Intercede : Interim Report 2021

Intercede Group plc

Interim Report

2021

Intercede Interim Report 2021

INTERCEDE GROUP plc

Interim Results for the Six Months Ended 30 September 2021

Interim Management Review

Introduction

Despite the COVID-19 pandemic, the previous financial year demonstrated that Intercede has significant reasons to be optimistic for the future. The Group completed Phase 1 of its turnaround after recording its third consecutive year of profit and cash generation, with 14% growth in revenues in its dominant US market. The continuing positive trend and momentum gave the Board the confidence to issue a call notice in respect of the outstanding convertible loan notes (CLNs) totalling £5,005,000. The removal of this debt from the balance sheet, and the elimination of the associated interest cost, means Intercede is well placed to pursue its growth strategy into 2021 and beyond.

Throughout this year, we have seen yet more evidence of the economic and reputational threat posed to governments and enterprises by cyber attacks.

The first half of this financial year has given rise to a number of catastrophic cybersecurity breaches including the recent attack on Colonial Pipeline, whilst many organisations are also still dealing with the aftereffects of the SolarWinds breach. The increased instances of such malicious and targeted strikes led to President Biden's administration issuing an Executive Order on cybersecurity in May 2021. The Executive Order is wide ranging, covering enhanced information sharing, replicable 'playbook' style responses to cybersecurity incidents and increased vendor transparency. One item that stands out is that username/password combination alone is not a permitted form of authentication to access government systems and data and instead secure Multi-factor Authentication (MFA) is mandated.

"Hackers don't break in, they log in"

Vasu Jakkal, Security vice-president Microsoft

Fundamentally, it is time to move on from passwords. Last year, username/password breaches increased by +450% in the US, according to ForgeRock's Identity Breach Report 2021. A key learning from the Colonial attack is that MFA is not enough and the recent Executive Order requires that authentication is secured with encryption of data at rest and in transit. MFA is used to ensure that digital users are who they say they are by requiring that they provide at least two pieces of evidence to prove their identity. Each piece of evidence must come from a different category: something they know, something they have or something they are. Commonly, day-to-day MFA utilises SMS- based one-time passwords (OTP's) but these are at risk of phishing via open source and readily available phishing tools or methods such as SIM swapping that rely on social

Intercede Interim Report 2021

engineering. This is not the case with secure MFA, such as Public Key Infrastructure (PKI) and FIDO (Faster Identity Online), which provide highly secure crypto-based security that meets the requirements of the Executive Order and mitigate against the threat of phishing, social engineering, brute force and password spraying attacks.

In July 2021, Intercede was excited to announce that MyID had been formally FIDO2 certified. The certification has been awarded after MyID passed FIDO Alliance interoperability trials demonstrating its ability to use open authentication standards backed by technology leaders including Microsoft, Apple, Google, Intel, Facebook and Amazon. This certification opens up Intercede's addressable market by both territorial reach and product breath.

The MyID platform manages deployment and lifecycle events for both PKI, FIDO and combined PKI/FIDO devices, giving consistency over policy, reporting and user experience. Intercede is proud to offer the MyID platform as the first global solution to offer a truly unified approach to credential management.

Strategy

Intercede continues to focus on its 5C strategy, centred around Colleagues, Customers, Channels, Code and Cash. In this second phase of our turnaround, we are adding a new C: Corporate Development. The Group is actively exploring buy-side M&A following the appointment of a new full time Head of Corporate Development. The Board sees the value in taking time to ensure the right strategic fit(s) to ensure scalability and accelerated revenue growth, whilst also pursuing a disciplined approach to deal pricing.

1  Colleagues

Intercede's product innovation roadmap leverages over 1,000 person-years of internal development expertise that would require a competitor to spend significant time and effort to replicate. Put very simply, the Group respects its staff and recognises they are one of its most valuable assets. Two-way communication is promoted to encourage colleagues to share their views and preferences, be they positive or negative, so they can be addressed to deliver a workplace that is enjoyable and productive. In September 2021, all colleagues were invited to take part in the annual employee survey which saw a high response of 96% (compared to an industry average in the mid-60%s). Engagement has increased from 63% in 2017 to 85% in 2021 (above industry norm) and has held steady compared to 2020, which is reassuring and a positive indication of colleagues' health and wellbeing during the pandemic and the switch to remote working.

2  Customers

A record eight new customers were signed up during the period and the level of attrition remains very low with renewal rates above 98%.

Intercede Interim Report 2021

Intercede works closely with customers to understand what is important to them and reflect this in the MyID product roadmap. New features such as enhanced REST APIs for simpler integration, the improved user experience of the operator interface and support for a wider range of authentication mechanisms including FIDO and mobile ID, help to keep MyID relevant to our customers and ensure that MyID is the system of choice where both security and flexibility are essential in ensuring data is protected now and into the future.

Customer upgrades to the latest release indicate the support for the new features released as evidenced by the Group's recent announcement that multiple major customers have chosen to upgrade their existing MyID deployments including:

• A major global aerospace and defence manufacturer upgrading to benefit from enhanced system configuration capabilities and integration APIs, enabling them to remove customisations and to achieve greater in-house control of the solution. In addition, support for the latest device types, such as YubiKey 5s, will allow the customer to deploy modern authentication devices better suited to their working environment.
• A major transportation program wishing to modernise their supported infrastructure platforms and also benefit from the more intuitive and faster browser-independent operator interface.
• A major US government agency choosing to extend their deployment to overseas workers, benefiting from enhanced self-service via kiosk interfaces, reducing operational costs while maintaining compliance with government security standards.

One important communication channel we have with our customers is the annual Customer Advisory Board (CAB). Virtual CABs were held during October and November for Customers and partners in the RoW and US respectively. They have followed a different format this year, starting with a Product Roadmap and Customer Success initiative session, then followed by non-concurrent workshops that allowed customers to attend all sessions including: FIDO for the Enterprise, Mobile Authentication & Transaction Signing and Upgrading MyID.

There are encouraging signs that our efforts to increase and improve customer interaction are paying off as evidenced by the increase in participation of the Customer Satisfaction Survey, the low churn rate and an increased NPS.

3  Channels

The deep focus on strengthening relationships with reseller and technical alliance partners underlies Intercede's go-to-market strategy, namely:

Additional Partners = increased addressable market = more customer deployments

A key element of the Group's growth strategy is therefore focused on increasing the number of partner relationships via Intercede's Connect Partner Programme.

Intercede Interim Report 2021

There is a vast and ever-growing number of Public Key Infrastructure (PKI) technologies in global circulation and the business is continually assessing them to identify those hardware and software vendors which meet Intercede's criteria for providing a successful partnership.

We are pleased to report that excellent progress has been made on this front with new partnerships formed in Europe, the US, ASEAN, Latin America and Africa. The strength of these new relationships has resulted in a record number of eight new customers being signed up during H1, with orders received totalling in excess of £700,000, most of which will be recognised in the current fiscal year.

Intercede continues to focus on technical alliances so that customers benefit from their digital infrastructure being seamlessly joined by the secure credential issued by the MyID platform. In Europe we continue to work with the likes of Cryptas and ESYSCO to embed MyID in their solution offerings. This enables enterprises to benefit from a single and secure source of identity to access centralised systems, such as HR and Finance, and provide strong authentication to eIDAS (electronic identification and trust services) signing services.

There has been interest from app developers in Latin America who wish to issue a secure credential with MyID to act as a vaccine passport, which would utilise relevant experience that Intercede has from working on the Kuwait National ID scheme. In our core US market, we were pleased to announce that MyID v12.1 supports the Entrust CA gateway using REST APIs and continue to be part of their Entrust technology Alliance Program.

We are also looking forwarding to sponsoring and speaking at Sailpoint's annual ID.gov event later this month and demonstrating MyID working with SailPoint to help organisations automate the process of onboarding employees and issuing digital credentials.

4  Code

During this financial year, Intercede has continued to invest in the MyID platform in accordance with its core development principles:

• Create and maintain a modern platform based upon market leading technology;
• Broaden the addressable market with new functionality; and
• Meet constantly evolving Customer and Partner needs.

April 2021 saw the announcement of the release of MyID v12 which introduced the following significant new features:

• FIDO - MyID can now operate as a FIDO server, supporting a wide range of FIDO2 authenticators and delivering the ability to manage issuance policy and lifecycle management, providing organisations with the control they need to ensure that only the right people can access protected systems and resources.