Crossword Cybersecurity plc (CCS) 2022年年度報告「LSE」.pdf

1、Annual Report and Accounts 2022for the year ended 31 December 2022REDUCING CYBER RISK GLOBALLY Contents Strategic Report Financial Highlights 04About Crossword Cybersecurity 06Chairs Statement 07Chief Executive Officers Statement 08Performance Review 10Operational Review 12Section 172(1)Statement 24

2、Corporate Social Responsibility 26Principal Risks&Uncertainties 28Governance Report The Board 32Corporate Governance Report 38Directors Report&Statement of Directors Responsibilities 50Financial Statements Independent Auditors Report 56Consolidated Statement of Comprehensive Income 66Statement of Fi

3、nancial Position 67Statement of Changes in Equity 68Statement of Cash Flows 69Notes to the Financial Information 70Notice of AGM 96Company Information 3Crossword offers a range of cyber security solutions to help companies understand and reduce cyber security risk.We do this through a combination of

4、 people and technology,in the form of SaaS and software products,consulting,and managed services.Crosswords areas of emphasis are cyber security strategy and risk,supply chain cyber,threat detection and response,and digital identity.We partner with organisations to keep them secure in the digital wo

5、rld,reducing cyber risks by providing a portfolio of innovative products and services,powered by university and other research driven insights.In the area of cybersecurity strategy and risk our consulting services include cyber maturity assessments,industry certifications,and virtual chief informati

6、on security officer(vCISO)managed services.Crosswords end-to-end supply chain cyber standard operating model(SCC SOM)is supported by our industry leading SaaS platform,Rizikon Assurance,along with cost-effective cyber audits,security testing services and complete managed services for supply chain cy

7、ber risk management.Threat detection and response services include our Nightingale AI-based network monitoring,our Trillion and Arc breached credentials tracking platforms,and incident response.Crosswords work in digital identity is based on the World Wide Web Consortium W3C verifiable credentials s

8、tandard and our current solution,Identiproof,enables secure digital verification of individuals to prevent fraud.Crossword serves medium and large clients including FTSE 100,FTSE 250 and S&P listed companies in various sectors,such as defence,insurance,investment and retail banks,private equity,educ

9、ation,technology and manufacturing and has offices in the UK,Poland,Oman and Singapore.Crossword is traded on the AIM market of the London Stock Exchange.Visit Crossword at About Crossword Cybersecurity plc Building a portfolio of cyber security products and services with recurring revenue models GO

10、VERNANCE REPORTFINANCIAL STATEMENTSSTRATEGIC REPORT3Highlights4CROSSWORD CYBERSECURITY PLC Annual Report and Accounts 2022 Operational Highlights Rizikon grew to over 1,000 users by end 2022 Leonardo UK selected Rizikon to assist with assessment of supply chain cyber risks,underlining Rizikons capac

11、ity to deliver at scale Acquisition of Threat Status Limited,adding two new products:Trillion(credential breach SaaS platform)and Arc(account protection for e-commerce platforms and organisations)Size of sales deals being secured by Trillion increased significantly compared to before its acquisition

12、 by Crossword in March 2022 Consulting increased its cross selling drive,selling services into numerous Rizikon clients and successfully introducing Nightingale to numerous Consulting clients Integration of Arc into Sticky Password,one of the industrys most well-established secure password vaults Op

13、ened an office in Singapore to support the 24/7 monitoring services provided by Nightingale.Launch of specialist Supply Chain Cyber Risk practice,with Rizikon wrapped in a full-service consulting offerFinancial Highlights68%revenue growth to 3.65m55%organic revenue growth81%growth in ARR in 2022 54%

14、recurring revenue in 2022Average revenue per client up 40%year on yearConsulting gross profit margin improved as proportion of larger clients increasedOversubscribed 3.6m equity fund raise in September 2022Total loss for the year 3.4m2.1m cash and cash equivalents at year STRATEGIC REPORT Oman Data

15、Park(ODP)signed a strategic cooperation agreement to provide cyber security risk services to over 800 government,corporate and SME organisations and enhance the protection of the cyber security structure of sensitive information in Oman Crosswords employees grew to 63 during 2022,up from 51 in 2021,

16、representing a 24%increase Post Period Highlights Launch of Ransomware Readiness Assessment service in March 2023,helping organisations reduce their exposure to ransomware attacks Outlook Targeting revenue growth of circa 50%in 2023 Having invested significantly for rapid growth in 2022,focus in 202

17、3 is on a clear path to profitability Increased emphasis on targeting larger clients that can make full use of Crosswords range of products and services6Crossword Cybersecurity keeps organisations secure in the digital world through a combination of software products and expert-led cybersecurity con

18、sulting and servicesSince admission to AIM in 2018,Crossword has grown revenues almost three-fold from 1.3 million(excluding discontinued operations)in 2019 to 3.65 million in 2022,through a combination of organic growth and acquisitions.Crosswords services Crosswords services have gained a strong r

19、eputation in the market thanks to a deep expertise in cyber security and a hands-on approach.Crosswords full-service consulting team provides strategy,assessment and risk management services.The constantly evolving nature and increasing number of cyberattacks means that demand for our consulting ser

20、vices keeps growing strongly.Our May 2022 report“Strategy and collaboration:a better way forward for effective cybersecurity”showed that over 40%of respondents believed their existing cyber strategy will be outdated in two years,and a further 37%in three years.This dynamic creates growing demand for

21、 the expert consulting that Crossword provides.Crosswords products Crosswords products are driven by research from some of the UKs leading universities and other research-driven insights.Crossword has developed strong and extensive research and development relationships with many UK university acade

22、mic centres of excellence in cyber security.Crossword offers a portfolio of cyber security software products,having successfully integrated three acquisitions since its admission to AIM.Crosswords products serve some of the fastest growing sectors in cyber security,including supply chain risks,threa

23、t intelligence and credentials breaches.Cyber security industry drivers Several inter-connected factors are driving the growth in cyber security software and services.Increasing use of cyber-attacks by nation states against each other as a result of a significant intensification in geopolitical conf

24、rontation;Increased interconnectivity of networks and trust domains;Increased proliferation and commercial availability of cyber capabilities;Increasing number of devices,including from operational technology and internet of things,and interactions drives growth in attack opportunities;Increase in r

25、emote working(accelerated by the pandemic)and resultant movement of data to the cloud;Increased dependency on third party suppliers of managed services;Commoditisation of higher-end cyber capabilities,lowering the barrier to entry for cyberthreat actors;With 39%of UK businesses experiencing a cyber-

26、attack in 2022,according to the UKs National Cyber Security Centre(NCSC),the constantly increasing number and growing sophistication of cyberattacks means that spending on cyber security defence is a key priority for business and governments.As a result,Gartner predicts end-user spending for the inf

27、ormation security and risk management market will grow from$172.5 billion in 2022 to$267.3 billion in 2026,attaining a compound annual growth rate(CAGR)of 11%,with 84%of C-level executives agreeing that cyber resilience is a business priority for their organisations in 2022,according to the WEF Glob

28、al Cybersecurity Outlook Report 2022.The UK is home to the largest,most concentrated and accessible cyber security market in Europe,worth over 10bn,growing 14%in 2021 and representing twice the growth on the previous year.The UKs reputation as a centre of cyber security excellence means it is the th

29、ird largest exporter of cyber security services globally,worth 4.2bn in 2020,as reported in the UK Cyber Security Sector Analysis commissioned by the UK Governments Department for Digital,Culture,Media&Sport.As one of the UKs leading cyber security commercialisation specialists,Crossword is well pos

30、itioned to benefit from sector growth,both in the UK and internationally.The above cyber security industry drivers,combined with a strong set of products and services,mean that Crossword is well positioned to keep growing strongly.CROSSWORD CYBERSECURITY PLC Annual Report and Accounts Growth acceler

31、ates rapidly in 2022 Crossword continued to build a strong and stable business,backed by our strategy of building a significant intellectual property-based,AIM quoted cyber security business.Crossword recorded impressive revenue growth of 68%in 2022.The Company completed its third acquisition and co

32、ntinued to reap the benefits of successfully integrating previous acquisitions,with annual recurring revenue growing by 81%.Rizikon ended 2022 with over 1,000 organisations using the platform and our blue chip cyber security consulting team is growing its client base with major FTSE and Fortune clie

33、nts.Our focus now is to drive to profitability,underpinned by targeting healthy revenue growth of over 50%in 2023.Further progress with our acquisition strategyCrossword continued to build on its acquisition strategy in 2022 with the successful acquisition of Threat Status Ltd.,a threat intelligence

34、 company.This added two additional products to the Crossword portfolio,Trillion and Arc.Arc is a similar product to Nixer,so post-acquisition,management took the decision to merge the two products,under the Arc product brand.Later in the year,in line with its stated acquisition strategy,Crossword te

35、sted a further acquisition opportunity and decided it would not be in the interests of the company to proceed at that time.This exploratory approach signals the scale of Crosswords ambition to build a scaled up,profitable cyber security company.A strong balance sheet and robust governance To ensure

36、that we had the funds to progress with our rapid growth,Crossword issued additional 550k of Convertible Loan Notes in July 2022 and carried out a 3.6m oversubscribed equity fund raise in September 2022.We are very pleased that our shareholders continue to see the growth opportunities for Crossword a

37、nd we would like to thank them for their commitment.To ensure that we maintain a robust framework of controls and high standards,the Board continues to adhere to the Quoted Companies Alliance(“QCA”)Corporate Governance Code(the“QCA Code”)in line with the London Stock Exchanges requirement for all AI

38、M quoted companies to adopt a recognised corporate governance code.The Corporate Governance Statement on page 38 of this report provides further details.Continued healthy growth with a clear path to profitabilityHaving invested significantly in 2022 to achieve impressive growth of nearly 68%over the

39、 past year,Crossword has now shifted its focus to defining a clear path to profitability.This is backed by strong current momentum,which aims to grow revenue in the region of 50%in 2023.I am very proud of what our expert team has achieved over the past year and I would like to acknowledge them all.C

40、rossword has a very strong culture and its core values of responsibility,openness,flexibility and learning underpin everything we do and are a source of particular strength that we will leverage to grow into a strong,stable and profitable business.Sir Richard Dearlove KCMG OBE Chair,Crossword Cybers

41、ecurity 18 April 2023Sir Richard Dearlove KCMG OBE Chair,Crossword CybersecuritySTRATEGIC REPORTChairs statement 8It is my pleasure,as Chief Executive Officer,to present the Annual Report and audited accounts for Crossword Cybersecurity Plc(Crossword or the Company or the Group)for the financial yea

42、r ended 31 December 2022.Crossword grew revenue by a very impressive 68%to reach 3.65m in 2022,its highest growth rate since admission to AIM in 2018.This proves that Crosswords services and products have achieved real traction with a wide range of clients.With this momentum,we expect to see our gro

43、wth rate continue strongly into 2023,whilst we drive towards profitability,which is our main priority now.We were particularly pleased to see annual recurring revenue increase by 81%over the prior year and reach 2.4m.Whilst acquisitions naturally contributed to this strong growth in revenues,Crosswo

44、rd also recorded 55%growth in organic revenues.The constantly increasing number and the growing sophistication of cyberattacks means that spending on cyber security defence is a key priority for business and governments.In 2021,the average number of cyberattacks and data breaches increased by 15.1 p

45、er cent.from the previous year.Over the next two years,security executives from over 1,200 companies polled by ThoughtLab in its 2022 cybersecurity benchmarking study see a rise in attacks from social engineering and ransomware as nation-states and cybercriminals grow more sophisticated.As a result,

46、“Cybersecurity failure”was ranked as a top-five risk over the next two years in East Asia and the Pacific as well as in Europe in the World Economic Forums 2022 Global Risks Report,while four countries,namely Australia,Great Britain,Ireland and New Zealand ranked it as the number one risk.Many small

47、,highly digitalized economies such as Denmark,Israel,Japan,Taiwan(China),Singapore and the United Arab Emirates also ranked the risk as a top-five concern.With the ever increasing cybersecurity market,in 2022 we made it our mission to achieve critical mass by investing for growth.The executive team

48、wanted to accelerate Crosswords growth aiming to achieve real momentum that would carry us into 2023 and beyond.We also made the decision to continue with our acquisition strategy and we succeeded in closing another excellent transaction by securing Threat Status Limited.Threat Status brought two ex

49、cellent products into Crosswords portfolio,Trillion and Arc.Both products deliver recurring revenue to the business and brought a range of new clients to Crossword.Trillion is a data breach platform that contains billions of carefully curated and continuously updated credentials that organisations c

50、an search to check the status of their usernames and passwords.Arc makes this same vast pool of information available in a different form to product websites to protect against credential attacks.Due to Arcs overlap with our existing product,Nixer,we made the decision to merge the two products,under

51、 the product brand name of Arc.Rizikon,Crosswords lead product,ended 2022 with more than 1,000 organisations using the freemium version,trialling or contracted to use the product.In June we launched a new service,Supply Chain Cyber,with Rizikon at its heart wrapped in a full-service consulting offer

52、.We are developing new leading edge modules for Rizikon and are in conversation with several potential large scale supply chain cyber clients.Increasing regulatory pressure on companies to monitor and take control of supply chain cybersecurity risks is also aiding the growth of Rizikons sales pipeli

53、ne.Chief Executive Officers review Tom Ilube Chief Executive Officer Crossword CybersecurityCROSSWORD CYBERSECURITY PLC Annual Report and Accounts Crosswords profitable and fast growing consulting business is now a trusted supplier to a number of large and medium sized companies,as well as continuin

54、g to work with smaller,entrepreneurial companies.Our vCISO(virtual Chief Information Security Officer)service,continues to be popular with all sizes of client and delivers a growing stream of recurring revenue.Along with our Nightingale network monitoring platform,which we acquired the previous year

55、 with the Stega acquisition,the Services business saw very positive overall growth of 80%,of which 51%is recurring.On the international front,Crossword invested time and effort to firmly establish itself in Oman and is using that as a base to explore opportunities in the wider Gulf region.This effor

56、t has put us in prime position for a major Government contract in the region that,if we are successful,will generate significant revenue as well as make Crossword a strategic cyber security supplier across Government.We also signed a distribution agreement with Omans major cloud services provider wh

57、o will offer our Trillion product and other Crossword services to their 600 client organisations.Outside of Oman,we won business in the insurance sector in Bermuda as well as established a small team in Singapore to enable us to offer our Nightingale network monitoring service on a 24 hour basis to

58、major clients.During 2022,Crossword took steps to ensure that it had the funding it needed to continue executing on its strategy.Crossword extended its Convertible Loan Note programme by adding a further 550k of loan notes in July and completed a 3.6m equity fundraise in September through an oversub

59、scribed subscription of Crossword Ordinary Shares.I was very pleased to welcome several major new shareholders and delighted that our existing shareholders continue to back our vision and support our commitment to the journey.Crossword is now a 70-strong,well respected,British cyber security busines

60、s,with a growing reputation in the UK and beyond.We take our wider social responsibilities seriously and have supported our Polish colleagues in their efforts to help Ukrainians exiled in Poland,by matching staff donations each month for a period of 6 months up to PLN 2,500 each month.As I close,I p

61、articularly wish to thank everyone who has helped Crossword achieve this record revenue growth which,at 68%is our fastest annual growth rate since Crossword joined AIM.Having invested significantly for rapid growth in 2022,we have now shifted our focus in 2023 towards a clear path to profitability.T

62、he momentum from last year places us in a strong position to achieve at least 50%revenue growth in 2023 and our focus on margin improvement will ensure that there is a clear,carefully managed route to achieving profitability in the medium term.Crosswords exceptional team and its culture of responsib

63、ility,openness,flexibility and learning,gives me and the whole Executive team the confidence that we will achieve our goals for our staff,our clients and our investors.Tom Ilube,Chief Executive Officer Crossword Cybersecurity 18 April 2023STRATEGIC REPORT10Performance review Financial review Strong

64、growth in revenue and ARR Crossword recorded revenue of 3.65m in 2022.This represented a large increase of 1.5m vs.the prior year,equating to 68%growth.All revenue streams recorded strong growth,other than software development with related parties,which ceased during 2021.The Company achieved an exc

65、ellent 81%growth in ARR,with 54%recurring revenue at year end.ARR growth rates continued,with Rizikon ARR growing by 43%during the year,Nightingale ARR growing by 29%,and vCISO ARR growing by 68%.vCISO,virtual chief information security officer is a bespoke service offered by Crosswords experienced

66、consulting team which supports clients of all sizes in improving their cybersecurity posture.In 2022 for the first time,Crossword completed delivery of a project focused on cyber security engineering services to a strategic partner.It is expected that additional engineering services will be provided

67、 in 2023.Investing for growth Total comprehensive loss for the year was 3.4m.Total cost of sales and administrative expenses increased by 2.6m in 2022 compared to 2021.The increase reflects the acquisition of Threat Status Limited in March 2022,and the inclusion of Stega UK Limited,acquired in Augus

68、t 2021,and Verifiable Credentials Limited,acquired in April 2021,for a full year in the 2022 accounts.Legal and professional fees increased by c250k,which included 346k for a potentially transformational transaction which did not progress because the vendor made other choices for their business.This

69、 reflects Crosswords ongoing drive for acquisitions during 2022.A primary driver for the increase in costs was a 30%increase in the number of staff compared to the closing FTE(full time employee)count at the end of 2021.In 2022,Crossword invested significantly in sales and marketing and product deve

70、lopment,which are the areas which saw the largest FTE growth.A significant improvement in Consulting gross margin was achieved while an improved and larger deployment of services was delivered by a higher number of staff.We are pleased to see that Crosswords increased investment in sales and marketi

71、ng and products development is reaping results,with average product and consulting revenue per client increasing to 28.7k per client,up from 20.5k in 2021.Focus on profitability Staff numbers have stabilised in 2023,with a strong foundation in place to drive the revenue growth and path to profitabil

72、ity on which the Company is currently focused.Profitability will be underpinned by improving margins,as Consulting revenue scales to achieve critical mass and as product revenues increase.Crosswords diversified product and services offering will drive scale while containing risk.Acquisitions Loss be

73、fore taxation using the 2021 presentation was 3.8m(2021:2.4 million).In March 2022,Crossword acquired the entire share capital of Threat Status Limited,the threat intelligence company and provider of Trillion,the cloud based software as a service(SaaS)platform for enterprise-level credential breach

74、intelligence.Threat Statuss more recently released product,Arc,protects the users of customer-facing applications from the threat of account takeovers.Equity fundraiseIn September 2022 Crossword completed a 3.6m equity fundraise through a placing and subscription of Crossword ordinary shares at a pr

75、ice of 21.7 pence per share.CashflowsNet cash outflows of the Group in 2022 were 1.3m.Excluding proceeds from issue and repayments of loan notes,the equity fuindraise and cash paid for acquisitions,net cash outflows of the Group were 4.4m(2021:3.3m).TaxationThe Group continues to claim research and

76、development tax credits,with 747k accounted for in 2022(2021:206k).R&D Tax Credits in FY2022 accounts have been reported in Tax,due to the majority of the claim being under the SME scheme.Historically,R&D Tax Credits have been reported as Other Operating Income.There has also been a prior year adjus

77、tment to R&D Tax Credits in FY2021.Financial PositionLoss before taxation using the 2021 presentation was 3.8m(2021:2.4 million).Crossword Cybersecurity plc finished the year with a cash balance of 2.1m.Financial reviewCROSSWORD CYBERSECURITY PLC Annual Report and Accounts 05,00010,00010,00020,00025

78、,00030,00020182019202020212022Average product and consulting revenue per client02040608010012014020182019202020212022Number of clientsCrossword recorded an excellent 81%growth in ARR,with 54%recurring revenue in 2022STRATEGIC REPORT12ServicesIn 2022,Crossword saw increased strong demand across all o

79、fferings in its Services division.Crossword continued successfully progressing in its strategy of increasing the proportion of midmarket and larger clients in its client mix,which are in an ideal position to make more widespread use of Crosswords full range of growing services and products.This is l

80、eading to increased annual recurring revenues from such clients.The value of the acquisitions made by Crossword in recent years shone through powerfully in 2022.Additionally vCISO(Virtual Chief Information Security Officer)ARR grew by 68%and Nightingale monitoring services ARR grew by 29%.In 2022,Se

81、rvices won its first FTSE 100 client project and carried out international work in new territories including Bermuda and the Caribbean.ConsultingCrosswords consulting services delivered outstanding results in 2022,achieving 63%year on year growth.Consulting increased its cross-selling drive,selling

82、services into numerous Rizikon clients and successfully introducing Nightingale to numerous Consulting clients.This is increasing the level of recurring revenues that the Consulting division generates,as well as strengthening client relationships as we meet their evolving needs and grow with them.To

83、 address the increased demand for consulting and product in supply chain cyber risk,in 2022 we launched the Supply Chain Cyber practice,which offers consulting services wrapped around a new set of strategic Rizikon modules with a recurring revenue proposition.The proposition targets the needs of lar

84、ge organisations regarding their third party supplier cyber risk and continued to be well received by larger clients,thereby adding to incremental revenue per client.The Consulting division grew to a total of 18 specialists by year end.With higher staffing levels,we continued to improve our consulti

85、ng methodologies and develop a more scalable model to provide our services.This is leading to work with larger clients with multi-faceted and more complex needs.Crosswords team of expert consultants provides bespoke cyber security consulting advice tailored to clients business needs.The team leverag

86、es years of experience in national security,defence and commercial cyber intelligence and operations.Crosswords full-service cyber security consulting team provides strategy,assessment and risk management services.Crosswords consulting services play a strategic role in its growth and are an integral

87、 part of its offering.By consulting Operational review CROSSWORD CYBERSECURITY PLC Annual Report and Accounts 2022Services recorded very positive overall growth of 80%,of which 51%is on clients needs and challenges,Crossword gains valuable market insights that help inform its product development.In

88、turn,the products business provides consulting opportunities,such as the many third party and other,risk consulting opportunities that have arisen out of Rizikon Assurance product sales.Crosswords consultants work with over 100 clients across multiple sectors,including insurance,professional service

89、s,financial services,nuclear energy and technology.Consulting clients include one of the worlds largest,global S&P500 insurance brokers,several FTSE 250 companies and a FTSE 100 company.vCISO (Virtual Chief Information Security Officer)vCISO recorded very strong growth of 68%in ARR thanks to its int

90、egrated and tailor-made service designed to meet clients evolving cyber security needs.Through the vCISO service,clients can avail themselves of the breadth and depth of cyber security services offered by Crossword.vCISO provides a fixed and predictable operational cost for clients,in contrast to th

91、e high costs and recruitment challenges that building an in-house cyber security capability entails.NightingaleThe integration of Nightingale continued to deliver on expectations and saw significant successes in the period,with ARR growing by 29%.These included new investment management clients,depl

92、oyment to a major insurance company in a dual running assessment and carrying out a cyber incident response at a top ten law firm.To service the needs of global clients,Nightingales capabilities were increased and we opened an office in Singapore to support its 24/7 global monitoring services.In Mar

93、ch 2023,Crossword launched its Ransomware Readiness Assessment Service.Conducted by the Nightingale team,an organisations current exposure,control systems and ability to respond to a ransomware incident is analysed in detail by using an industry-specific approach and cyber incident response forensic

94、s.The service helps organisations reduce their exposure to ransomware attacks,provides detailed assessments on areas requiring protection and recommends how they should respond to attacks.Nightingale,Crosswords world class platform,is a comprehensive security monitoring service.It mitigates the cybe

95、r threats and vulnerabilities an organisation faces by bringing together multiple facets to identify and monitor organisational assets,users,traffic,networks and endpoints.Nightingale ARR grew by 29%vCISO ARR grew by 68%STRATEGIC REPORT2016First consulting services revenues 20201m+in annual consulti

96、ng revenues reached August 2021Completion of acquisition of Stega UK Limited(threat intelligence and monitoring company)and its in-house monitoring platform,Nightingale2021Two FTSE 250 clients acquiredMay 2022“Strategy and collaboration:a better way forward for effective cybersecurity”Crossword laun

97、ches research report based on interviews with over 200 CISOs(Chief Information Security Officer)and senior UK cyber security professionalsJune 2022Launch of specialist Supply Chain Cyber Consultancy practice FTSE2502022First engagement with a FTSE 100 company,delivering high end cyber consulting ser

98、vices Crossword Services timeline14CROSSWORD CYBERSECURITY PLC Annual Report and Accounts Crossword Cybersecurity products Crosswords product portfolio addresses some of the most pressing needs in the cyber security sector,including supply chain security,credential attacks,account breaches and accou

99、nt protection.Crosswords product portfolio currently numbers four products and is the result of both internal development and acquisitions.For products developed internally,Crosswords specialist product development and software engineering teams develop the initial concept into a fully-fledged comme

100、rcial product that Crossword then takes to market.Crossword has an established tradition in commercialising cyber security research from leading UK universities.Rizikon,Crosswords flagship product focused on supply chain risk management,was based on research by the Centre for Cyber Security Sciences

101、 at City University,London,whilst Nixer CyberML was developed in collaboration with Imperial College,University of London.Nixer CyberML applies machine-learning to user behaviour analysis to detect and prevent credential stuffing and other account takeover attacks.The acquisitions undertaken to date

102、 are Trillion and Arc(acquisition of Threat Status Ltd completed in March 2022)and Identiproof(acquisition of Verifiable Credentials Limited completed in May 2021).Capitalising on other Crossword assets,e.g.the launch of the Supply Chain Cyber practice in May 2022,which leverages the Rizikon Platfor

103、m.Rizikon Supply chain risk managementRizikon Assurance helps organisations of all sizes to assess and manage their supply chain risk at scale,in a cost-effective way.Rizikon is Crosswords leading product and is provided as a SaaS platform.Identiproof Wallet verification technologyIdentiproof is a c

104、redentials verification wallet technology that is compatible with the World Wide Web Consortium(W3C)standards.Trillion Breached Account Mining platformTrillion continuously tracks,correlates and analyses billions of stolen usernames and passwords,searching for digital identities that could belong to

105、 client customers or users.Arc Account protection for eCommerce platform owners Arc queries for access attempts in real time,using username and password pairs already known to criminals.This enables clients to instantly step in and avoid losses.Trillion and Arc are the latest additions to Crosswords

106、 product suite,offering some of the strongest and most advanced credential leak monitoring services in the market STRATEGIC REPORT16CROSSWORD CYBERSECURITY PLC Annual Report and Accounts 2022ProductsCrosswords product portfolio addresses some of the most pressing needs in the cyber security sector,i

107、ncluding supply chain security,credential attacks,account breaches and account protection.Crossword currently offers four products,with three products being revenue generating and one in development.Rizikon and Trillion are well established products with distinct USPs,which led to strong growth in t

108、heir revenues in 2022.Rizikon Rizikon is a supplier assurance and third party risk management platform and is Crosswords flagship product.In 2022,Rizikon continued its strong sales growth with ARR growing 43%during the period.Rizikon enjoys a strong position in the market as a leading product for su

109、pply chain risk management,with organisations using it growing to over 1,000 by the end of 2022.As Crosswords first product to be developed in 2015,Rizikon benefits highly from its accumulated expertise in supply chain cyber risk assessment.There is a clear need in the market for specialist provider

110、s focused on supply chain cyber risk management.In 2022,the UK arm of international defence and security company Leonardo selected Rizikon to assist in its assessment of cyber risk in its supply chain.This very significant client win underlined Rizikons capacity to deliver at scale and serve the lar

111、gest of companies.In 2022 we increased our focus on growing Rizikon Assurance,which is aimed at mid-market and larger companies with a higher number of users per client.Rizikon Assurance is a highly versatile product that can be tailored to meet the different risk appetites of clients with different

112、 levels of risk modelling.Key to successful implementation is understanding a clients supplier ecosystem.This is carried out in an initial consulting exercise for Rizikon Assurance clients.To ensure Rizikon remains strongly positioned we made substantial progress in re-engineering Rizikon,by moving

113、its coding from Java to ReactJS+Java.This will speed up future development and enable Rizikon to keep quickly addressing emerging supply chain cyber security needs.Other notable product developments for Rizikon included the completion of analysis&designs for new higher value modules,and a number of

114、improved features for Rizikon.In the second half of 2022,work continued on readying new modules for launch in 2023.The supply chain cyber risk sector Preventing cyber risk attacks in supply chains is a fast growing market.For organisations of any size,the greatest threats to cybersecurity are suppli

115、ers,third parties and connected technologies given they are so hard to control.Recent research independently conducted for Crossword of over 200 Chief Information Security Officers(CISOs)found that 83 per cent.of CISOs viewed“ensuring that the entire supply chain is water-tight in its ability to def

116、end and recover against threat actors”as a challenge.The European Union Agency for Cybersecurity(ENISA)reported in 2021 that it expected supply chain attacks to quadruple over the following 12 months.Simultaneously,supply chains are going through a period of digital transformation,with automation in

117、creasing efficiencies,whilst at the same time introducing possible vulnerabilities to businesses.As a result,industries including but not limited to banking,retail and manufacturing are under mounting financial,reputational and regulatory pressure to monitor and take control of supply chain cybersec

118、urity risks.These include the Supervisory Statement SS2/21 by the Bank of Englands Prudential Regulation Authority(PRA),in effect since 31st March 2022 and the EUs NIS2 Directive and Digital Operational Resilience Act,in effect since 16th January 2023,amongst others.Rizikon and Trillion are well est

119、ablished products with distinct USPs.This led to strong growth in their revenues in 2022,with Rizikon ARR growing 43%Trillion Trillion saw strong revenue growth in 2022,with the size of sales deals being secured becoming noticeably larger compared to before being acquired by Crossword.Since its laun

120、ch in 2017,Trillion benefits from being a more mature and established product with each year that passes.Together with continuous product development,this enables Trillion to maintain a premium product offering excellent value for money.Trillions revenue growth in 2022 was supported by an increase i

121、n dedicated and specialist sales people,an increase in cross-selling,supporting a number of Consulting activities,and inclusion in the sales partnerships launched by Crossword during the period.In parallel,we continued with our sales strategy of seeking to include Trillion into third-party MSPs(mana

122、ged service providers).On the development side,we improved product functionality to support much larger multi-organisational clients as well as multi-tiered SAAS providers.This dramatically increased the revenue universe which Trillion can target.Trillion continuously tracks,correlates and analyses

123、billions of stolen usernames and passwords,searching for digital identities that could belong to clients customers.Trillion was one of two products that Crossword added to its product portfolio as a result of its acquisition of Threat Status Limited in March in 2022,the other product being Arc.ARC A

124、rc provides account protection for eCommerce platforms and organisations,querying for access attempts in real time,using username and password pairs already known to criminals.This enables clients to instantly step in and avoid losses.Nixer CyberML was a product in development by Crossword and shari

125、ng similar features to Arc.Operating in the same sector as Arc,it uses machine learning to match application credentials against a list of 555M+leaked username/password combinations,making recommendations if matches are made.As with Arc,it does so with zero friction to user experience.Given that ARC

126、 and Nixer Cyber ML operate in similar focus areas,in 2022 Crossword took the decision to merge the best features from both products in order to provide a best in class proposition to clients,retaining the name Arc for this product.In December 2022,Arc gained its first commercial contract when Stick

127、y Password,one of the industrys most well-established secure password vaults,announced a partnership with Arc.Identiproof The advantages of being able to easily access and share qualifications through digital wallets is driving strong demand worldwide for verifiable credentials software.During the p

128、eriod we made good progress on both product development and go-to-market plans for Identiproof,which is our credentials verification wallet technology.A new demo portal was made available enabling demos of Identiproof to potential customers.It covers both flows in which the verifier requests credent

129、ials to the mobile wallet,and in which users want to share their credentials as badges.Experimental R&D proof of concept work continued with grant funded development in the areas of interoperability and trustability.Progress was made on the second major version of the Identiproof suite of products.T

130、he new versions will have a new architecture and use later versions of the development stack for better scalability,reliability and resilience.STRATEGIC REPORT18CROSSWORD CYBERSECURITY PLC Annual Report and Accounts 20222015Rizikon launched 2019Nixer CyberML machine-learning version launchedMay 2021

131、Completion of acquisition of Verifiable Credentials Limited,adding Identiproof to the product portfolioMarch 2022Acquired Threat Status Limited,the cyber intelligence company,in March 2022,adding Trillion and Arc to Crossswords product portfolioNovember 2021Integrated DarkBeams cyber risk audits int

132、o Rizikon,significantly enhancing Rizikons functionalityCrossword Products timeline2020Launch of Rizikon Pro 2016Worked with Coventry University to help create CyberOwl Ltd2017Worked closely with our university partners,Warwick and EPFL,to create ByzGen Ltd2019Accepted onto the UK Government G-Cloud

133、 framework 2019Rizikon Assurance 2.0 launched;designed with Creditsafe integration,360-degree Supplier Scorecards and an Assurance Framework Dashboard19Sales&Business Development Focus on high retention rates and increased contract value The customer success team continued to ensure high retention r

134、ates and increased contract value by demonstrating the value of products to clients.We saw this markedly in the case of Rizikon,leading to high levels of contract renewals as supply chain risks increase and become more widely recognised.Sales team restructured In 2022,Crosswords sales team was restr

135、uctured into direct and indirect/channel sales to keep improving results.As part of this restructure,for direct sales we are placing more emphasis on sector-based sales campaigns,e.g.targeting sectors such as large clients facing supply chain risks for Rizikon.For indirect/channel sales we are expan

136、ding channel sales via resellers and distributors.To generate a better sales pipeline and results overall we also implemented the MEDDICC sales methodology,whilst continuing to further develop CRM and sales reporting/automation.New sales partnershipsWe were pleased to establish several new sales par

137、tnerships during the period.Sales partnerships are part of Crosswords indirect/channel sales and enable Crossword to reach large audiences quickly and effectively.The new partnerships included BESA(British Educational Suppliers Association),the SWCRC(South West Cyber Resilience Centre),techUK,(the U

138、K digital technology trade association),the Chartered Insurance Institute and the International Federation of Consulting Engineers.We were also delighted that the IASME Consortium Limited,a UK Government Cyber Essentials Partner,selected Rizikon Assurance as the core platform to support a new Mariti

139、me Security certification,taking the number of certifications it delivers via Rizikon to three.In 2022,Crossword also supported the British Educational Suppliers Association with Cyber Essentials and Rizikon,as well as techUKs SMEs with Cyber Essentials and Rizikon Assurance.STRATEGIC REPORTTime con

140、suming,arms length assurance process Assessing cyber security risk emanating from hundreds of suppliers,usually at arms-length,is very inefficient and highly labour intensive without technology support Creates strong demand for integrated single point software solutions that can address this and giv

141、e clients a top-down view of their supply chain riskIncreased Regulatory Pressure Regulatory developments are increasing pressure on companies to monitor and react to supply chain risk In the UK,the Network and Information Systems Regulations 2018(NIS),which are currently being consulted upon under

142、three pillars,and the UK Prudential Regulation Authority (PRA),are of particular importanceIncreasing and evolving supply chain risk Supply chain cyber security has suffered from under investment in relation to other cyber sectors,such as combating Ransomware Hackers are targeting the vulnerabilitie

143、s and evolving their attacks within increasingly complex integrated supply chains Has created pent-up demand to improve supply chain cyber securityRizikon reduces risk and improves compliance in supply chain cyber risk managementRizikon-Expertise in supply chain cybersecurity 20CROSSWORD CYBERSECURI

144、TY PLC Annual Report and Accounts 2022Increased Cost Efficiency Increased automation is driving better use of resources and improved ROI Enhanced ability to focus activities on areas of greatest need and higher risk Scalable SaaS solution that grows with clients,from small to very large supplier cha

145、ins Enhances clients capability by building on Crossword knowledge base,advisory support and servicesImproved Compliance Rapid assessment of regulatory and other cyber risk compliance in the supply chain Simple scheduling and timely deployment of assessment activities Efficient planning and tracking

146、 of mitigating actions Effective escalation and senior level reporting Continuous improvement based on Crosswords accumulated supply chain cyber expertiseReduced Cyber Risk Rapid assessment of supply chain cyber risks Comprehensive overview of risk mitigation pipeline Customisable categorisation for

147、 speedy prioritisation Fast and efficient planning and tracking of mitigation&transformation Timely escalation and senior level Trillions attractiveness derives from its sole focus on solving one core problem area:stolen passwords,otherwise known as credentialbreach detection.Trillions specialisatio

148、n since its launch in 2017 has led to an outstanding degree of expertise that is highly regarded in the market.Trillion focuses on serving the corporate market,for which password/credential breach protection is one of the highest priorities.Trillions hallmarks of speed of service,quality of data and

149、 confidentiality are highly valued by corporate clients.Trillion is strongly positioned in the feature rich yet price accessible higher segment of the market,combining highly automated processes that are driven by AI,thereby simplifying onboarding and operation for its clients.Trillions distinct ser

150、vicing model serves as an additional strong differentiator,in contrast to providers that will limit themselves to dumping raw and unstructured data on clients.Trillion-A sole focus on credential breach detection since 2017Trillions USPs 1.Privacy.Trillion maximises privacy whilst continuously filter

151、ing through constantly increasing amounts of stolen data.When it alerts clients about stolen data,it does so by only disclosing data appropriate for risk management while restricting all critical privacy elements to the data subject themselves.2.Relevant and cleanest data.Trillion prioritizes the mo

152、st relevant data through a number of methods,including automatically testing whether discovered email addresses are still active or defunct.3.Most dangerous users.Trillion targets the highest risk people by identifying top offenders of password re-use.STRATEGIC REPORTCovid-19During the height of the

153、 Covid-19 pandemic,CCN-CERT needed to act immediately to enhance the cybersecurity of Spains national health infrastructure.SupportHead of the cybersecurity department at CCN contacted the Trillion operations team after Trillions global offer of support to help protect digital identities within heal

154、th services.TimeOnce the team at CCN was given access to Trillion,in a matter of hours every health organisation across Spain was configured in the platform and breached credential data was being fed back into the CERT.Delivering credential protection at scale for Spains public administration Protec

155、ting large,distributed organisations,such as exist in the public sector,where many individual entities exist is one of the more challenging aspects of cyber security at scale.Crossword considers CCN-CERT a true business partner,and we learn as much from their feedback on our products as they do from

156、 our data.By listening closely to clients needs,we are continuously enhancing Trillion to support the cybersecurity needs of organisations operating at the top of their game”Jon Inns,Product Director for Arc and Trillion CCN-CERTCCN-CERT is the Information Security Incident Response Team(CERT)of the

157、 National Cryptologic Centre in Spain(CCN),which is accountable to the Spanish National Intelligence Centre.22CROSSWORD CYBERSECURITY PLC Annual Report and Accounts ExpansionCCN-CERT decided that a wider scope for Trillion will protect the wider Spanish public services infrastructure.CertificationCr

158、ossword collaborated with the CERT to implement new features which would enable it to extend the use of Trillion to local Government departments and organisations,while still maintaining a central,national view within the CERT.Roll outTrillion,with the new features,was rolled out over the following

159、weeks.CCN-CERT invited hundreds of local authorities,municipalities,town halls and central government departments to come on board using simple automated signups,which took a matter of minutes to complete.SuccessTrillion is now monitoring hundreds of organisations,thousands of domains and reporting

160、leaked data on hundreds of thousands of public workers across Spain.STRATEGIC REPORTSection 172(1)StatementThe Company has complied with the requirements of s414CZA of the Companies Act 2006 by including certain information within the Strategic and Governance Reports,that informs members of the Comp

161、any how the Directors have considered the matters set out in section 172(1)(a)to(f)of the Companies Act 2006 when performing their duty under section 172 to promote the success of the Company.The following table outlines where the key content as required by the regulations can be found in this repor

162、t.Crossword in the UK has an Employee Assistance Programme(EAP)which includes a wealth of resources like confidential health assessments,online resources,and telephone support.Matters considered by the BoardWhere to read more in this Annual ReportThe likely consequences of any decision in the long t

163、ermStrategic Report on page 3Corporate Governance Report on page 38Directors Report on page 50The interests of the Companys employeesCorporate Social Responsibility on page 26Corporate Governance Report on page 38The need to foster the Companys business relationships with suppliers,customers and oth

164、ersCorporate Governance Report on page 38The impact of the Companys operations on the community and the environmentCorporate Social Responsibility on page 26Corporate Governance Report on page 38The desirability of the Company maintaining a reputation for high standards of business conductPerformanc

165、e Review on page 10Strategic Report on page 3Corporate Governance Report on page 38The need to act fairly as between members of the CompanyCorporate Governance Report on page 38Directors Report on page 5024CROSSWORD CYBERSECURITY PLC Annual Report and Accounts 202225STRATEGIC REPORTENVIRONMENTAL,SOC

166、IAL&GOVERNANCEAs Crossword continues to grow and mature as an organisation,a keen focus is kept on our wider stakeholder and social responsibilities.Crossword holds itself to high standards in relation to stakeholders,in areas such as governance,employees,community,environment and customers.Crosswor

167、d recognises that we have a responsibility to manage our environmental impacts carefully,including meeting all legal and regulatory requirements.We are committed to reducing our environmental impact and continually improving our environmental performance as an integral part of our business strategy

168、and operating methods,with regular review points.We encourage customers,suppliers and other stakeholders to do the same.At Crossword,we value the people and we believe our greatest strength is a good team of experts.We are focussed on gender diversity with the Board being 37.5%women and Advisory Boa

169、rd at 50:50 parity.The Women at Crossword Group was established during 2021 and has met 3 times covering an interesting range of topics and speakers.Our cultureOur culture is that distinct differentiator which drives our decisions and actions.We are energetic,agile and passionate about the quality o

170、f work we deliver.We encourage responsibility early in the lifecycle of an employees career,along with which comes valuable learning.We make sure we have fun while doing our work and look out for each other by being open,transparent and flexible to adapt to each others needs and the needs of our cus

171、tomers and stakeholders.The Board is committed to promoting a strong ethical and values-driven culture throughout the Company and has a people-oriented ethos where hard work and commitment is recognised.The benefit of experienceThe make-up of our team gives us something unique to offer.Its rare to f

172、ind such richness of leadership experience in a small organisation and the advantage of our size is that our leadership team are present,accessible and engaged with the whole team.Employees get to know the leadership well and our staff tell us time and time again that they find this level of exposur

173、e invaluable in developing their own knowledge and business acumen.In 2022,we looked after our health and well-being in many ways,including with online yoga classes,laughter yoga,financial wellbeing workshop,celebrating Mens Health week,a Wellness Week and several enjoyable social events.We have a M

174、ental Health First Aider to provide support where required.We have a Balance channel on Slack,which is a dedicated space to bring interesting articles,blogs,websites and general content about Mental Wellbeing.Our Mental Wellbeing Policy outlines our provisions to prevent and address mental health is

175、sues among our employees.Mental Health is just as important as physical health.Mental ill health may be detrimental to a person as it impacts happiness,productivity,and collaboration.Crossword in the UK has an Employee Assistance Programme(EAP)which includes a wealth of resources like confidential h

176、ealth assessments,online resources,and telephone support.Corporate Social ResponsibilityIts a really lively,young,fast moving company.Everyone is very engaged its a really great company to work for.The atmosphere is second to none”The greatest thing about Crossword is the culture.I find our CEO very

177、 charismatic and focused on keeping the culture alive but not being not being something which is forced on people.It feels very natural,very modern,a great place to work.”26CROSSWORD CYBERSECURITY PLC Annual Report and Accounts 27Company values FlexibilityWe adapt to changing needs and empower our e

178、mployees with the trust and autonomy they need to deliver high quality work.LearningWe promote continuous learning culture and believe that knowledge and competence drives performance and growth of the individual and organisation.ResponsibilityWe take the ownership to demonstrate a high standard of

179、work as we are personally responsible for the work we deliver.OpennessWe encourage openness between all employees and with clients,we are inclusive adaptive collaborative,and committed to accepting people from diverse backgrounds.More reasons to join us Leadership supportAsking for help and support

180、is celebrated and highly encouraged at Crossword.The support can be available in the form of Mentoring,knowledge sharing and we also have a Buddy system for new starters.The Executive team is committed to their teams professional development.Great working environmentWe strive to better the employee

181、experience by providing proper work equipment and also through workplace engagement surveys which encourage open communication and feedback.Our offices are modern and equipped with kitchen and shower facilities,coffee machines and breakout spaces.Inclusivity&DiversityOur collective strength is in ou

182、r individual uniqueness and the range of experiences we can bring to the table.When we recruit,we dont look for a Culture fit,to fit any specific but rather what the person brings,but our culture is extremely collaborative and adapts to cater to the needs of our biggest asset our people!Work-life ba

183、lanceWe are focused on achievements at work,not how long you spend in the office.We believe in being agile and adapt to work around employees commitments and working styles.We prioritise our employees mental well-being above everything else.All employees are encouraged to take timely breaks to spend

184、 time doing what they love and pursue their recreations.Some of the initiatives which highlight the elements of our culture are as follows:Employee Engagement through our Corporate Social Responsibility initiative drives a common goal and brings employees together for a higher purpose.We have partne

185、red with SPEAR,a local charity in Richmond,to raise funds and help the homeless.Our Krakow office employees carry out philanthropic initiatives every year to help the disadvantaged and needy.We also have other interesting employee engagement events like our company away days,social events,lunch Mond

186、ays,etc.Excellent communication channels like Slack,Google Meet,virtual fortnightly coffee mornings allow for an easy flow of communication.Flexible and family-friendly policies which enable an enviable work environment.Open recognition initiatives as well as a 5-year Long Service Award to acknowled

187、ge hard work and commitment to the businessSTRATEGIC REPORTPrincipal Risks&UncertaintiesThe Board has overall responsibility for ensuring that risk is appropriately managed throughout the business.The Board is aware of the need to conduct regular risk assessments to identify any deficiencies in the

188、controls currently operating over all aspects of the Company.Risks to the achievement of strategic objectives are identified by the Executive.The degree of risk is evaluated by reference to the impact and probability of the risk,considering inherent and residual risk.The Executive considers the natu

189、re and extent of the risks,the threat of such risks becoming reality,the ability to reduce the incidence and impact on its business if the risk materialises,and the costs and benefits resulting from operating relevant controls.A Risk Register is prepared and regularly reviewed by the Executive,and s

190、hared with the Audit Committee for independent review and robust challenge.The Risk Register includes a plan for mitigation of risks above the risk appetite of the business.RISKS RELATING TO THE GROUP AND THE INDUSTRY IN WHICH IT OPERATES1 INTELLECTUAL PROPERTY ACQUISITION AND DEVELOPMENTCrossword a

191、cquires intellectual property(IP)rights from universities via licensing,IP transfer arrangements and acquisitions,and then develops this IP into commercial products.Failure to secure good quality IP deals,and to quickly and appropriately meet new cyber security challenges,will make it difficult for

192、the Group to generate new products.The success of this strategy depends on the ability of Crossword to source suitable IP and use its expertise in business management,marketing and product development to build solutions attractive to its potential customer base.Ultimately,Crossword will only succeed

193、 if it is able to acquire design,develop and sell new software solutions in a timely fashion that deliver operational reliability and effectiveness.2 TECHNOLOGICAL CHANGESGenerally,product markets are exposed to rapid technological change,changes in use,changes to customer requirements and preferenc

194、es,and services employing new technologies and the emergence of new industry standards and practices.The Group operates in a market with such changes,which have the potential to render the Groups existing technology and products obsolete or uncompetitive.To remain competitive,the Group must ensure c

195、ontinued product improvement,and the development of new markets and capabilities to maintain a pace congruent with changing technology.This added strain may stretch the Companys capital resources,which may adversely impact the revenues and profitability of the Company.The Companys success is depende

196、nt on the ability to effectively respond and adapt to technological changes and changes to customer preferences.There can be no assurance that the Company will be able to effectively anticipate future technological changes or changes in customer preferences.Furthermore,there is also no assurance tha

197、t the Company will have sufficient financial resources to effectively respond in a timely manner if such a change is anticipated.3 REPUTATIONAL RISKSAs a cyber security company,Crossword is very conscious of its external reputation.If the Group is compromised as a result of a cyber incident,it would

198、 impact its clients confidence.As Crossword expands its products and services,it is holding more client data and intellectual property,increasing the potential impact in the event of a cyber incident.Crossword has an experienced cyber security expert acting as its Chief Information Security Officer(

199、CISO)and a strong technical team who actively seek to mitigate threats.Nonetheless,should an event take place which adversely affects the reputation of the Group,its future prospects and value could suffer.4 COMPETITIONThere is no guarantee against new entrants or current competitors providing super

200、ior technologies,products or services to the market.There is no certainty that new entrants or current competitors will not provide equivalent products for a lower price.The Company may be forced to make changes to one or more of its products or to its pricing strategy to effectively respond to chan

201、ges in customer preferences in order to remain competitive.This may impact negatively on 28CROSSWORD CYBERSECURITY PLC Annual Report and Accounts 29the Companys financial performance.The Groups consulting division operates in an environment that includes large international accounting firms and cons

202、ultancies and a number of smaller niche players.There are very low start-up costs for any new entrant into the market and the Group cannot prevent any person or organisation from seeking to compete with it.There is a risk that an existing competitor or a new entrant may,over time,be able to win work

203、 from the Groups existing and future customers.In addition,larger competitors may,in the future,adopt more aggressive expansion strategies,which could include hiring additional experienced consultants and changing their business model and service offering to one that is directly comparable to that o

204、f the Group.This could,in theory,result in a material loss of customers from the Group to larger competitors and therefore have a material adverse impact on the financial performance of the Group.5 KEY SYSTEM FAILURE,DISRUPTION OR INTERRUPTIONThe Companys reliance on technology exposes the Company t

205、o a significant risk in the event that such technology,or the Companys systems,experience damage,interruption or failure in some form.A malfunctioning of the Companys technology and systems,or those of key parties,could result in a diminished confidence in the Companys services,resulting in a conseq

206、uential material adverse effect on the Companys operations and results.6 DEPENDENCE ON THIRD PARTIES AND BUSINESS CONTINUITYKey components of Crosswords technology platform may be dependent on the continuing availability of a particular supplier.The software development environment or data processin

207、g platforms may become unavailable for an extended period of time thereby disrupting customers experience of Crosswords products and services.Crosswords business is at risk from disruption of key systems and assets on which it depends.The functioning of the IT systems on which it relies could be dis

208、rupted for reasons either within or beyond its control,including but not limited to:accidental damage;disruption to the supply of utilities or services;security breaches;extreme weather events;systems failure;or workforce actions.There is a risk that such disruption may materially and adversely affe

209、ct Crosswords ability to offer services to customers and therefore materially and adversely affect its reputation,performance or financial condition.7 ABILITY TO RECRUIT AND RETAIN SKILLED PERSONNELThe Company believes that it has the appropriate incentive structures and culture to attract and retai

210、n the calibre of employees and contractors necessary to ensure the efficient management and development of the Company.However,any difficulties encountered in hiring,and retaining,appropriate employees and/or contractors and the failure to do so,or a change in market conditions that renders current

211、incentive structures unattractive,may have a detrimental effect upon the trading performance of the Company.With recognised shortage of skilled technical people,the ability to attract new employees and contractors with the appropriate expertise and skills cannot be guaranteed.8 FINANCIAL CONTROLS AN

212、D INTERNAL REPORTING PROCEDURESThe Companys future growth and prospects will depend on its ability to manage growth and to continue to maintain,expand and improve operational,financial and management information systems on a timely basis,whilst at the same time maintaining effective cost controls.An

213、y damage to,failure of or inability to maintain,expand and upgrade effective operational,financial and management information systems and internal controls in line with the Companys growth could have a material adverse effect on the Companys business,financial condition and results of operations.GEN

214、ERAL BUSINESS RISKS9 TAXATION RISKThe Company is subject to taxation and the application of such taxes may change over time due to changes in laws,regulations or interpretations by the relevant tax authorities.The recent proposed changes to the research and development tax incentives may have an adv

215、erse effect on the Companys results of operations.The continuing status of the Ordinary Shares as a qualifying holding for VCT and/or EIS purposes will be conditional(amongst other things)on the qualifying conditions being satisfied throughout the period of ownership.There can be no assurance that t

216、he Company will continue to conduct its activities in a way that will secure or retain qualifying status for VCT and/or EIS purposes.STRATEGIC REPORT10 COUNTERPARTY CREDIT RISKThere is a risk that parties with whom the Company trades or has other business relationships(including partners,customers,s

217、uppliers,subcontractors and other parties)may become insolvent.This may be as a result of general economic conditions or factors specific to that company,or exceptional circumstances such as COVID-19.In the event that a party with whom the Company trades becomes insolvent,this could have an adverse

218、impact on the revenues and profitability of the Company.11 LEGAL RISKLegal risks include the inability to enforce security arrangements,an absence of adequate protection for intellectual property rights,an inability to enforce foreign judgments relating to contracts entered into by the Company that

219、are governed by law outside England and Wales,absence of a choice of law,and an inability to refer disputes to arbitration or to have a limited choice with regard to arbitration rules,venue and language.Mitigation measures for these risks may also be limited.12 INSURANCE RISKThere can be no certaint

220、y that the Groups insurance cover is adequate to protect against every eventuality.The occurrence of an event for which the Group did not have adequate insurance cover could have a materially adverse effect on the Groups business,revenue,financial condition,profitability,results,prospects and/or fut

221、ure operations.13 ECONOMIC CONDITIONSThe Group could be affected by unforeseen events outside its control including economic and political events and trends,inflation and deflation or currency exchange fluctuations.The impact is likely to include interrupted power supply,disruption to financial mark

222、ets and higher inflation.Any economic downturn either globally or locally in any area in which the Group operates may have an adverse effect on the demand for the Groups products and services.A more prolonged economic downturn may lead to an overall decline in the volume of the Groups activities and

223、 sales,restricting the Groups ability to realise a profit.The markets in which the Group offers its services are directly affected by many national and international factors that are beyond the Groups control.14 CURRENCY EXCHANGE RISKThe Groups functional currency is Sterling.One subsidiary,Crosswor

224、d Cybersecurity Sp.Z.o.o is based in Poland,and another subsidiary,Crossword Cybersecurity LLC,is based in Oman.Crossword Cybersecurity Sp.Z.o.o,where the functional currency is zloty,accounts for approximately 11 per cent of the total costs of the business.Crossword Cybersecurity LLCs functional cu

225、rrency is Omani rials,which is pegged to the US Dollar.Exposure to this and other exchange rates may effect the Companys results.The Company may consider implementing policies to limit its currency exposure and will consider currency hedging instruments when they prove to be available and cost-effec

226、tive.15 GOING CONCERN RISKThere is a risk that the Group will not be able to raise cash when it is required.This could be as a result of poor performance within the Group or turmoil within the markets following COVID-19,or other economic issues such as the Ukraine crisis.The Strategic Report was app

227、roved by the Board of Directors on 18 April 2023.TOM ILUBE CEO 18 April 202330CROSSWORD CYBERSECURITY PLC Annual Report and Accounts 2022Governance Report Sir Richard Dearlove KCMG OBE Non-Executive ChairAppointment Date:1 September 2016Skills and Experience:Sir Richard brings to the Board extensive

228、 experience across government,education and global business.Sir Richard joined MI6 in 1966,undertaking various overseas and head office roles before being promoted to Chief of the Secret Intelligence Service in 1999.He retired from the Service in 2004.External Appointments:Sir Richard is presently C

229、hair of Trustees of University of London,Chair of Ascot Underwriting Limited at Lloyds of London and a Director of Kosmos Energy,the New York Stock Exchange listed oil and gas exploration company.Sir Richard is also a Director of The Cambridge Security Initiative 2017,the Cambridge Arts Theatre Trus

230、t Limited,Lower Tamar Fishing Club Limited and Endsleigh Fishing Club Limited.He also holds several advisory roles.Committee Memberships:NoneMary DowdChief Financial OfficerAppointment Date:14 June 2018Skills and Experience:Mary brings over 20 years experience of working alongside business leaders.S

231、he has demonstrated a track record of managing finance teams to ensure timely delivery of relevant financial information to all stakeholders,providing clear leadership,continuous process improvement,and excellent communication.She also brings to Crossword extensive experience of working in acquisiti

232、ve businesses and providing transactional support.Mary graduated from University College Galway,Ireland and has a postgraduate Diploma in Business Studies from the same university.She is a Fellow of the Chartered Institute of Management Accountants.External Appointments:Trustee at The Groundwork Sou

233、th Trust Limited and member of the Audit and Risk Committee of the University of Essex.Committee Memberships:NoneThe BoardTom Ilube CBEChief Executive OfficerAppointment Date:6 March 2014Skills and Experience:Tom is founder and CEO of Crossword.Tom served as Chief Information Officer of Egg Banking

234、PLC,which at the time was a pioneering main market listed UK internet bank.Tom chaired the UK Government Technology Strategy Boards Network Security Innovation panel.He was a member of the High Level Expert Group on cyber security at the International Telecommunication Union(ITU),a Geneva-based UN a

235、gency.He was awarded a Doctor of Science(Honoris Causa)by City,University of London,an Honorary Doctor of Technology by the University of Wolverhampton and was appointed a CBE in the 2018 Birthday Honours for services to Technology and Philanthropy.External Appointments:Non-Executive Director of WPP

236、 plc and Chair of the RFU.Director of Iternal Limited,Honorary Fellow of St Annes College,Oxford and of Jesus College,Oxford and Chair of the African Gifted Foundation.Committee Memberships:NoneThe Directors in office during the year and at the date of this report are as shown below:32CROSSWORD CYBE

237、RSECURITY PLC Annual Report and Accounts 33Celltech Limited and Cancer Research Campaign(now Cancer Research UK).David held or was named on three patents and is the holder of a Lifetime Queens Award for Enterprise Promotion for creating environments that favour enterprise,specialising in the practic

238、al aspects of commercialising the results of academic researchExternal Appointments:David is a Director of Cambridge KT Limited,Trustee of Cambridge United Charities,Chair of Fitzwilliam Museum(Enterprises)Limited,Trustee of The Trinity Challenge,a Governor of Coventry University Group and Treasurer

239、 of the Csar and Celia Milstein Foundation.Committee Memberships:Audit(Chair),and Remuneration(Member).Dr David SecherIndependent Non-Executive DirectorAppointment Date:16 June 2014Skills and Experience:David is an international expert in intellectual property,technology transfer and research manage

240、ment.His experience includes Japan,Jordan,South Africa,Brazil,Chile,Australia,Argentina,India,Saudi Arabia and Lebanon as well as Europe and the USA.David is a Life Fellow and until 2018 was Senior Bursar at Gonville&Caius College,Cambridge where he was responsible for the investment of a 210m endow

241、ment.David was co-founder and chair of Praxis(now PraxisAuril),the leading UK technology transfer training programme,of which he is now Patron.He served as Director of Research Services,University of Cambridge,where he was responsible for creating and directing a new division of 80 staff,for designi

242、ng and implementing an intellectual policy for the university and for technology transfer throughout the university resulting in 2m licensing revenue,40 new licences and six spin outs per year.David was Chief Executive of N8 Limited,a consortium of eight research-intensive universities in the North

243、of England,securing initial funding of 6m from Regional Development Agencies.His earlier career was in molecular biology research with MRC Laboratory of Molecular Biology,Dr Robert Coles Independent Non-Executive DirectorAppointment Date:25 May 2021Skills and Experience:Robert is a highly experience

244、d IT Risk and Cyber Security leader.He has over 30 years commercial experience,including Chief Information Security Officer of the NHS.Prior to this,Robert worked for GSK,National Grid,and Merrill Lynch.He held various senior information security roles at Royal Bank of Scotland and he was a partner

245、in KPMG.Robert is a Senior Fellow at the Centre for Assurance Research and Engineering at George Mason University,Washington DC.He is also an Honorary Professor at UCL.He was awarded a PhD in psychology by the University of Leeds for his work on the perceptions of information and IT risk and has pub

246、lished and presented on this and other topics.He continues to undertake research in these areas.He was also awarded an MBA from Manchester Business School.He has extensive links with major industry information security networking groups.Robert is Chair of the Groups subsidiary,Crossword Consulting L

247、imited.External Appointments:Director&Chair of Cumberland House Consulting Ltd,Director&Chair of Think Cyber Security Ltd,Governor/Trustee and Audit Committee Member of the University of Brighton.Committee Memberships:Audit and Nomination(Member)GOVERNANCE REPORTRuth Anderson Independent Non-Executi

248、ve DirectorAppointment Date:1 February 2018Skills and Experience:Ruth has over 15 years experience in the fields of security,intelligence,cyber crime and risk management.She brings to the Board extensive experience across defence and law enforcement sectors and within financial services,developing a

249、nd implementing cyber risk governance frameworks.Ruth is currently Chief Operating Officer for Technology,Security and Data divisions at Lloyds Banking Group.She was previously a Director of Cyber in the Financial Services Department of KPMG.She served as the Head of Specialist Operational Support a

250、nd also as the Head of Intelligence at the Child Exploitation and Online Protection Centre,where she delivered the first-ever strategic threat assessment on child abuse in the online environment.Prior to this,Ruth served in intelligence and security in the British Army.External Appointments:Halifax

251、Share Dealing Limited.Committee Memberships:Audit(member),Remuneration(Member)and Nomination(Member).Andy Gueritz Independent Non-Executive DirectorAppointment Date:21 September 2015Skills and Experience:Andy is an experienced Senior Advisor with a successful track record in helping clients improve

252、and transform their business by managing technology better and creating new technology-based ventures.In recent years,Andy has advised clients in a broad range of industries on topics such as business/technology strategy and investment planning;customer data analytics;transformation for innovation a

253、nd agility;performance improvement and cost optimisation,and other ways using technology to get and deliver better value.Before becoming a consultant,he attained Board-level responsibility in a successful career in software development and systems implementation.Andy is a Chartered Fellow of the BCS

254、(FBCS),Chartered IT Professional(CITP),Chartered Engineer(C.Eng),Fellow of the IET(FIET),and a European Engineer registered at FEANI.He holds a First Class Honours degree in Electrical and Electronic Engineering with Computer Science from Queen Mary University of London.External Appointments:Sixhill

255、s Consulting Limited.Committee Memberships:Audit(member),Remuneration(Chair)and Nomination(Chair).Tara Cemlyn-JonesIndependent Non-Executive DirectorAppointment Date:25 May 2021Skills and Experience:Tara has over 30 years experience in financial services namely in capital markets,M&A,strategy and di

256、gital transformation across many sectors,including financial services(banking,asset&wealth management,and fintech),energy&infrastructure and healthcare.Tara was head of M&A at L and has held senior positions at Schroders,Citigroup and Espirito Santo Investment Bank.External Appointments:25x25 Limite

257、d.Committee Memberships:None34CROSSWORD CYBERSECURITY PLC Annual Report and Accounts 2022The Board 35Tom Ilube CBE Chief Executive OfficerAppointment Date:6 March 2014Skills and Experience:Tom is founder and CEO of Crossword.Tom served as Chief Information Officer of Egg Banking PLC,which at the tim

258、e was a pioneering main market listed UK internet bank.Tom chaired the UK Government Technology Strategy Boards Network Security Innovation panel.He was a member of the High Level Expert Group on cyber security at the International Telecommunication Union(ITU),a Geneva-based UN agency.He was awarded

259、 a Doctor of Science(Honoris Causa)by City,University of London,an Honorary Doctor of Technology by the University of Wolverhampton and was appointed a CBE in the 2018 Birthday Honours for services to Technology and Philanthropy.External Appointments:Non-Executive Director of WPP plc and Chair of th

260、e RFU.Director of Iternal Limited,Honorary Fellow of St Annes College,Oxford and of Jesus College,Oxford and Chair of the African Gifted Foundation.Committee Memberships:NoneMary Dowd Chief Financial OfficerAppointment Date:14 June 2018Skills and Experience:Mary brings over 20 years experience of wo

261、rking alongside business leaders.She has demonstrated a track record of managing finance teams to ensure timely delivery of relevant financial information to all stakeholders,providing clear leadership,continuous process improvement,and excellent communication.She also brings to Crossword extensive

262、experience of working in acquisitive businesses and providing transactional support.Mary graduated from University College Galway,Ireland and has a postgraduate Diploma in Business Studies from the same university.She is a Fellow of the Chartered Institute of Management Accountants.External Appointm

263、ents:Trustee at The Groundwork South Trust Limited and member of the Audit and Risk Committee of the University of Essex.Committee Memberships:NoneThe Executive boardJake Holloway Chief Product OfficerSkills and Experience:Jake has over 30 years of experience in technology across a wide range of ind

264、ustries and roles including as CTO and Head of Product for two well-known software houses,and as CEO/Founder of an innovative Online Systems House.In his two most recent roles before joining Crossword,he was advising Worldpay on their separation from RBS,and founded Xendpay,a Fintech startup,where h

265、e was COO.Jake authored books on project management in 2015 and 2016.GOVERNANCE REPORTSean Arrowsmith Group Sales DirectorSkills and Experience:Sean has over 20 years sales experience in cyber/information security and technology.He was previously Group Sales Director at IRM Limited,the World Class C

266、entre in Cyber Security of Altran Technologies SA,the global innovation and engineering consulting firm.Here,Sean was accountable for revenue target achievement across all of IRMs business streams including consulting,software and training.Prior to that,Sean was responsible for leading consulting sa

267、les at Siemens Insight Consulting.Stuart Jubb Group Managing DirectorSkills and Experience:Stuart joined Crossword from KPMG where he was Associate Director,Defence&Security.Prior to that,he was Chief Operating Officer of a global consulting team of over 200 in KPMG Advisory.Stuart spent nine years

268、as an officer in HM Forces,after Sandhurst,serving in Afghanistan,NATO and elsewhere.36CROSSWORD CYBERSECURITY PLC Annual Report and Accounts 2022The Executive 37Professor David StupplesAdvisory Board MemberSkills and Experience:David is currently Director of the Centre for Cyber and Security Scienc

269、es at City University London.In his early career,he was employed as an engineer in signals intelligence in the Royal Air Force followed by a period of intensive research into surveillance systems at the Royal Signal and Radar Establishment,Malvern.He spent three years developing highly secure commun

270、ications for surveillance satellites for Hughes Aircraft Corporation in the United States of America.Later,he became a senior partner with PA Consulting Group where he undertook surveillance and intelligence systems research for Ministry of Defence(Navy)and was responsible for consultancy in secure

271、communications and surveillance systems for world-wide clients.Since 2003,David has been researching internet security at City University focused on cyber terrorism and organized cyber crime for both the UK government and commercial companies.However,he still maintains an active interest in radar su

272、rveillance research.Professor Stupples is a member of the Defence Scientific Advisory Council(DSAC),the Defence Procurement Agencys Independent Advisory Board on Systems Integration,and he consults worldwide in cyber intelligence.Alison Dyer Chair of the Advisory BoardSkills and Experience:Alison Dy

273、er joined ASOS.com in August 2022 as CISO.Prior to this,Alison was CISO at URENCO,a global supplier of enrichment services and fuel cycle products.Alison was responsible for all aspects of their information and cyber security,covering both information and operational technology.Alison has also held

274、the position of Director of GlaxoSmithKlines(GSK)global cyber security programme,where she led multiple strategic delivery workstreams including security technology,governance,culture,third party management and operational technology security.Alison holds a BEng in Mechanical Engineering from Imperi

275、al College,London and an MSc in Information Security from Royal Holloway University.The Advisory boardGOVERNANCE REPORTNaina Bhattacharya Advisory Board MemberSkills and Experience:Naina Bhattacharya is Global Chief Information Security Officer at Danone S.A.,the multinational food product corporati

276、on with over 100,000 staff in 120 countries.She is responsible for delivering the cyber security vision and roadmap for the company.Prior to Danone,she worked in consulting and had the privilege of working on complex cyber security and data privacy projects across multiple companies in several indus

277、tries.She is passionate about diversity and inclusion with a specific interest in increasing the representation of women in technology.Naina holds a BEng in Computer Science from BITS,Pilani,India and a post-graduation in management from the Indian School of Business in Hyderabad.CHAIRS INTRODUCTION

278、 The Directors acknowledge the importance of high standards of corporate governance and have adopted the principles set out in the Quoted Companies Alliance Corporate Governance Code for Small and Mid-Size Quoted Companies(the QCA Code)2018,given the Groups size and the constitution of the Board.The

279、 QCA Code sets out a standard of minimum best practice for small and mid-size quoted companies,particularly AIM companies.The Chair and the Board accept the importance and responsibility of setting good corporate culture,values and behaviours.The Board also acknowledges its responsibility in deliver

280、ing the long-term success of the Company for the benefit of shareholders and other stakeholders.This Corporate Governance Report describes how the Company has applied the principles and standards set out in the Code during the year and,to the extent it has not done so,any deviations from them.It is

281、the Boards view that the Company has complied with all of the provisions of the Code during the year ended 31 December 2022.1:ESTABLISH A STRATEGY AND BUSINESS MODEL WHICH PROMOTE LONG-TERM VALUE FOR SHAREHOLDERSThe Companys Strategic Report is on pages 3 to 30 of this report.Crosswords vision is to

282、 partner with organisations to keep them secure in the digital world.The Group reduces cyber risks for their clients by providing a portfolio of innovative products and services,powered by university and other research-driven insights.Crossword offers a range of cyber security solutions to help comp

283、anies understand and reduce cyber security risk.We do this through a combination of people and technology,in the form of SaaS and software products,consulting,and managed services.Crosswords areas of emphasis are cyber security strategy and risk,supply chain cyber,threat detection and response,and d

284、igital identity with recurring revenue models in these four areas.We work with UK universities and our products and services are often powered by academic research-driven insights.In the area of cybersecurity strategy and risk our consulting services include cyber maturity assessments,industry certi

285、fications,and virtual chief information security officer(vCISO)managed services.Crosswords end-to-end supply chain cyber standard operating model(SCC SOM)is supported by our best-selling SaaS platform,Rizikon Assurance,along with cost-effective cyber audits,security testing services and complete man

286、aged services for supply chain cyber risk management.Threat detection and response services include our Nightingale AI-based network monitoring,our Trillion and Arc breached credentials tracking platforms,and incident response.Crosswords work in digital identity is based on the World Wide Web Consor

287、tium W3C verifiable credentials standard and our current solution,Identiproof,enables secure digital verification of individuals to prevent fraud.Crossword serves medium and large clients including FTSE 100,FTSE 250 and S&P listed companies in various sectors,such as defence,insurance,investment and

288、 retail banks,private equity,education,technology and manufacturing and has offices in the UK,Poland,Oman and Singapore.Crossword is traded on the AIM market of the London Stock Exchange.Where appropriate,Crossword will transfer the IP to separate companies in which it will retain a commercial inter

289、est.So far,Crossword has been instrumental in the development of two such companies,ByzGen Limited and CyberOwl Limited.2:SEEK TO UNDERSTAND AND MEET SHAREHOLDER NEEDS AND EXPECTATIONSCrossword is committed to engaging with its shareholders to ensure that its strategy,business model and performance

290、is clearly understood.The Company communicates with shareholders and potential investors through a variety of channels,including webinars,regular financial reporting,direct contact with its major shareholders and release of regulatory announcements,which are available on its website.Regulatory annou

291、ncements include details of the Companys website and the relevant contact at the Company,as well as its professional advisors.The Annual General Meeting(AGM)provides another opportunity for dialogue between shareholders and the Board.The Chair of the Board and of the Committees,together with other D

292、irectors,routinely attend the AGM and are available to answer questions raised by the shareholders.At the meeting,each vote,the number of proxy votes received for,against and withheld is announced.The results of the AGM are subsequently published on the Companys website and released via a regulatory

293、 information service provider.Corporate Governance Report38CROSSWORD CYBERSECURITY PLC Annual Report and Accounts 39A range of corporate information,including all Company announcements,is also available to shareholders,investors and the public on the Companys corporate website,3:TAKE INTO ACCOUNT WI

294、DER STAKEHOLDER AND SOCIAL RESPONSIBILITIES AND THEIR IMPLICATIONS FOR LONG-TERM SUCCESSCrossword considers its relationships with internal and external stakeholders.Apart from our shareholders,our most important stakeholder groups are our employees,our clients and partners.The Board is regularly up

295、dated on stakeholder feedback and their potential impact on our business to enable them to understand and consider the feedback in decision-making.The Board understands that maintaining the support of all its stakeholders is paramount for the long-term success of the Company.EmployeesCrossword aims

296、to provide an environment which will attract,retain and motivate its team.The Company has a growing number of permanent staff employed across the UK,Poland,Oman and Singapore.Employee engagement with the senior management,who pride themselves on their availability and flexibility,is frequent through

297、 daily discussions and meetings.Staff are encouraged to give regular feedback in relation to their needs,interests and expectations on away days,general discussions or one-to-one meetings with their line managers.These can then be addressed at the fortnightly management meeting to all senior members

298、 of the team where further actions will be discussed.Furthermore,the team engages in a bi-weekly call where staff are able to communicate with all levels of the team across all jurisdictions.Crossword reviews its processes and policies,which are guided by our values of Responsibility,Openness,Learni

299、ng and Flexibility,to make continuous improvements for its staff.The Company has developed its induction programme for new staff,engages with employees to maintain its culture and values and expected behaviours,performs exit interviews in the event people decide to leave the business,and follow-up i

300、nterviews with new employees.Crossword is supportive of career development of its employees and provides training programmes and Masters degree opportunities where appropriate.Crosswords clients and partnersCrossword develops mutually beneficial commercial relationships with companies to support sou

301、rcing and commercialising cyber security intellectual property originating from university and other research projects and evaluating and exploiting routes to distributing and reselling its products.Crossword recognises that the establishment of a close working relationship with its partners is esse

302、ntial for its long-term success.Crossword maintains its relationship with its partners through regular meetings,mutual understanding and aligned objectives.Feedback from partners is communicated to the relevant teams and the Board as appropriate.Crosswords interacts closely with its clients to under

303、stand the cyber issues organisations are facing,in order to support clients and help them to reduce cyber risks.Crossword provides a portfolio of innovative products and services,aimed at addressing risks clients have identified.Social responsibilityCrossword partners with charities both in UK and P

304、oland.Crossword employees propose and vote on which charity they would like to support.Previously work has been undertaken to help a charity local to the London office in their efforts to support the homeless and lead them to independence and also a national mental health charity.In Poland,Crossword

305、 is supporting one of the largest,most recognisable and effective social schemes in Poland which implements and develops a system of smart,personalised aid that is unique in the world.4:EMBED EFFECTIVE RISK MANAGEMENT,CONSIDERING BOTH OPPORTUNITIES AND THREATS,THROUGHOUT THE ORGANISATIONAudit,risk a

306、nd internal controlFinancial controls The Group has an established framework of internal financial controls,the effectiveness of which is regularly reviewed by the Executive Management,the Audit Committee and the Board,in light of an ongoing assessment of significant risks facing the Group.The Board

307、 is ultimately responsible for the effectiveness of the Groups system of internal controls.Its key strategy has been to establish financial reporting procedures that provide the Board of Directors with a reasonable basis upon which to make judgements as to the financial position and prospects of the

308、 Group.Executive Directors and Non-Executive Directors have been appointed by the Board to GOVERNANCE REPORT assist with the implementation of this strategy and report progress to the Board.The Audit Committee has the primary responsibility for monitoring the quality of internal controls to ensure t

309、hat the financial performance of the Group is properly measured and reported on.It receives and reviews reports from the Groups management and external auditors relating to the interim and annual accounts and the accounting and internal control systems in use throughout the Group.The Audit Committee

310、 meets not less than three times in each financial year and has unrestricted access to the Groups external auditors.Regular budgeting and forecasting is conducted to monitor the Groups ongoing cash requirements and cash flow forecasts are circulated to the Board.The Group has a Risk Register which i

311、dentifies the potential possibility and impact of risks associated with the Group and allocates an owner to mitigate each risk.The Risk Register is updated by the Chief Financial Officer and reviewed by the Executive,the Audit Committee and the Board.Non-financial controls The Board has ultimate res

312、ponsibility for the Groups system of internal control and for reviewing its effectiveness.However,any such system of internal control can provide only reasonable,but not absolute,assurance against material misstatement or loss.The Board considers that the internal controls in place are appropriate f

313、or the size,complexity and risk profile of the Group.The principal elements of the Groups internal control system include:Close management of the day-to-day activities of the Group by the Executive Directors;An organisational structure with defined levels of responsibility,which promotes entrepreneu

314、rial decision-making and rapid implementation whilst minimising risks;Central control over key areas such as capital expenditure authorisation and banking facilities;A comprehensive annual budgeting process producing a detailed integrated profit and loss,balance sheet and cash flow,which is approved

315、 by the Board;and Detailed monthly reporting of performance against budget.The Group continues to review its system of internal control to ensure compliance with best practice,whilst also having regard to its size and the resources available.Standards and policiesThe Board is committed to maintainin

316、g appropriate standards for all the Groups business activities and ensuring that these standards are set out in written policies.Key examples of such standards and policies include:Anti-bribery and Corruption Policy Information Security Policy Data Protection Policy Share Dealing Code.All policies a

317、re documented and senior managers and Directors are responsible for monitoring the compliance with these policies.Approval processAn approvals matrix exists and is published on the Companys intranet to ensure clear and appropriate levels of authority across the business.5:MAINTAINING THE BOARD AS A

318、WELL-FUNCTIONING,BALANCED TEAM,LED BY THE CHAIRComposition,qualification and independence of the boardThe Board comprises six Non-Executive and two Executive Directors.The names and responsibilities of the current Directors,together with their biographical details,are set out on pages 32 to 37.37.5%

319、of the Board are female.62.5%of the Board are male.The Board considers each of the Non-Executive Directors to be independent in character and judgement.Two of the Non-Executive Directors do not meet the strict criteria for independence set out in the QCA Code,due to their participation in the Compan

320、ys share option arrangements,as part of their remuneration arrangements.The Board considers that the ownership of shares and participation in the Companys share options to certain of the Non-Executive Directors encourages the alignment of their interests with those of the Companys shareholders and a

321、re not material enough to compromise their independence,character and judgement.Therefore,the Company considers all Non-Executive Directors to be independent for the purposes of the QCA Code.The Non-Executive Directors provide independent,robust and constructive challenge to the Executive Management

322、 and monitor the performance of the management team in delivering the agreed objectives.40CROSSWORD CYBERSECURITY PLC Annual Report and Accounts 41All Directors have disclosed their other significant commitments and confirmed that they have sufficient time to discharge their duties effectively.Appoi

323、ntment and tenureThe Board makes decisions regarding the appointment and removal of Directors and there is a formal,rigorous and transparent procedure for appointments,some of which has been delegated to the Nomination Committee.Appointments are made on merit,taking account of the balance of skills,

324、experience and knowledge required.The Companys Articles of Association require that all Directors retire by rotation at regular intervals and that any new Directors appointed during the year must stand for election at the AGM immediately following their appointment.6:ENSURE THAT,BETWEEN THEM,THE DIR

325、ECTORS HAVE THE NECESSARY UP-TO-DATE EXPERIENCE,SKILLS AND CAPABILITIESThe Board believes that its composition brings a desirable range of skills and experience to address the Groups challenges and opportunities,while at the same time ensuring that no individuals or a small group of individuals can

326、dominate the Boards decision-making.The current Board,although considered to have a sufficient level of skills in all areas of the business,is always looking to improve and further its knowledge of the industry.All Directors receive regular and timely information on the Groups operational and financ

327、ial performance and on technical issues.An Advisory Board exists to advise and support the main Board.The Advisory Board is not a formal Committee of the Companys Board.The Advisory Board considers specific cyber security projects that the Company is interested in and share its views on them,ranging

328、 from technical innovation,engineering complexity,business viability,attractiveness to partners and investors and any other observations that the Advisory Board has.It also considers and shares thoughts on major trends in cyber security that the Company may want to engage in and share its views on t

329、he trends that the Company believes are important.InductionUpon appointment,all Directors are provided with training in respect of their legal,regulatory and governance GOVERNANCE REPORTresponsibilities and obligations,in accordance with the UK regulatory regime.The induction includes face-to-face m

330、eetings with Executive Management and site visits to orientate and familiarise the new Directors with the Companys industry,organisation,business,strategy,commercial objectives and key risks.The Board is kept up to date on legal,regulatory and governance matters at Board meetings.Additional training

331、 is available on request,where appropriate,so that Directors can update their skills and knowledge as applicable.Independent adviceAll Directors are able to take independent professional advice in the furtherance of their duties,if necessary,at the Companys expense.In addition,the Directors have dir

332、ect access to the advice and services of the Company Secretary and Chief Financial Officer.7:EVALUATE BOARD PERFORMANCE BASED ON CLEAR AND RELEVANT OBJECTIVES,SEEKING CONTINUOUS IMPROVEMENTBoard effectiveness reviewThe Board undertook a further evaluation of its performance for the during the financ

333、ial year and has continued throughout the year to measure progress against the recommendations resulting from the Board evaluation and will continue to assess its effectiveness in implementing new processes to achieve the recommendations.Furthermore,the Board conducted an evaluation in January 2023 to assess current performance and the progress made against the key focus areas.The Nomination Commi