Business Description

ECSC has developed a cyber security service model using a consultancy-led approach, which is summarised by the philosophy of ‘listen, understand, and deliver’. ECSC’s client development strategy is to build strong client trust relationships by demonstrating the Company's technical capabilities and effective management communication. The Directors believe there is an opportunity to substantially increase the scale of ECSC’s business to meet current demand and predicted market growth. The Company's Main Country of Operation is the United Kingdom.

Business Model and Competitive Advantage

As a service-led organisation, most of ECSC’s services are sold on a time and materials basis. Managed services are usually contracted for between one and three years, with clients purchasing the necessary hardware for installation on their site or a remote hosting facility. The set-up and installation of managed services is also chargeable, followed by a fixed monthly management fee for the contract duration. Additional management charges can apply for additional activities, such as out-of-hours support, or incident response.

Other consultancy-type services are normally chargeable on a daily basis. ECSC also sells pre-paid consultancy time to support client projects remotely. These are tracked in 15 minute blocks, facilitating earnings for consultant time deployed outside of on-site days.

ECSC offer incident response retainer which offer clients a guaranteed response in an incident; additional charges apply when the response is initiated.

ECSC has developed a cyber security service model using a consultancy-led approach, which is summarised by the philosophy of ‘listen, understand, and deliver’. ECSC’s client development strategy is to build strong client trust relationships by demonstrating ECSC’s technical capabilities and effective management communication.

The Company’s business model is to provide a full service of cyber security solutions to meet the client’s security needs, ranging from testing and incident response through to outsourcing and certifications.

In the Directors’ experience, over the medium to long-term, clients tend to gravitate towards ECSC’s outsourced managed security services rather than build their own in-house capabilities. This benefits clients, as they will be required to recruit and retain fewer specialist staff, and benefits the Company with longer-term revenues and economies of scale.

The Directors believe that the trend towards outsourcing will continue and that full service providers will be better placed to benefit from this. Rapid adoption of full outsourced services has historically proven to be more likely following a breach and an associated ECSC Incident Response.

Growth Opportunity

The Directors believe there is an opportunity substantially to increase the scale of ECSC’s business to meet current demand and predicted market growth. This view is informed as regards:

ECSC as a company

  • ECSC’s positioning as a proven, premium quality provider of cyber security services with a blue-chip client base
  • The depth and breadth of ECSC’s in-house developed technologies, methodologies and systems, specifically designed for remote managed services
  • The fragmented competitor landscape, with relatively few competitors offering the wide range of cyber security services offered by ECSC

Market landscape

  • The introduction of new IT products and services ahead of effective security implementation – hence the increasing frequency of data breaches
  • The proliferation of breaches making cyber security a strategic governance issue for company boards
  • The implementation of the General Data Protection Regulation (GDPR) in May 2018 now enforces a mandatory reporting of breaches to the Information Commissioner's Office (ICO) within 72 hours of discovery. The ICO can issue fines of up to 4% of global turnover or e20 million (whichever is greater) for cases of serious non-compliance.

Service Offerings

Pie chart

Market

Organisations of all sizes are being impacted by cyber security breaches. Attacker motivation includes financial gain, hacktivism, industrial espionage and cyber warfare. Recent high-profile cyber security attacks against British Airways, Superdrug, Talk Talk and Ashley Madison (amongst others) have caused major repercussions and significant reputational damage. As a result, cyber security has increasingly become a major board level concern.

The UK market for cyber security services and products was estimated to be approximately £3.3 billion with a CAGR of 6% between 2013 and 2016 (Source: ‘Competitive analysis of the UK cyber security sector’ published by BIS). The Company achieved 16.9% CAGR revenue growth in the same period. This is in the context of a global market predicted to grow from $122 billion in 2015 to $202 billion in 2021 (CAGR of 10.6%) (Source: Article ‘Cyber Security Market Worth USD 202.36 Billion by 2021’ published by Research and Markets). Within this, managed security services are expected to reach $41 billion by 2022 (CAGR of 16.6%).

In ECSC’s experience, most cyber security breaches occur because of poorly designed, badly configured IT systems, which are also managed inappropriately. In addition, the Directors believe that commercial pressures on providers of IT hardware, software, and services to introduce new products and services mean that cyber security weaknesses will continue to proliferate.

The Directors believe that the UK cyber security services market is fragmented, with many organisations providing only a small portion of what is required to meet clients’ needs. The Directors believe that the Company, by contrast, provides a wide range of cyber and information security solutions, which means that it is well placed to pursue the market opportunity at this time.

ECSC Group plc

ECSC Group plc is incorporated and registered in England and Wales under the Companies Act 2006 with Registered No. 3964848. Its main country of operation is the UK.

VAT No. 746361914

Contact

28 Campus Road
Listerhills Science Park
Bradford
BD7 1HR
United Kingdom

+44 (0) 1274 736 223

investor@ecsc.co.uk

Popular Reading


ISIN: ECSC
SEDOL: BYMJ4J9