30, 2024. Hardware and systems sales revenue for Q2 totaled CAD 1.4 million compared to CAD 2.2 million in Q2 last year, which accounted for 8.2% of total revenues compared to 15.2% in Q2 2024. Software license and maintenance sales revenue for Q2 totaled CAD 10.8 million compared to CAD 10.5 million in Q2 of last year, accounting for 65.7% of total revenues compared to 73.7% of total revenues in Q2 2024.
Professional services revenue for Q2 was CAD 4.3 million compared to CAD 1.6 million in the prior quarter ended June 30, 2024, accounting for 26% of total revenues, up from 11.5% in 2024. These last three bullets really speak to the change in revenue mix as we move more towards Critical Services. Finally, gross margins for Q2 2025 was 12% compared to 14.7% in Q2 2024. Lastly, adjusted EBITDA, which is a non-GAAP measure, improved 42% for Q2 to a loss of CAD 1.4 million compared to a loss of CAD 2.4 million in Q2 2024. Lastly, cash and cash equivalents and restricted cash on June 30th, 2025 was CAD 1.7 million, which is up from CAD 1.4 million March 31st. The company has an additional CAD 8.5 million of unused credit facilities. Our balance sheet remains stable with cash on hand and unused credit capacity.
We've also strengthened our working capital profile by shortening payment terms with key customers, pulling forward cash, and tightening contractor payments. Importantly, we've reduced focus on low-margin hardware resale, and we've reallocated those resources and that selling time towards Critical Services and higher margin opportunities. Combined with selective bidding and changes in revenue recognition, these steps are ultimately smoothing revenue and setting us up for healthier margins over time. This concludes the financial summary for the second quarter of 2025. We'll now move to the outlook. Before we do that, I'd like to add a few comments about the sale of our CloudCodes business to Scope Technologies that we announced earlier today. We had originally acquired certain assets of Indian-based CloudCodes in August of 2022 in order to access some zero-trust cybersecurity solutions and enter the cloud access security market.
Over the past three years, our business has undergone a significant evolution. At the time, CloudCodes' focus was on the small and medium-sized enterprise market, which aligned with Plurilock's strategy at that point. However, as Plurilock has matured and building on the success of Critical Services, we've moved up market from the SMB and SME space to really concentrate on larger enterprise, which includes both our government clients as well as large global 2,000 commercial enterprises. Today, that really has become our focus and is a key part of our Plurilock phase III of growth, which we are now in. As a result, the SMB segment has become non-core for us, and continuing to operate in that space would not have supported our mission of streamlining operations and driving growth in enterprise and government markets through Critical Services. Ultimately, that's why we made the decision to sell CloudCodes.
The type of consideration was largely stock, meaning that we will benefit from any growth that the new owners are able to generate as they scale that platform. This allows us to stay laser-focused on enterprise and our government clients while still sharing on the upside of CloudCodes' future success in that market. Moving on to the outlook for the year, as we look ahead, our strategy for 2025 remains clear. Continue expanding our margins led by Critical Services and a more strategic approach to commercial resale while preserving a strong liquidity profile. We have built and continue to broaden a healthy pipeline across enterprise, defense, and public sector markets, and we see a strong line of sight into second-half activity as seasonal budgets reset and strategic initiatives come into play.
While select resale orders may create some quarterly margin variability, Critical Services continues to drive recurring higher-value revenue, and we remain confident in delivering sustained growth through the end of this year and to next. Internationally, we're making steady progress entering Europe, NATO, the Middle East, and other non-U.S. defense markets, leveraging the credibility that we built with Canadian and U.S. federal clients. Recent meetings with senior cybersecurity and procurement officials in Ottawa and Brussels reinforce that Plurilock is well-positioned to capture a share of the unprecedented cyber and defense investments we're seeing from allied governments. Plurilock's growth strategy is anchored by three pillars. First, the company is driving organic growth in its high-margin recurring Critical Services business, fueled by rising demand across U.S. commercial, federal, and allied government sectors, as well as increasing inbound leads from referrals and strategic partnerships.
Second, Plurilock continues to pursue accretive M&A in enterprise and federal verticals, leveraging deep acquisition expertise built over four completed transactions since 2020, with a focus on profitable services-led businesses that have trusted customer relationships and exploring non-dilutive capital-efficient deal structures. Third, the company is expanding through strategic joint ventures and alliances in quantum, AI, and defense technologies, looking to partner with AI-native, post-quantum, and secure infrastructure providers, pursuing joint defense bids with large primes and integrators, and ultimately deepening penetration into Europe, NATO, the Middle East, and other non-U.S. defense markets. With that, I'd like to pass back to Ryan for the Q&A portion of the conversation.
Thank you, Ian. As a reminder to submit a question, please click the Q&A tab at the bottom of the webinar. We'd like to thank those who've submitted questions so far. Can you talk about what drove your Q2 2025 revenue and sort of the outlook for the rest of the year and if that growth will continue?
Sure. Thank you for the question. Year-over-year revenue was higher due to the timing of a few large orders as well as our Critical Services growth. We've benefited from revenue recognition of software over time. I'll remind folks also that we have a new measure, which is backlog, which historically we have not had. We are benefiting both from new sales as well as the backlog of contracts that we've already signed. We historically have seen an uptick in the second half of the year. This is as a result of year-end budgets, both in the public sector space. As an example, the U.S. federal government, their budgets end at the end of September, so calendar Q3, and then large commercial clients who are aligned with the calendar year also tend to have end-of-year spending as well.
It's important to note that a key pillar in our phase III strategy is realizing margin expansion, which we can achieve by remaining selective in which opportunities we pursue and favoring those with higher margins. Those items put together really speak to how we see the rest of 2025 and then 2026 shaping up.
How are your cash needs?
Cash is stable. Through a combination of cash and credit facilities, we've also improved collections and are working on our payments with our vendors and getting extended terms. We're improving our cash management significantly. For example, for our government accounts, we've been increasing our efforts there to significantly reduce how much time it takes for us to get collection there. Governments and enterprises are under attack, and these attacks are driving more business to us more frequently. Customers are willing to pay us to ensure that we give them the best cybersecurity options that are out there.
A few questions here about the press release this morning involving CloudCodes. If Critical Services is Plurilock's core focus, can we expect more divestitures to further align with the business?
I just want to start by saying CloudCodes is a great technology. For us, though, it doesn't align with our core focus. We've been evaluating how best to unlock value from non-core assets. While looking at this, we're also working on our strategic initiatives that could expand our Critical Services footprint. All these opportunities we've evaluated, and we'll look through the lens of what is operationally fitting and what we want to do, as well as how well we are accretive financially to the company. We're finding great traction in large enterprises and governments, so it makes sense for us to focus our efforts in targeting these markets.
As a company, we've always seen M&A as a core pillar, which includes both the buy side and now the sell side of CloudCodes, and also strategic partnerships, joint ventures, which is something we may pursue if it'll be accretive to shareholder value.
Okay, one more on CloudCodes. With your CloudCodes divestiture, does this mean that acquisitions are on hold?
No. I mean, this transaction represents actually the bench strength that the company has in regards to M&A. Historically, we've been on the buy side and now on the sell side. I think Plurilock has proven a track record of value creation through M&A, having successfully completed four acquisitions to date, five if you include the RTO through the GoPublic. Now we have sell-side transactions. Plurilock ultimately is backed by a very experienced team with both operational depth, capital markets expertise, and M&A expertise. The company continues to explore a range of strategic opportunities, including acquisitions, joint ventures, which we mentioned earlier. That can take many forms, as well as other value-enhancing initiatives.
Okay, where do you think your Critical Services margins can top out?
Thanks, Ryan. It's a hard number to pin because we don't know exactly what opportunities will present themselves and what services we will offer going forward or where we can find experienced talent at the same or lower expenses. We can emphasize that our growth is focused on higher margin offerings, and we aren't going to onboard a business that meets our internal hurdle rate. If we're not going to make a certain margin on it, we just won't entertain it. You're seeing that we're getting a lot better margins on our services versus the solution side of the business, and that's why we're focusing there. In terms of topping out, again, it'll depend on the expertise.
Generally, stuff that's emergency and high demand demands a lot more margins, and stuff that's a little bit more regular is, I wouldn't say lower, but very good, but not as high as the on-demand emergency stuff.
Can you discuss where your R&D spend will be focused going forward? Should we think of you as a software reseller, or are you working on internal new solutions?
Yeah, that's a great question. If I think about the business today, the Solutions Division is largely focused around reselling third-party commercial off-the-shelf technology, and that's a mixture of hardware and software. We've talked about partnerships like CrowdStrike and Forcepoint, as well as other strategic cybersecurity platforms. That's really what the Solutions Division is focused on. Critical Services is really where we're seeing a lot more focus around both R&D as well as just focus from a go-to-market perspective. Today, Plurilock still maintains its patent portfolio of approximately half a dozen patents. We do continuously look for opportunities to patent new innovation, which can be as a result of specific software innovations, or it could be more process innovation leveraging software as well. We believe that there is great opportunity to bolster the moat around how we deliver Critical Services.
This is also somewhat evident in the new tagline that you saw when you first joined the call, which was that Plurilock is services-led, product-enabled, and AI-native. What we're trying to convey there is the fact that we have a very innovative team. We're going to continuously look for ways of securing those innovations. It may or may not show up as dedicated R&D expense in terms of those line items on the financial statements, but there is absolutely a focus and a heritage of us being able to identify new innovations and then secure those.
Thanks. We've got a couple of questions around potential engagements and traction with NATO, Europe, and other international jurisdictions. Is there anything that you can tell us about that?
I think.
Most of those things are confidential.
Yeah, so I mean, I think like with many cybersecurity companies, it's difficult sometimes to talk about specific engagements or specific clients. I think I can give you a couple of trends, though, and I can also point to where we're making investments. A couple of things that I would say. The first is that there's been a very sizable shift in how the rest of the world is viewing its supply chain. What I mean by that is going into 2025, new administration in the United States, a lot of traditional defense investments, which seem to be obvious go-to yes, just buy American capability, are now being revisited. There's a bunch of great examples of that. I mean, you can look at kind of star projects like the F-35, and you can also look at smaller things.
Because there's now some shift in how countries and how large global enterprises, which sometimes behave like small countries, are viewing their supply chain, they're starting to revisit the question, should we just go with the incumbent, right? There's always kind of the euphemism of you never get fired for buying IBM. The same is true in cybersecurity, the same is true in defense. Those are now being questioned. It opens the opportunity for innovative capabilities and new providers to come in while those questions are being asked. What we're seeing is an opportunity to engage, whereas in years past, those opportunities weren't there. That's the first part. I think the second part is that for Plurilock specifically, the work that we've done, especially in Critical Services, although the Solutions Division as well, is really getting noticed by other stakeholders. Those other stakeholders are partners.
In some cases, they're officials. In some cases, they're other customers directly. We're seeing introductions, we're seeing word of mouth, and we're seeing us as a company being pulled into conversations and sales opportunities that, frankly, we weren't seeing previously. What that means for us is we are investing dollars, particularly in people and in travel, to go visit these customers, to go visit these folks. We're allocating hard dollars to follow up on those sales opportunities. I will say that even in 2024, a certain amount of our revenue was coming from Europe. It may not have been a European entity that we were doing business with, but the reality too is that a lot of the global enterprises that we work with have large operations in Europe. There's a definite pull that we're feeling. We're following up on that.
I think that this is going to be a topic of conversation that will come up in future presentations.
I know you are not providing guidance, but we have a few questions around when you expect to be EBITDA positive. Can you provide any information or anything about initiatives to get there in the future?
Yeah, I mean, listen, we're laser-focused on getting to both EBITDA positive as well as cash flow positive. That's a combination of really two drivers. We are continuously looking to increase gross margins. You've heard that, I think, repeatedly through this conversation that a core driver of getting EBITDA positive is as a result of growing gross profit, less so about revenue. It's really if we can get, for a given dollar of revenue, more gross profit by prioritizing Critical Services as opposed to focusing on some Solutions Division resell, then we're absolutely going to focus on Critical Services. That's a key pillar. I think the second is continuing our strategy around OpEx reduction, which includes things like leveraging our offshore hiring centers. The reality is that certain actions that we've already taken take time to work through the P&L. Those are the things that we're continuously focused on.
We're laser-focused on those. I don't see that changing anytime soon.
Can you discuss the capacity that you have to grow Critical Services with existing personnel? Do you need to hire more people? If not, how much can the segment grow with existing resources?
Yeah, it's a good question. I mean, one of the key strengths around Plurilock is our access to talent. I think that's evident even from the externally facing materials. If you look through our investor presentation, we have a whole slide around the people affiliated with us on our advisory board as well as our board. Part of the value that we get from that network is the ability to hire top talent in a very competitive market. Cybersecurity, by some estimates, has 4 million jobs unfilled. There's a war on talent out there. We've got a secret weapon, which is our advisory team, that allows us to have a very massive network. If we need a specialist skill set that would ordinarily be unapproachable from a cost perspective or even just finding those people, that is something that we have access to that others don't necessarily have.
The first thing that I would say is that we have been successful thus far through traditional recruiting channels as well as we've given ourselves the secret weapon, which is this advisory team. I think that you can see the success of that just by the rate of growth that we've seen from last year to this year. You know, going from CAD 1 million to a couple of million was largely as a result of being able to ramp up quickly. We have been successful so far. Of course, we have to continue putting in the effort to continue being successful. I don't see a limit or a cap or anything in the near or even medium term to be able to respond to customer demand. In fact, we're looking forward to the opportunity to introduce even more of our top talent to those customers.
As part of your growth, do you ever see some SaaS solutions being offered by your company to complement the services? This could help generate additional recurring revenues.
Yeah, I mean, I think that speaks to part of the core strategy of the company of having both the Solutions Division as well as Critical Services. The thing to keep in mind in cybersecurity is that for every CAD 1 of technology that gets purchased, which could be a SaaS solution, there's typically CAD 2 of services that go into implementing that solution, deploying that solution, running that solution, et cetera. These are not two different things that we offer to a customer. These are two parts of a capability that leads to an outcome for our clients. To the degree to which we have an ownership stake in that technology or not certainly is something that we are looking at.
I think I'd go back to, again, when we were talking about the three pillars of growth, we also talked about M&A and joint venture as being one of those pillars. It's absolutely something that we could do. I do agree, it does build recurring revenue. Critical Services itself builds recurring revenue as well. Absolutely something that we are looking at and could add to the portfolio.
Just being mindful of everyone's time here, we're past the half-hour mark, but we've got one final question. You mentioned being more selective and strategic with your approach to resale opportunities. What do you mean by that?
We have a sales team, and that sales team has a certain number of hours in the day, which we call selling time. What we do internally is we're now benefiting from all of the existing work and investment that we've put into the business up until now. We now have more opportunity than we can go after. For us, both at the individual sales rep level as well as sales management, as well as the C-level executive and also at the Board of Directors, it is a very intentional strategy about what sales opportunities we pursue.
If we have two competing sales opportunities, with all else being equal, and we can sell a technology resale deal for CAD 1 at 10% margin, or we can sell a Critical Services engagement at 45% or 50% margin, obviously, we stand to make a lot more gross profit and realize margin expansion if we favor and focus on Critical Services. That's the theory behind what we're doing. In practice, that means that there's going to be a different revenue mix. I think you've seen that so far this year. Q2 has a much larger percentage of revenue that is Critical Services today as compared to the same time last year. It's also driving a gross margin profile that is different than it was previously. We're going to continue to evaluate the sales opportunities we have before us, and we're going to favor the ones that are larger in gross margins.
That's really the theory behind what we're doing.
Thank you. There's no further questions. If you weren't able to ask your question or have other questions after the call, please reach out to us and we'd be happy to answer them. Our contact information is on the screen. I'll pass the call back to management for closing remarks.
I would just like to thank everybody both for attending this call as well as following the story. We look forward to continuing to share our progress with you in the quarters ahead. If there are, like Ryan was saying, if there are additional questions, our contact details are on the screen. The other thing that I would encourage everybody to do is to sign up for the investor updates. If you go to the URL on the screen, plurilock.com/company/investors, you can put in your email and you can get notified in real time as news comes out. You can be fully in the loop as we publicize and announce activity.
This concludes Plurilock Security 's Q2 2025 financial results conference call. Thank you for joining us. Have a great day.