ANNUAL
REPORT
2020
Corporate responsibility
Corporate governance
F-Secure 2020
Board of Directors’ Report
Financial statements
WE CREATE TRUST WITH OUR VALUES
Our INTEGRITY is beyond compromise.
We conquer challenges through COMMITMENT.
We exceed expectations with EXCELLENCE.
Our purpose
WE EXIST TO BUILD TRUST IN
SOCIETY AND TO KEEP
PEOPLE AND BUSINESSES SAFE
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate governance
Corporate responsibility
CONTENTS
Nobody knows cyber security like F-Secure. For three decades, F-Secure has driven innovations in cyber security, defending over , companies and millions of people. With unsurpassed experience in
endpoint protection as well as detection and response, F-Secure shields enterprises and consumers against everything from advanced cyber attacks and data breaches to widespread ransomware infections.
F-Secure’s sophisticated technology combines the power of machine learning with the human expertise of its world-renowned security labs. F-Secure’s security experts perform incident response and
forensic investigations on four continents, and its products are sold all over the world by around broadband and mobile operators and thousands of resellers.
Founded in , F-Secure is listed on the Nasdaq Helsinki.
CONTENTS
F-SECURE CORPORATION ..................
Income statement .........................
Balance sheet .............................
Cash flow statement........................
Notes to the
parent company Financial Statements ........
BOARD OF DIRECTORS’ REPORT
Board of Directors’ Report .............
Key figures ................................
Calculation of key ratios ....................
FINANCIAL STATEMENTS
F-SECURE CONSOLIDATED..................
Statement of comprehensive income.........
Statement of financial position ..............
Statement of cash flows ....................
Statement of changes in equity ..............
Notes to the Financial Statements............
Auditor’s Report ...........................
FSECURE
Key figures ...........................
Business model:
Scalable software complemented by services ..
F-Secure’s way of operating .................
Products and services ......................
CEO letter ................................
NONFINANCIAL INFORMATION
Statement of Corporate responsibility ........
CORPORATE GOVERNANCE
F-Secure’s Corporate Governance Statement ..
Board of Directors..........................
Leadership team ...........................
Remuneration report .......................
INFORMATION FOR SHAREHOLDERS
Information for shareholders ................
FSECURE 2020
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate responsibility
Corporate governance
63
96
158
72
98
170
96
95
191
123
95
217
120
100
220
KEY FIGURES 2020
Revenue
220
MEUR
Adjusted EBITDA
36
MEUR
Adjusted EBITDA margin
16%
100+
countries with sales
30+
years in the business
1,700
employees
32% Nordic
Corporate security
products
Consumer security
products
Cyber security
consulting
● Corporate security revenue
● Consumer security revenue
45% Europe
excl. Nordics
North
America 11%
Rest of world 12%
Revenue & profitability % of revenue from corporate security,
MEUR
Revenue split by region, %
Key figures
34%
21%
45%
Revenue split by business, %
FSECURE 2020
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate governance
Corporate responsibility
BUSINESS MODEL:
SCALABLE SOFTWARE COMPLEMENTED BY SERVICES
CORPORATE SECURITY PRODUCTS
CYBER SECURITY
CONSULTING
CONSUMER SECURITY
Endpoint Protection for Businesses
Managed Detection and
Response
Holistic Endpoint Protection Suite
Pure-play software detection and response
Cloud Protection – securing content
exchanged e.g. on Salesforce
F-Secure Countercept – a top-of-the-class
solution for detecting and responding to the
most demanding cyber threats
Industry leading consulting organization with
rare expertise to overcome unprecedented
cyber attacks
Comprehensive protection for consumers’
digital lives
Endpoint protection complemented by
identity and router protection
Software Business
Software Business
Service Business Software Business
/ Service Center
FSECURE 2020
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate governance
Corporate responsibility
FSECURE’S WAY OF OPERATING
“
F-Secure combines award winning cyber security
solutions for businesses and consumers with industry-
leading consulting expertise.”
● Endpoint products for businesses that utilize an
extensive network of more than , reseller
partners worldwide
● F-Secure Countercept, Managed Detection and
Response solution, relies on F-Secure experts
and industry-leading technology
● F-Secure Consulting is a multi-disciplinary
organization operating on four continents and is
well-known for its research-led methodology
● A strong and scalable consumer business
supported by a global network of around
telecommunication operators
, companies
CHANNEL PARTNERS
6,000+ globally
DIRECT
SALES
Endpoint protection for businesses
Managed Detection
and Response
enterprises Tens of millions of consumers
DIRECT SALES
300+ consultants
OPERATORS
200+ globally
RETAIL &
E-COM
Global multi-disciplinary organization
Direct
Business
Operator partners
C C
E E
C C
C C
E E
C C
C
E E
C
C C C C C
C C C C C C C C C C
C C C C C C C C C C C C C C C
C C C C
C C C C C
Consumer Security ProductsCyber Security ConsultingCorporate Security Products
FSECURE 2020
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate governance
Corporate responsibility
In corporate security F-Secure provides a broad range of cyber
security products, managed detection and response solutions and
cyber security consulting to companies globally with a focus on
the mid-market and local enterprises.
Detection & Response solutions (EDR & MDR)
MDR: F-Secure Countercept – Advanced threat hunting and
continuous response capabilities against targeted attacks
delivered as a managed service. Provides / monitoring, alerts
within minutes, and gives clear guidance on how to respond
EDR: F-Secure Rapid Detection & Response – Customer- or
partner-managed software solution for detecting and responding
to targeted attacks
Prevention solutions
F-Secure Protection Service for Business – Cloud-hosted
endpoint security
F-Secure Business Suite – On-site deployed endpoint security
F-Secure Cloud Protection for Salesforce – Content level security
for Salesforce’s customers
F-Secure Cloud Protection for Microsoft Office – Advanced
protection for online exchange of content
Prediction solutions
F-Secure Radar – Vulnerability scanning and management
platform
phishd – Anti-phishing behavior management platform
In consumer security the company provides a comprehensive
range of endpoint protection, privacy and password management
solutions, and security for all the connected devices at home,
both separately and as a bundled premium offering (F-Secure
TOTAL). The majority of consumer sales comes from the sale of
endpoint protection products through the operator channel, but
the company also sells consumer products through various retail
partners, as well as the company’s own web shop.
F-Secure SAFE – Easy to use antivirus
and internet security, including Family
rules to let you set healthy boundaries
for your children’s device use.
F-Secure FREEDOME – VPN that
hides your online activity to ensure
anonymous and secure internet
browsing.
F-Secure KEY – A light and easy
password manager, allowing you to
store your passwords securely and
access them from any device.
F-Secure SENSE – A software-based
solution integrated in operators’
broadband routers to secure all
devices and the entire connected
home against online threats.
F-Secure ID PROTECTION –
Combines personal information
monitoring against data breaches with
password manager to create strong
passwords.
Corporate security
Consumer security
PRODUCTS AND SERVICES
Cyber security services
F-Secure provides premium consultancy services for all areas of
cyber security on four continents, including services such as:
– F-Secure Cyber Incident & Resilience Services
– F-Secure Security Assessments
– F-Secure Red Team Testing
– F-Secure Cyber Risk Management
FSECURE 2020
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate governance
Corporate responsibility
The past year was characterized by the COVID- pandemic, which disrupted the lives and operations of
both people and organizations alike. F-Secure’s first priority was to ensure the health and safety of our
employees, along with ensuring full business continuity to our customers. The transition to remote work
was smooth and all cyber security operations protecting our customers remained unaffected.
SOFTWARE BUSINESSES SHOWED THEIR RESILIENCE
Juhani Hintikka
CEO LETTER
During the pandemic our software businesses for both corporate
customers and consumers showed their resilience, whereas our
consulting business experienced a clear negative impact from
the challenging operating environment. As a result, the group
revenue remained at the previous year’s level at EUR . million
(.m), while adjusted EBITDA improved significantly to EUR .
million (.m) which translates to a margin of %. The profitability
increase comes from lower activity levels influenced by the
COVID- pandemic and prudent cost management.
Cyber criminals took advantage of the increased
attack surface after the COVID- outbreak
Cyber criminals moved quickly to capitalize on the COVID-
breakout with a rapid rise of pandemic-related malicious domains
and phishing campaigns. The explosion of remote working and
boost in digitalization due to the pandemic also increased attacks
that looked for ways to exploit vulnerabilities brought on by
this shift. The frequency and scope of attacks targeting critical
infrastructure, the healthcare sector, major corporations and
governments grew significantly. In the year some of such
developments included: large ransomware attacks against major
corporations, increased attacks against cloud infrastructure, and
attacks targeting the COVID- vaccine research.
The majority of cyber attacks are financially motivated, even
though the most damaging ones are orchestrated by state-
sponsored threat actors. A good example is the supply chain attack
against SolarWinds at the end of last year, which according to
multiple public officials was backed by a nation-state actor. This
attack had an impact on both governmental organizations, as well
as many companies globally.
CEO LETTER
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate governance
Corporate responsibility
Top results in external evaluations highlight F-Secure’s
technological capability in fighting the most advanced
threats and securing the digital lives of individuals
F-Secure holds a broad portfolio of solutions to secure businesses and the digital
lives of consumers. The common denominator is F-Secure’s ability to innovate,
whether it means deploying software products with the latest technology or
fighting the most advanced persistent threats.
Our abilities have been yet again proven by recognitions in the field of detection
and response in the MITRE ATT&CK evaluation by Forrester Research and in
endpoint protection by achieving high scores throughout the year in various
AV-test.org evaluations. The top scores achieved in these independent tests are a
testimony to the high-quality research and development work done by F-Secure,
setting us apart from the competition.
All businesses are set for a successful year to come
F-Secure is now a well-established player in the MDR (Managed Detection and
Response) market. Despite the prolonged sales cycles due to the pandemic,
F-Secure Countercept won tens of new deals around the globe within industry
verticals that are the most targeted by hackers. These customers place their faith
in our hands with multiyear deals highlighting the great growth opportunity for
us.
The year in endpoint protection for businesses was characterized by the
order intake growing clearly faster than revenue. This was especially noticeable
within our cloud native solutions, which is a sign of good and developing
momentum among the channel partners.
In consumer security we saw an increase in activation rates and a solid renewal
performance in our core solutions, including both the operator and direct
channels. The future of this business line looks better than for years, as we
came to win new operator deals – including our latest solutions: F-SECURE ID
PROTECTION and SENSE.
For consulting the year ended with a positive sentiment, even though this
business was clearly hit by the pandemic during the year. In the long term the
market remains attractive for profitable growth.
F-Secure builds trust in society and
keeps people and businesses safe
Since I joined the company in November, I have been excited to learn that the
company has developed some of the most sought after technology and employs
many of the greatest talents in the cybersecurity industry. In order to protect our
customers, it is pivotal to have visibility into the most challenging real-life attacks
worldwide. I have been impressed to see how we utilize the combination of our
expertise and the company’s deep roots in technology.
Given the changes in the business environment, F-Secure’s mission of building
trust in society and keeping people and business safe is more important than
ever.
Juhani Hintikka
“
In order to protect
our customers it
is pivotal to have
visibility into the
most challenging
real-life attacks
worldwide.”
CEO LETTER
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate governance
Corporate responsibility
BOARD OF DIRECTORS’
REPORT 2020
In 2020 the COVID-19 pandemic impacted the whole business
environment and ways of working. Throughout the year F-Secure
ensured safety of its employees and business continuity to its
customers. F-Secure’s scalable software businesses showed their
resilience, whereas consulting was impacted by the pandemic.
From a financial standpoint, the positive profitability development
carried on resulting in an adjusted EBITDA of EUR 35.7 million (EUR
23.2m).
In endpoint security for businesses, the new order growth
characterized the year of 2020, yet the revenue remained at the
previous year’s level. The notable development in orders sows
the seed for revenue growth. The sales performance stems from
close cooperation with channel partners, as well as from the
enhancements made to the unified management interface, which
are valued by F-Secure’s end customers and partners.
Consumer security had the largest revenue growth in 2020.
Compared to recent years, the overall sentiment regarding the
business has improved due to the good sales performance of
F-Secure’s conventional product offering. In addition, F-Secure
managed to secure new deals for the latest consumer solutions,
F-Secure SENSE and ID PROTECTION, which demonstrate growth
potential in the longer term.
One of F-Secure’s main growth areas, Managed Detection
and Response (MDR), experienced the effects from the global
pandemic as sales cycles were prolonged. Despite of market
uncertainties, F-Secure was able to gain many new customers
around the globe. F-Secure Countercept’s technological
competitiveness was once again highlighted by its impressive
scores in a third-party evaluation.
Cyber security consulting was impacted by the COVID-19
pandemic, which led to a reduction of 8% in revenue. The
pandemic has complicated the short-term predictability of the
business, however in the long term the market remains attractive
for profitable growth.
BOARD OF DIRECTORS’ REPORT
Financial statements
Corporate governance
Corporate responsibility
F-Secure 2020
Board of Directors’ Report
Financial performance and key figures
Total revenue in January–December remained at the previous
year’s level, and was EUR 220.2 million (217.3m). Corporate security
represented 55% (56%) of all revenue and consumer security 45%
(44%).
Corporate security
Revenue from corporate security remained at the previous year’s
level, and was EUR 120.1 million (122.5m).
Products
Revenue from Endpoint Protection (EPP) solutions increased from
the previous year’s level, excluding the effect from discontinued
products. The renewal performance with the existing EPP
installations remained on a good level. The growth of new orders
outpaced revenue growth clearly throughout the year. There
is increasing demand for solutions that are sold adjacent to
traditional EPP such as Cloud Protection products. Also, the sales
of Endpoint Detection and Response (EDR) increased although
majority of the business still emerges from traditional EPP. Over
the previous quarters there has been a rise in contract duration,
meaning that the revenue impact of new orders is spread over a
longer time period.
Revenue from Managed Detection and Response (MDR) solutions
(F-Secure Countercept) increased compared to the previous
year’s level although it was negatively impacted by the extended
sales cycles caused by COVID-19. Renewal performance was good
throughout the year. Several new deals were won around the
world in demanding customer verticals, such as media, critical
infrastructure and finance.
Cyber security consulting
Revenue from cyber security consulting decreased by 8% to
EUR 45.8 million (50.0m) as the business was hit by the COVID-19
pandemic. The pandemic outbreak caused a slowdown in sales,
blocked physical access to some customer sites, and made
customers evaluate more cautiously how much to spend on
cyber security. Low utilization rates were countered in impacted
countries with furloughs. In the Nordics, a particularly large project
is in its finalization phase, which meant a reduction in scope
when compared to the previous year. By the end of the year the
development was positive due to organizations adjusting to the
situation.
Consumer security
Revenue from consumer security increased by 6% to EUR 100.1
million (94.8m). Revenue from both operator channel and direct
business grew. The reported revenue growth contains a slight
positive impact related to one-off items.
Operators
The operator channel revenue grew from the previous year’s level
which stems mainly from the sales of our core endpoint protection
solutions. The close cooperation with global operator partner
network and boost in digitalization since the pandemic outbreak
have generated an increase in product activation and usage rates.
The negative impact from COVID-19 pandemic is mainly related
to the prolonging of F-Secure SENSE and ID PROTECTION sales
cycles and launch timelines.
Direct sales
Revenue from the direct sales to consumers grew from the
previous year’s level, and it was driven by the positive performance
of our bundled solution, F-Secure TOTAL. The overall renewal
performance was on a good level throughout the year. Especially
ecommerce sales performed well.
Gross margin
Gross margin increased by 3% to EUR 172.2 million (166.8m), or 78%
of revenue (77%). Relative gross margin increased compared to the
previous year as cyber security consulting’s share of all revenue
decreased.
Operating expenses
Operating expenses excluding depreciation, amortization and
impairment and IAC items decreased by EUR 6.6 million to EUR
138.5 million (145.1m) especially due to lower sales and marketing
activity driven by the COVID-19 pandemic.
Depreciation and amortization decreased by EUR 8.0 million and
was EUR 16.0 million (24.0m). PPA amortization from acquisitions
was EUR 3.2 million (4.1m). Impairment of goodwill EUR 6.0 million
was booked during the comparative period.
Profitability
Adjusted EBITDA was EUR 35.7 million and 16.2% of revenue (23.2m,
10.7%) and adjusted EBIT was EUR 22.9 million and 10.4% of revenue
(9.6m, 4.4%). Profitability improved due to lower operating
expenses and revenue growth from the consumer security.
EBITDA was EUR 35.7 million and 16.2% of revenue (31.1m, 14.3%).
EBIT was EUR 19.7 million and 8.9% of revenue (7.2m, 3.3%) including
EUR 3.2 million of PPA amortization.
Cash flow
Cash flow from operating activities before financial items and
taxes improved significantly, and was EUR 48.3 million (19.0m).
Group result excluding non-cash flow impacting items, such as
adjustments to PPA, improved from the previous year generating
higher cash flow. High order intake with upfront payments
resulted in improved net working capital. In total, changes in net
working capital increased cash flow by 17.4 million. Cash flow from
operations was EUR 46.7 million (18.5m).
Acquisitions and financing arrangements
F-Secure did not carry out acquisitions during 2020.
Company did not enter new financing agreements during 2020.
Bank loan repayments were made according to the schedule.
Total repayments for term loan during 2020 were EUR 6.0 million.
Company’s financing agreement includes a committed revolving
credit facility (RCF) of EUR 23.0 million to decrease short-term
BOARD OF DIRECTORS’ REPORT
F-Secure 2020
Financial statements
Corporate governance
Corporate responsibility
Board of Directors’ Report
liquidity risk. Remaining bank loans at the end of the financial year
were EUR 30.0 million of which RCF represents EUR 5.0 million.
During next 12 months EUR 6.0 million of remaining term loan will
be paid according to the financing agreement.
The financing agreement includes conventional loan covenants
related to ratio of net debt to EBITDA and equity ratio. F-Secure
complied with the covenants throughout the reporting period.
Changes in group structure
Following changes have occurred in the Group structure during
the financial year:
On 31 December 2020 F-Secure Polska S.A. and F-Secure Cyber
Security Sp. z.o.o. merged with F-Secure Sp z.o.o. After the merger
F-Secure operates only one legal entity, F-Secure Sp. z.o.o., in
Poland.
F-Secure SDC SAS in France and F-Secure PTE Ltd in Singapore
were liquidated during last quarter of 2020.
Capital structure
F-Secure’s financial position remained solid. At the end of the year
F-Secure’s cash and cash equivalents totaled EUR 51.4 million (25.5
million). Equity ratio on 31 December 2020 was 52.5% (49.0%) and
gearing ratio was -14.1% (20.8%).
Capital expenditure
Capital expenditure was EUR 14.3 million (12.8 million). Capitalized
development expenses were EUR 5.5 million (6.2 million).
Research and development
F-Secure’s research and development expenditure amounted to
EUR 41.9 million in 2020, representing 19% of revenue (EUR 39.6m,
18%). Capitalized development expenses were EUR 5.5 million (EUR
6.2 million).
F-Secure has consistently earned top marks in third-party
technology evaluations for providing the best protection,
advanced detection & effective response capabilities and high
customer satisfaction. This speaks for the company’s superior
ability to understand the security attack landscape and to innovate
by drawing meaningful conclusions from versatile sources of
data. F-Secure collects and combines security data derived from
different sensor types; servers, endpoints such as desktops or
mobile devices, and cloud platforms. This data is analyzed in
real time utilizing artificial intelligence and results in rapid, high
fidelity detections and security analytics. The threat detection
is augmented with tailored and expert driven threat hunting
activities which combined lead to industry-leading solutions.
F-Secure’s Detection and Response solutions achieved excellent
scores also in the second round of MITRE ATT&CK evaluation
highlighting the efficiency and accuracy of F-Secure Countercept.
F-Secure is developing one core XDR (Extended Detection and
Response) technology platform for its customers. The transfer of
MDR (Managed Detection and Response) customers to the new
platform began in 2020 and will continue in 2021. The development
of the underlying technology continues e.g. by enhancing the
solution on different operating systems and cloud platforms.
In 2020, F-Secure’s endpoint products for businesses were further
strengthened by introducing a new solution to the cloud-based
technology suite – Cloud Protection for Microsoft Office 365. In
addition, the development of the suite’s unified management
interface for business customers continued. The aforementioned
improvements result in enhanced usability that make us a
preferred vendor for channel partners. F-Secure’s ability to offer
best-in-class protection for both businesses and consumers
was again highlighted by receiving industry-leading scores for
Windows antivirus software at AV-test.org evaluations throughout
the year.
In consumer security the latest solutions, F-Secure SENSE and
ID PROTECTION, were developed further and unification of the
user experience continued in 2020. Development of F-Secure
SENSE is done in cooperation with operator partners and router
manufacturers to enable e.g. the product’s deployment over
various different router architectures. Important milestone for
F-Secure ID PROTECTION was launching the product also in
direct sales channel. In addition, the development work around
combined user experience aims at making the use of F-Secure’s
consumer product portfolio as seamless as possible.
Organization and leadership
Personnel
At the end of the year, F-Secure had 1,678 employees, which shows
a net decrease of 18 employees (-1%) since the beginning of the
year (1,696 on 31 December 2019).
Leadership team
At the end of the year, the composition of the Leadership Team
was the following:
Juhani Hintikka (CEO & President), Eriikka Söderström (CFO), Jyrki
Tulokas (Security Research & Technologies), Antti Hovila (Strategy,
Brand & Communications), Kristian Järnefelt (Consumer Security),
Juha Kivikoski (Business Security), Edward Parsons (Cyber Security
Consulting), Tim Orchard (Managed Detection & Response) Jari
Still (Information & Business Services) and Eva Tuominen (People
Operations & Culture).
Juhani Hintikka was appointed President and CEO of F-Secure
Corporation, effective 1 November, 2020.
In February 2021, Ari Vänttinen started as Chief Marketing Officer.
Consequently, Antti Hovila is now Executive Vice President,
Strategy & Portfolio.
Shares, Shareholders’ Equity, Own Shares
The total number of company shares is currently 158,798,739. The
company’s registered shareholders’ equity is EUR 1,551,311.18. The
company held 607,108 of its own shares at the end of the year.
In 2020, under the authorization held by the Board of Directors,
F-Secure transferred a total of362,530 treasury shares to its
employees and members of the Leadership Team, as settlement
under F-Secure’s share based incentive plans. The shares were
BOARD OF DIRECTORS’ REPORT
F-Secure 2020
Financial statements
Corporate governance
Corporate responsibility
Board of Directors’ Report
transferred without consideration and in accordance with the plan
rules.
In accordance with the decision by the Annual General Meeting,
40% of the fees paid to the Members of the Board of Directors
in 2020 were paid in F-Secure shares. In total, 42,106 of F-Secure
treasury shares were transferred to the Members of the Board.
Information on the authorizations held by theBoard of Directors
in 2020 to issue shares and special rights entitling to shares, to
transfer shares and repurchase own shares, is available in the
section on the Annual General Meeting.
Risks and uncertainties
The following risks and uncertainties can adversely impact
F-Secure’s sales, profitability, financial condition, market share,
reputation, share price or the achievement of the company’s short-
and long-term objectives. The matters described here should not
be construed as exhaustive list. The most significant risks are:
COVID- pandemic
Cyber security consulting and the new sales of Managed
Detection and Response (MDR) service are negatively affected
by the COVID-19 pandemic. Further slowdown in the new sales of
software products and Managed Detection and Response (MDR)
solutions may occur if the situation prolongs.
Goodwill is tested for impairment annually and whenever there is
indication that it might be impaired. The impacts of the pandemic
on cyber security consulting can be seen as such indication, and an
additional impairment testing of consulting goodwill was carried
out during the second quarter based on updated long-term
forecasts. Yearly impairment tests of Consulting and MDR goodwill
were carried out at the end of the year. None of them resulted in
impairment, although long-term forecasts include higher level of
uncertainty due to prolonged pandemic. Management continues
to assess the need for updated testing regularly.
Under the pandemic an increase in credit losses and delayed
customer payments may occur. During the financial year
significant risks have not realized, but as the impacts of the
pandemic on customers may arise in longer term, management
has reassessed the provision for expected credit losses under IFRS
9 and a slight increase has been booked during the financial year
to address increased risk.
Cyber security incident
Cyber security attacks threaten the confidentiality, integrity and
availability of F-Secure’s products, services and the enterprise.
F-Secure builds cyber resilience by continually improving its
capability to identify, protect, detect and respond to relevant
threats.
Endpoint protection market disruption
Endpoint security market is highly competitive. Operating system
manufacturers have increased their focus to built-in security
features and at the same time new vendors and technologies
have emerged. F-Secure has to succeed in maintaining in-depth
understanding of cyber security threat landscape, hacker
techniques and technologies used as well as continue to innovate
in defense technologies.
Market consolidation
The cyber security market is consolidating due to economies of
scale. F-Secure has to succeed in finding the right acquisition
targets, as well as successfully integrating the target companies.
Risks relating to launch of new technologies
In a rapidly evolving industry it is vital to keep the products
and services relevant to the customers while introducing
new technologies to the market on-time. F-Secure is driving
technology simplification and R&D effectivization initiatives as well
as investments to artificial intelligence to ensure a competitive
product portfolio.
Attracting and retaining talent
Competition for capable personnel is increasing and there is
structural undersupply of talent in the cyber security industry.
F-Secure is continuously developing and adopting new ways of
recruitment, building its own talent and knowledge pools and
investing to training and development of personnel.
Geopolitical risks
F-Secure operates globally in different countries, and local
regulation is exposing the company to geopolitical risks, including,
for instance, unfavorable tax matters or export controls. Changes
in regulations or their application, applicable to current or new
technologies or services, may adversely affect F-Secure’s business
operations.
Currency fluctuations
Increased amount of operations and sites outside the Eurozone in
different currencies exposes F-Secure to an increased risk related
to currency fluctuations.
The Annual General Meeting
The Annual General Meeting of F-Secure Corporation was held
on 12 May 2020. The Meeting confirmed the financial statements
for the financial year 2019. The members of the Board and the
President and CEO were discharged from liability. The Annual
General Meeting decided to distribute no dividend for year 2019.
It was decided that the annual remuneration of the Board of
Directors remains unchanged: EUR 80,000 for the Chairman of the
Board of Directors, EUR 48,000 for the Committee Chairmen, EUR
38,000 for the members of the Board of Directors, and EUR 12,667
for a member of the Board of Directors belonging to the personnel
of the Company. Approximately 40% of the remuneration will be
paid as the Company’s shares.
It was decided that the number of Board members is seven (7).
The following current Board members were re-elected: Tuomas
Syrjänen, Pertti Ervi, Bruce Oreck, Päivi Rekonen and Risto
Siilasmaa. Keith Bannister and Robert Bearsby, who belongs to the
personnel of F-Secure Corporation, were elected as new members
of the Board of Directors. The Board elected Risto Siilasmaa as
BOARD OF DIRECTORS’ REPORT
F-Secure 2020
Financial statements
Corporate governance
Corporate responsibility
Board of Directors’ Report
the Chairman of the Board. The Board nominated Siilasmaa as the
Chairman of the Personnel Committee and Bruce Oreck and Päivi
Rekonen as members of the Personnel Committee. Pertti Ervi was
nominated as the Chairman of the Audit Committee and Tuomas
Syrjänen, Keith Bannister and Robert Bearsby were nominated as
members of the Audit Committee.
It was decided that the remuneration to the Auditor will be paid in
accordance with the approved invoice. PricewaterhouseCoopers
Oy was elected as the Company’s auditor. Mr. Janne Rajalahti, APA,
acts as the Responsible Auditor.
The Annual General Meeting authorized the Board of Directors
to decide upon the repurchase of a maximum of 10,000,000 of
the Company’s own shares in one or several tranches and with
the Company’s unrestricted equity. The authorisation entitles the
Board of Directors to decide on the repurchase also in deviation
from the proportional holdings of the shareholders (directed
repurchase). The authorisation comprises the repurchase of shares
either on a regulated market on Nasdaq Helsinki Ltd in accordance
with its rules and guidelines in which case the repurchase price
is determined on the basis of the stock exchange price at the
time of repurchase, or with a purchase offer to the shareholders
in which case the repurchase price must be the same for all
shareholders. The Company’s own shares shall be repurchased
to be used for carrying out acquisitions or implementing other
arrangements related to the Company’s business, for improving
the Company’s financing structure, as part of the implementation
of the Company’s incentive scheme or otherwise to be transferred
further or cancelled. The authorisation includes the right of the
Board of Directors to decide on all other terms related to the
repurchase of the Company’s own shares. The authorisation is valid
until the next Annual General Meeting, in any case until no later
than 30 June 2021, and it terminates the authorisation given to the
Board of Directors by the Annual General Meeting of year 2019
concerning the repurchase of the Company’s own shares.
The Annual General Meeting authorized the Board of Directors
to decide on the issuance of a maximum of 31,000,000 shares
through a share issue as well as by issuing options and other
special rights entitling to shares pursuant to Chapter 10, Section
1 of the Companies Act in one or several tranches. The maximum
number of the shares corresponds to 19.5% of the Company’s
registered number of shares. The authorisation concerns both the
issuance of new shares and the transfer of treasury shares held by
the Company. The authorisation entitles the Board of Directors to
decide on all terms related to the share issue as well as the issuance
of options and other special rights entitling to shares. The issuance
of shares may be carried out in deviation from the shareholders’
pre-emptive subscription right (directed issue). The authorisation
may be used for carrying out potential acquisitions or other
transactions or share-based incentive schemes or otherwise
for purposes decided by the Board of Directors. The Board of
Directors is also entitled to decide on the sale of treasury shares
on a regulated market on Nasdaq Helsinki Ltd in accordance with
its rules and guidelines. The authorisation is valid until the next
Annual General Meeting, in any case until no later than 30 June
2021, and it terminates the authorisation given to the Board of
Directors by the Annual General Meeting of year 2019 concerning
the share issue and the issuance of special rights entitling to shares.
Market overview
The growing number and variety of connected devices as well
as digital services continues to create security challenges for
both businesses and individuals. Combined with the increasing
complexity of IT systems, tightening regulation and increasing
significance of geopolitics, these trends are driving demand for
security products and services. While advanced cyber-attacks are
becoming more common and persistent, criminals are targeting
companies of all sizes along with consumers by taking advantage
of vulnerabilities in popular software, both traditional and new
connected devices as well as online services. Apart from pure
criminal activity, governments and hacktivists use vulnerabilities
and malware for things including espionage and surveillance.
Attacks against corporations often go undetected for months.
As most companies lack relevant capabilities for detection and
response, it is estimated that the demand for both Endpoint
Detection and Response (EDR) solutions and Managed Detection
and Response (MDR) will continue to increase rapidly. The new
detection and response capabilities are supplementing existing
endpoint protection solutions (EPP), causing the EPP market to be
in transition. Overall, as organizations are increasingly adopting
cloud services, they seek managed security services and cloud-
based delivery to help them maintain control of their security.
The consumer security software market continues to be impacted
by the changing device landscape, app stores and online sales
overall. On the whole, the number of connected smart home
devices is growing very rapidly, and as a result, telecommunication
operators are investing heavily in upgrading connectivity and
introducing new security related services into their offerings. As
consumers become increasingly aware of the threats to their
privacy and security, they seek to buy more comprehensive
solutions to secure their digital lives. This creates opportunities for
innovative new security products.
Outlook
F-Secure’s financial outlook for 2021 is:
– Revenue from corporate security products is expected to grow
at a high single-digit rate.
– Revenue from cyber security consulting is expected to grow
but uncertainty remains due to the COVID- pandemic.
– Revenue from consumer security is expected to grow approxi
-
mately at the same rate as in .
– Adjusted EBITDA is expected to remain approximately at the
previous year’s level (EUR . million).
The COVID-19 pandemic continues to impact the predictability
of cyber security consulting and can also impact the new sales of
software solutions. The related risks are described in this Annual
Report 2020.
BOARD OF DIRECTORS’ REPORT
F-Secure 2020
Financial statements
Corporate governance
Corporate responsibility
Board of Directors’ Report
Dividend proposal
The company’s dividend policy is to pay approximately half of
its profits as dividends. On December 31, 2020, F-Secure Oyj’s
distributable funds totaled EUR 74.6 million, EUR 14.8 million of
which was the net profit for the period. No material changes have
taken place in the company’s financial position after the balance
sheet date.
F-Secure’s Board of Directors proposes that a dividend of EUR
0.04 per share which totals EUR 6.4 million in dividends, be paid
on the basis of the balance sheet to be adopted for the financial
year that ended December 31, 2020. The dividend shall be paid
to shareholders who are registered in the company’s shareholder
register maintained by Euroclear Finland Oy on the record date
for the dividend payment, March 26, 2021. The Board of Directors
proposes that the dividend will be paid on Thursday, 8 April 2021.
Events after period-end
No other material changes regarding the Company’s business or
financial position have occurred after the end of the year.
Helsinki, 9 February 2021
F-Secure Corporation
Board of Directors
Risto Siilasmaa
Pertti Ervi
Bruce Oreck
Päivi Rekonen
Tuomas Syrjänen
Keith Bannister
Robert Bearsby
President and CEO
Juhani Hintikka
BOARD OF DIRECTORS’ REPORT
F-Secure 2020
Financial statements
Corporate governance
Corporate responsibility
Board of Directors’ Report
0
2
4
6
8
10
0
1
2
3
4
0
1
2
3
4
5
million EUR
Economic indicators
IFRS
IFRS
IFRS
IFRS
IFRS
Revenue (MEUR) *
Revenue growth % % % % % %
EBIT (MEUR) *
% of revenue % % % % %
Result before taxes *
% of revenue % % % % %
ROE (%) % % % % %
ROI (%) % % % % %
Equity ratio (%) % % % % %
Investments (MEUR)
% of revenue % % % % %
R&D costs (MEUR) *
% of revenue % % % % %
Capitalized development (MEUR)
Gearing % –% % % –% –%
Wages and salaries (MEUR)
Personnel on average
Personnel on Dec
* For only continuing operations.
Key ratios
IFRS
IFRS
IFRS
IFRS
IFRS
Earnings / share (EUR)
Earnings / share (EUR) continuing
operations
Earnings / share diluted
Earnings / share diluted continuing
operations
Shareholders’ equity per share
Dividend per share *
Dividend per earnings (%) % % % % %
Effective dividends (%) % % % % %
P/E ratio
Share price, lowest (EUR)
Share price, highest (EUR)
Share price, average (EUR)
Share price Dec
Market capitalization (MEUR)
Trading volume (millions)
Trading volume (%) % % % % %
* Board proposal
Adjusted number of shares IFRS IFRS IFRS IFRS IFRS
average during the period
average during the period, diluted
Dec
Dec , diluted
● Turnover EUR ● Average price
Turnover and average share price
per month
KEY FIGURES
F-Secure has applied new IFRS16 standard from January 1, 2019 onwards with modified approach and comparatives are not restated. IFRS 15 and IFRS 9 standards have been applied from January 1, 2018 onwards
and 2017 financials are restated retrospectively. Figures for 2016 are not restated and thus not fully comparable.
F-Secure 2020
Financial statements
Corporate governance
Corporate responsibility
Board of Directors’ Report
Equity ratio, %
Total equity
Total assets – advance payments received
ROI, %
Result before taxes financial expenses
Total assets – non-interest bearing liabilities (average)
ROE, %
Result for the period
Total equity (average)
Gearing, %
Interest bearing liabilities – cash and bank and financial asset through profit and loss
Total equity
Earnings per share, EUR
Profit attributable to equity holders of the company
Weighted average number of outstanding shares
Shareholders’ equity
per share, EUR
Equity attributable to equity holders of the company
Number of outstanding shares at the end of period
P/E ratio
Closing price of the share, end of period
Earnings per share
Dividend per earnings, %
Dividend per share
Earnings per share
Effective dividends, %
Dividend per share
Closing price of the share, end of period
Operating expenses
Sales and marketing, research and development and administration costs
EBITDA
EBIT depreciation, amortization and impairment
CALCULATION OF KEY RATIOS
F-Secure 2020
Financial statements
Corporate governance
Corporate responsibility
Board of Directors’ Report
Reconciliation between adjusted EBITDA, EBITDA, adjusted EBIT and EBIT
EUR Consolidated Consolidated
Adjusted EBITDA
Adjustments to EBITDA
Change in fair value of contingent consideration
Restructuring –
EBITDA
Depreciation, amortization and impairment losses – –
EBIT
Adjusted EBIT
Adjustments to EBIT
Change in fair value of contingent consideration
PPA amortization – –
Impairment –
Restructuring –
EBIT
Classification of adjusted costs in operating expenses
Operating Expenses
Restructuring
Expenses for
adjusted EBIT Depreciation Impairment PPA amortization
Operating Expenses
for Adjusted EBITDA
Sales and marketing – – –
Research and development – – –
Administration – – –
Operating expenses – – –
Operating Expenses
Restructuring
Expenses for
adjusted EBIT Depreciation Impairment PPA amortization
Operating Expenses
for Adjusted EBITDA
Sales and marketing – – –
Research and development – – –
Administration – – –
Operating expenses – – –
F-Secure 2020
Financial statements
Corporate governance
Corporate responsibility
Board of Directors’ Report
Shares and share ownership distribution, Dec
Shares
Number of
shareholders
% of
shareholders Total shares % of shares
– % %
– % %
– % %
– % %
– % %
Total % %
Shareholders by category, Dec Total shares % of shares
Corporations %
Financial and insurance institutions %
General government %
Non-profit organizations %
Households %
Other countries and international organizations %
Total %
Largest shareholders and administrative register
Owner Shares % of shares % of votes
Risto Siilasmaa % %
Nordea Bank Abp % %
Skandinaviska Enskilda banken AB % %
Nordea Nordic Small Cap Fund % %
Mandatum Life Insurance Company % %
Elo Mutual Pension Insurance Company % %
Ilmarinen Mutual Pension Insurance Company % %
The State Pension Fund % %
Varma Mutual Pension Insurance Company % %
Nordea Finland Fund % %
Administrative register Shares % of shares % of votes
Nordea Pankki Suomi Oyj % %
Skandinaviska Enskilda Banken % %
Other registers % %
Other shareholders % %
Total % %
Own shares F-Secure Corporation %
Total %
Ownership of management
Board of Directors Shares % of shares
Risto Siilasmaa %
Pertti Ervi %
Tuomas Syrjänen %
Bruce Oreck %
Päivi Rekonen %
Keith Bannister %
Robert Bearsby %
Total %
Executive team Shares % of shares
Jari Still %
Eriikka Söderström %
Kristian Järnefelt %
Jyrki Tulokas %
Juha Kivikoski %
Ed Parsons %
Juhani Hintikka
Eva Tuominen
Antti Hovila
Tim Orchard
Total %
Ownership of management
The Board of Directors owned a total of 60,137,306 shares on December 31, 2020. This represents
37.9percent of the Company’s shares and 38.0 percent of votes.
Shares and shareholders
F-Secure 2020
Financial statements
Corporate governance
Corporate responsibility
Board of Directors’ Report
STATEMENT OF COMPREHENSIVE INCOME JAN 1DEC 31, 2020
EUR Note
Consolidated,
IFRS
Consolidated,
IFRS
REVENUE () 220,204 217,338
Cost of revenue () –47,996 –50,549
GROSS MARGIN 172,208 166,789
Other operating income () 2,108 14,049
Sales and marketing (, , ) –95,625 –105,988
Research and development (, , ) –41,891 –39,568
Administration (, , ) –17,120 –28,122
EBIT 19,680 7,160
Financial income () 2,443 1,424
Financial expenses () –5,666 –4,337
PROFIT (LOSS) BEFORE TAXES 16,457 4,247
Income tax () –3,581 –882
RESULT FOR THE FINANCIAL YEAR 12,875 3,365
Other comprehensive income
Exchange difference on translation of foreign operations –7,361 5,081
COMPREHENSIVE INCOME FOR THE YEAR 5,514 8,446
Result of the financial year is attributable to:
Equity holders of the parent 12,875 3,365
Comprehensive income for the year is attributable to:
Equity holders of the parent 5,514 8,446
Earnings per share
– basic and diluted () 0.08 0.02
FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
STATEMENT OF FINANCIAL POSITION DEC 31, 2020
EUR Note
Consolidated,
IFRS
Consolidated,
IFRS
ASSETS
NON-CURRENT ASSETS
Tangible assets (, ) 14,064 15,594
Intangible assets () 34,016 36,519
Goodwill (, , ) 81,944 88,398
Deferred tax assets () 3,954 3,072
Other receivables () 579 573
Total non-current assets 134,557 144,156
CURRENT ASSETS
Inventories () 74 107
Accrued income () 3,398 3,451
Trade and other receivables (, ) 47,462 53,857
Income tax receivables () 872 2,301
Financial asset at FVTPL () 61 66
Cash and bank accounts (, ) 51,380 25,427
Total current assets 103,246 85,210
TOTAL ASSETS 237,803 229,366
EUR Note
Consolidated,
IFRS
Consolidated,
IFRS
SHAREHOLDERS’ EQUITY AND LIABILITIES
SHAREHOLDERS’ EQUITY ()
Share capital 1,551 1,551
Share premium 165 165
Treasury shares –1,288 –2,141
Translation differences –4,116 3,245
Reserve for invested unrestricted equity 6,464 6,173
Retained earnings 79,554 67,166
Equity attributable to equity holders of the parent 82,330 76,158
NON-CURRENT LIABILITIES
Interest bearing liabilities, non-current (, , ) 23,929 29,451
Deferred tax liabilities () 1,294 2,463
Other non-current liabilities () 25,338 19,490
Provisions () 3,041
Total non-current liabilities 50,560 54,445
CURRENT LIABILITIES
Interest bearing liabilities, current (, , ) 15,937 11,877
Trade and other payables (, ) 26,088 28,998
Income tax liabilities () 5,656 1,522
Other current liabilities () 57,232 56,365
Total current liabilities 104,913 98,763
TOTAL SHAREHOLDERS’ EQUITY AND LIABILITIES 237,803 229,366
FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
STATEMENT OF CASH FLOWS JAN 1DEC 31, 2020
EUR
Consolidated,
IFRS
Consolidated,
IFRS
Cash flow from operations
Result for the financial year 12,875 3,365
Adjustments
Depreciation and amortization 16,020 23,988
Profit / loss on sale of fixed assets 58 57
Other adjustments 1,783 –5,626
Financial income and expenses 3,224 2,913
Income taxes 3,581 882
Cash flow from operations before change in
working capital 37,542 25,579
Change in net working capital
Current receivables, increase (–),
decrease() 6,164 –1,531
Inventories, increase (–), decrease () 33 288
Non-interest bearing debt, increase (),
decrease (–) 5,069 –5,353
Provisions, increase (), decrease (–) –500
Cash flow from operations before financial items
and taxes 48,307 18,982
Interest expenses paid –536 –636
Interest income received –4 70
Other financial income and expenses –1,017 –930
Income taxes paid –70 1,005
Cash flow from operations 46,680 18,490
EUR
Consolidated,
IFRS
Consolidated,
IFRS
Cash flow from investments
Investments in intangible and tangible assets –8,139 –8,634
Proceeds from sale of intangible and tangible
assets 238 123
Other investments 6 –8
Acquisition of subsidiaries, net of cash acquired –3,681
Cash flow from investments –11,575 –8,519
Cash flow from financing activities
Proceeds from interest-bearing liabilities 10,000
Repayments of interest-bearing liabilities –11,000 –6,000
Repayments of lease liabilities –7,251 –6,457
Cash flow from financing activities –8,251 –12,457
Change in cash 26,854 –2,485
Cash and bank at the beginning of the period 25,427 27,806
Effects of exchange rate changes –902 107
Cash and bank at period end 51,380 25,427
FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
STATEMENT OF CHANGES IN EQUITY
Attributable to the equity holders of the parent
EUR Share capital
Share premium
fund Treasury shares
Translation
differences
Unrestricted
equity reserve Retained earnings Total equity
Equity December , 1,551 165 –2,772 –1,838 6,082 63,092 66,279
Result of the financial year 3,365 3,365
Translation difference 5,081 5,081
Total comprehensive income for the year 5,081 3,365 8,446
Cost of share based payments 631 91 709 1,431
Equity December , 1,551 165 –2,141 3,245 6,172 67,166 76,158
Result of the financial year 12,875 12,875
Translation difference –7,361 –7,361
Total comprehensive income for the year –7,361 12,875 5,514
Cost of share based payments 853 291 –486 659
Equity December , 1,551 165 –1,288 –4,116 6,464 79,554 82,330
More information in note . Shareholders’ equity
FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
ACCOUNTING PRINCIPLES FOR THE
CONSOLIDATED FINANCIAL STATEMENTS
Basic information
F-Secure provides cyber security products and services globally for
consumers and businesses.
The parent company of the Group is F-Secure Corporation
incorporated in Finland and domiciled in Helsinki. Company’s
registered address is Tammasaarenkatu 7, 00180 Helsinki. A copy
of consolidated financial statements can be downloaded on
www.f-secure.com or can be received from the parent company’s
registered address.
These financial statements were authorized for issue by the
Board of Directors on 10 February 2021. According to the Finnish
Companies Act, the Annual General Meeting can confirm or
reject the consolidated financial statements after publication. The
Annual General Meeting can also decide to change the financial
statements.
ACCOUNTING PRINCIPLES
The consolidated financial statements of F-Secure Corporation
of 2020 have been prepared in accordance with International
Financial Reporting Standards (IFRS), applying the IAS and IFRS
standards as well as SIC and IFRIC interpretations that were in force
and had been approved by the EU by 31 December 2020.
Principles of consolidation
The consolidated financial statements incorporate the financial
statements of F-Secure Corporation and entities controlled
by F-Secure Corporation. Consolidation is done using the
acquisition method and begins when control over the subsidiary
is obtained. The consolidation stops when the control ceases. The
Group does not have any associated companies nor is there any
non-controlling interest in the Group.
All intra-group transactions and balances, including unrealized
profits arising from intra-group transactions, have been eliminated
on consolidation. Where necessary, accounting policies of the
subsidiaries have been adjusted to ensure consistency with the
policies adopted by the Group.
Transactions in foreign currency
The consolidated financial statements are presented in euros,
which is F-Secure Corporation’s functional currency. At each
reporting date for the purpose of presenting consolidated financial
statements the income statements of foreign Group companies
are translated at the average exchange rates for the reporting
period and the balance sheets are translated using the European
Central Bank’s exchange rates prevailing on the reporting date.
Translation differences are recognized in shareholders’ equity and
the change in other comprehensive income.
Foreign currency transactions are translated using the exchange
rates prevailing at the dates of the transactions. On the reporting
date, assets and liabilities denominated in foreign currencies
are translated using the European Central Bank’s exchange
rates prevailing at that date. Exchange rate gains and losses are
recognized in financial items in the income statement.
New and amended IFRS Standards
that are effective for
During 2020 there were no changes in the Group’s accounting
principles.
COVID- impacts on financial
reporting during
COVID-19 has impacted F-Secure’s financial reporting and
increased the amount of management judgment related to certain
items in the financial statements. Operationally COVID-19 has had
biggest impact on the cyber security consulting business, but due
to prolonged sales cycles in Managed Detection and Response,
also product revenue was impacted.
During second quarter of 2020 management assessed that
COVID-19 impacts on consulting can be viewed as an indication
of goodwill impairment and, thus, additional impairment testing
of Consulting goodwill was carried out. As a result of the testing,
no impairment was detected. Management has continuously
monitored any further indications of impairment. Annual
impairment testings have been carried out at the end of the year.
Testings did not result in impairment bookings.
During second quarter of 2020 management assessed that
COVID-19 can impact liquidity of the Group’s customers in short
and longer term. Expected credit losses according to IFRS 9 were
reassessed to include the increased risk caused by the pandemic.
Although no significant risks realized during the financial year,
prolonging of the pandemic can still impact customer’s liquidity
and therefore the provision for expected credit losses has been
kept at slightly higher level.
COVID-19 impacts on the Group’s cyber security consulting
business has temporarily impacted profitability in certain
locations leading to taxable losses in some of Group’s subsidiaries.
Management has assessed the capability to utilize the losses
against future profits according to IAS 12 and deferred tax assets
have been booked accordingly. Impacts of the pandemic on
subsidiaries’ profitability can be viewed as temporary.
Group’s financing agreement includes a committed revolving
credit facility (RCF) of EUR 23,000 thousand. In the beginning of
the pandemic the management assessed that short term liquidity
risk has increased and a withdrawal of EUR 10,000 thousand
from the RCF was made to address the risk. As the cash position
remained solid throughout the financial year, a repayment of EUR
5,000 thousand to the RCF was made in final quarter of the year.
Management judgment on significant
accounting principles and use of estimates
The preparation of consolidated financial statements requires the
use of estimates and assumptions as well as the use of judgment
when applying accounting principles. These affect the contents of
the financial statements and it is possible that actual results may
differ from estimates.
Estimates made in connection with the preparation of financial
statements are based on management’s best knowledge at the
NOTES TO THE FINANCIAL STATEMENTS
FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
reporting date. Estimates build upon past experience as well
as assumptions of the future development of the economic
environment of the Group. Revisions in estimates and assumptions
are recognized in the period they occur and in future periods if the
revision affects both current and future periods.
Key sources where estimation uncertainty arises at the reporting
date are:
– Impairment testing: Recoverable amount of goodwill from
acquisitions is based on estimated future cash flows which are
subject to management judgment.
– In addition to goodwill the intangible assets that are not yet
ready for use (EUR 7.1 million) are tested annually for impair
-
ment. The recoverable amount of these assets is based on
estimated future cash flows from sales and/or use of the asset.
– Deferred tax assets from tax losses: The Group has recog
-
nized deferred tax assets from tax losses. Biggest losses are in
the UK where the deferred tax asset is EUR 2.9 million and in the
US where the deferred tax asset is EUR 0.4 million. The amount
of deferred tax assets is based on management estimation
about future recoverability of these tax losses.
– Expected credit losses: Provision for expected credit losses
in Group’s balance sheet is EUR 2.5 million. Managements has
used judgment especially in defining potential impacts of the
COVID-19 pandemic on expected credit losses and provision
has been adjusted accordingly.
Revenue recognition
Revenue is derived from corporate and consumer businesses.
Corporate security business revenue includes cyber security
products, managed services, and cyber security consulting.
Cyber security products comprise endpoint protection solutions
(Protection Service for Business, PSB; Business Suite, Cloud
Protection for Salesforce, Cloud Protection for Microsoft Office
365), as well as solutions targeted at detecting and responding
to advanced attacks ( Rapid Detection and Response, RDR and
F-Secure Countercept) and vulnerability management (F-Secure
Radar and phishd). Consumer security business revenue comes
through operator and direct consumer channels, and the main
products include F-Secure SAFE, F-Secure FREEDOME, F-Secure
SENSE, F-Secure KEY and F-Secure ID PROTECTION.
Endpoint protection solutions and
vulnerability management products
Endpoint protection security solutions (PSB, Business Suite for
corporate and RDR) are sold to corporate customers by granting
the customer access to use the intellectual property during the
license period or as Security-as-a-Service. F-Secure delivers the
product and provides continuous automated updates against
new threats. The software and the accompanied services are
highly interdependent and therefore treated as one performance
obligation for which revenue is recognized over time on a straight-
line basis for the license period.
Consumer customer products and vulnerability management
products for corporate customers (Radar and phishd) are
treated as Security-as-a-Service as they do not include a license
of intellectual property. Revenue is accounted for as a single
performance obligation and recognized over time on a straight-
line basis for the contract period.
When there is a hardware component to the solution (SENSE) the
hardware is considered as a distinct performance obligation and
revenue for hardware is recognized separately at point in time of
delivery.
Cyber security consulting services and
managed detection and response solutions
Cyber security consulting services are recognized as revenue
based on the delivery of the work. For F-Secure managed
detection and response solution (F-Secure Countercept) the
software and the service are considered as single performance
obligation. The customer is granted access to use the intellectual
property and the service is provided by F-Secure continuously
throughout the contract period. Revenue for managed services is
recognized on a straight-line basis for the contract period.
Presenting of receivables and liabilities
from contracts with customers
Receivables from contracts with customers are presented in the
balance sheet as
Accrued income.
Liabilities from contracts with
customers are presented in the balance sheet as
Deferred revenue
and included in
Total non-current liabilities
or
Total current
liabilities
depending on the duration of the liability.
Pensions
All of F-Secure Group’s pension arrangements are in accordance
with local statutory requirements, and they are defined
contribution plans. Contributions to defined contribution plans
are recognized in the income statement in the period to which the
contributions relate.
Leases
Leases which meet with IFRS 16 requirements are booked to
balance sheet as right-of-use asset with corresponding lease
liability. Right-of-use assets and lease liabilities are initially valued
at the present value of the remaining lease payments. Incremental
borrowing rate is applied in discounting the remaining payments.
F-Secure’s incremental borrowing rate varies between 2.45% and
9.15% depending on the geographical location of the leased asset,
lease period and guarantees.
F-Secure’s right-of-use assets comprise of rented office premises
and leased cars. Short-term contracts (remaining contract
period 12 months or less) and low value assets are excluded from
leases and lease expense is recognized on a straight-line basis as
permitted by IFRS 16.
Lease contracts for the Group’s office premises are typically made
for fixed periods of 3 to 6 years and they may contain extension
options. Each office lease contract is negotiated individually
and the contracts may contain wide range of different terms
and conditions. Some of Group’s office premises are leased with
on-going contracts where the ending date is not defined. The
management assesses the probable duration for these contracts
case-by-case and the lease liability is calculated accordingly.
FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
Changes to the estimates are accounted for at each reporting
date. Estimated duration for on-going contracts vary between 3
to 5 years and the total liability from on-going contracts is EUR 2.0
million.
In measuring the present value of the liabilities arising from leases
any service related fees are excluded from the lease payment. The
Group’s lease contracts do not contain residual value guarantees or
purchase options.
Income taxes
The income tax expense in income statement represents the sum
of current taxes and deferred taxes. Current taxes are calculated
on the taxable income for all Group companies in accordance
with the local tax rules. Deferred taxes, resulting from temporary
differences between the financial statement and the income tax
basis of assets and liabilities, use the enacted tax rates in effect
in the years in which the differences are expected to reverse.
Deferred tax assets are recognized to the extent that it is probable
that future taxable profit will be available. Deferred tax liabilities are
recognized for all temporary differences.
Deferred tax assets and liabilities are offset when there is a legally
enforceable right to set off current tax assets against current tax
liabilities and when they relate to the same taxation authority and
the Group intends to settle the assets and liabilities on a net basis.
Business combinations
Acquisition method is used for accounting the acquisitions
of businesses. The consideration transferred in a business
combination is measured at fair value, which is calculated as the
sum of the acquisition-date fair values of assets transferred by the
Group and liabilities incurred by the Group to the former owners
of the acquiree. Contingent considerations related to business
combinations are measured at fair value at acquisition date and
included as part of the consideration transferred. Costs related to
the acquisition are recognized in profit and loss statement.
The identifiable assets acquired and the liabilities assumed are
recognized at fair value at the acquisition date except for deferred
tax assets or liabilities which are measured in accordance with
IAS 12 Income taxes. Goodwill is measured as the excess of the
transferred consideration over the net amount of the acquired
identifiable assets and assumed liabilities.
Changes in fair value of the contingent consideration that do
not arise within one year from the acquisition from facts and
circumstances that existed at the acquisition date are recognized
in profit or loss.
Goodwill
Goodwill is initially recognized and measured in business
combinations as set out above. Goodwill is not amortized but
is instead tested for impairment at least annually and whenever
there is an indication that it may be impaired. For the purpose of
impairment testing goodwill has been allocated to cash generating
units expected to benefit from the synergies of the combination.
Ifthe recoverable amount of the cash generating unit is less than
the carrying amount of the unit, the impairment loss is allocated
first to reduce the carrying amount of any goodwill allocated to
the unit and then to the other assets of the unit. If an impairment
loss for goodwill is recognized it will not be reversed in the
subsequent periods. Goodwill is recorded at historical cost less
accumulated impairment losses.
INTANGIBLE ASSETS
Research and development expenditure
Research expenditure is recognized as an expense at the time
it is incurred. Development expenditure on new products or
product versions with significant new features are recognized
as intangible assets when they fulfill the requirements set out in
IAS 38. Amortization is recorded on a straight-line basis over the
estimated useful life, which is 3–8 years for these assets.
Intangible assets acquired in
business combinations
Intangible assets acquired in business combinations and
recognized separately from goodwill are initially recognized at fair
value on the acquisition date. Subsequent to initial recognition
these assets are reported at initial value less accumulated
amortization and accumulated impairment losses.
Intangible assets acquired in business combinations include
technology, trademarks and customer relationships, which all have
a finite useful life. Initial valuation for technology and trademarks
is done based on Relief from royalty method and for customer
relationships based on Excess earnings method. The estimated
useful lives for intangible assets acquired in business combinations
are:
Technology 10 years
Trademark 2 years
Customer relationships 6–10 years
Other intangible assets
Other intangible assets include intangible rights and software
licenses, all with a finite useful life. Other intangible assets are
recorded at historical cost less accumulated amortization and
possible impairment. Amortization is recorded on a straight-line
basis over the estimated useful life of an asset. The estimated
useful lives of other intangible assets are as follows:
Intangible rights 3–8 years
Other intangible assets 5–10 years
Tangible assets
Tangible assets are recorded at historical cost less accumulated
depreciation and possible impairment. Depreciation is recorded
on a straight-line basis over the estimated useful life of an asset.
The estimated useful lives of tangible assets are as follows:
Machinery and equipment 3–8 years
Other tangible assets 5–10 years
FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
Other tangible assets include renovation costs of rented office
space.
Gains or losses on disposal of tangible assets are shown in other
operating income or expense.
Impairment of assets
At each reporting date, the Group assesses whether there is any
indication that an asset may be impaired. Where an indicator
of impairment exists, the Group makes a formal estimate of
recoverable amount. The recoverable amount of goodwill and
intangible assets that are not ready for use are estimated annually
for regardless of whether any indication of impairment exists.
Where the carrying amount of an asset exceeds its recoverable
amount the asset is considered impaired and the carrying amount
is reduced to its recoverable amount. The recoverable amount
is the fair value of an asset less costs of disposal or value in use,
whichever is higher. An impairment loss is recorded in the income
statement.
A previously recognized impairment loss is reversed only if there
has been a change in the estimates used to determine the asset’s
recoverable amount since the last impairment loss was recognized.
The maximum reversal of an impairment loss amounts to no more
than the carrying amount of the asset if no impairment loss had
been recognized, net of depreciation. Impairment losses relating
to goodwill cannot be reversed in future periods.
Inventories
Inventories are valued at the lower of cost and net realizable value.
Cost is determined by first-in first-out method. Net realizable value
is the estimated selling price that is obtainable, less estimated
costs of completion and the estimated costs necessary to make
the sale.
FINANCIAL INSTRUMENTS
Financial assets
Financial assets are originally valued at fair value. Trade
receivables are originally valued with transaction price and later
with amortized cost reduced by expected credit loss for trade
receivable. Trade receivables and other receivables are written off
from the balance sheet as the rights to associated cash flows end
or become transferred to the counterpart. An expected credit loss
is recognized for trade receivables according to IFRS 9. The amount
of expected credit loss is updated at each reporting date to reflect
changes in credit risk since initial recognition of the respective
financial instrument. The expected credit loss is estimated using
a provision matrix where trade receivables are grouped based on
historical credit loss experience and characteristics that depict the
credit risk of receivables (e.g. geographical area and days past due).
Financial liabilities
F-Secure classifies loans from financial institutions, trade payables
and other payables as other financial liabilities which are measured
at amortized cost. Transaction costs, such as arrangement
fees, are deferred over the maturity of the liability. Contingent
considerations arising from acquisitions are classified as financial
liabilities measured at fair value and changes in fair value are
accounted through profit and loss. Contingent considerations
are measured at fair value at the end of each reporting period.
Financial liabilities are classified as current unless F-Secure has
unconditional right to postpone their repayment by at least 12
months from the end date of the reporting period.
Derivative financial instruments and hedging
The Group uses derivative financial instruments such as forward
currency contracts to hedge its risks associated with foreign
currency fluctuations. Derivatives are valued at fair value. The fair
value of forward currency contracts is calculated based on current
forward exchange rates at the reporting date for contracts with
similar maturity profiles. The gains and losses arising from the
change of fair value are booked through the income statement as
the Group does apply hedge accounting.
Provisions
Provisions are recognized when the Group has a present obligation
(legal or constructive) as a result of a past event, the outflow of
resources is probable, and a reliable estimate of the amount of
the obligation can be made. The amount recognized is a best
estimate of the consideration required to settle the obligation at
each reporting date. Risks and uncertainties are taken into account
when making the estimate.
Treasury shares
Parent company has acquired treasury shares in 2008–2011. The
purchase price of the shares has been deducted from equity.
Share-based payment transactions
F-Secure provides incentives to employees in the form of
equity-settled share-based instruments. Currently the Company
has share-based programs.
F-Secure’s share-based incentive programs are targeted to the
Group’s key personnel. The programs are divided into equity-
settled and cash-settled part. The equity-settled part is valued at
fair value at grant date, and the expense is recognized evenly in the
income statement over the vesting period with the counter-entry
in retained earnings. Fair value is determined using the market
value of the share of F-Secure Corporation. The cash-settled part
is initially valued at fair value at grant date. At each reporting date
the cash-settled part is revalued to fair value and the expense is
recognized in the income statement over the vesting period with
the counter-entry in liabilities. The cumulative expense recognized
at grant date is based on the Group’s estimate of the number of
shares that will ultimately vest at the end of the vesting period. If a
person leaves the company before vesting, the reward is forfeited.
The Group updates its estimate of the ultimate number of shares at
each reporting date. These changes in the estimate are recorded
in the income statement.
FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
Presentation of expenses
Classification of the functionally presented expenses has been
made by presenting direct expenses in their respective functions
and by allocating other expenses to operations on the basis of
average headcount in each function.
Operating result
IAS 1 Presentation of Financial Statements standard does not
define the concept of Earnings before interest and taxes (EBIT).
The Group has defined it as follows: EBIT is the net amount, which
consists of revenue and other operating income less cost of
revenue which is adjusted for changes in inventories, employee
benefit costs, depreciation and amortization, possible impairment
losses, and other operating expenses.
New standards and interpretations
not yet effective
New or amended standards or interpretations are not expected to
have an impact on the consolidated financial statements.
FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
1. SEGMENT INFORMATION
The Group has one segment, data security. Segment reporting is consistent with the internal reporting
submitted to the chief operating decision-maker. The Leadership Team has been appointed the chief
operating decision-maker, responsible for allocating resources and assessing performance as well
as making strategic decisions. For the geographical information revenue is presented based on the
location of the customer and the long-term assets based on the location of the assets.
Geographical information
Geographical information about revenue is presented in note 2.
EUR Consolidated Consolidated
Long-term assets
Nordic countries
Europe excl. Nordics
North America
Rest of world
Total
2. REVENUE
Principles of revenue recognition are stated in accounting principles to consolidated financial
statements, section
Revenue recognition
.
Disaggregation of revenue
EUR Consolidated Consolidated
Sales channels
Revenue from external customers
Consumer security
Corporate security
Products
Services
Total
Geographical information
Revenue from external customers
Nordic countries
Europe excl. Nordics
North America
Rest of world
Total
3. OTHER OPERATING INCOME
EUR Consolidated Consolidated
Adjustment of contingent consideration from
acquisitions
Government grants
Rental revenue
Other
Total
Contingent consideration liability from MWR InfoSecurity acquisition was decreased by 12,501
thousand euros 2019 due to not achieving certain agreed business targets.
Government grants are recognized as income over those periods in which the corresponding
expenses arise. Due to COVID-19 government grants have increased slightly in certain locations where
goverments have taken measures to support the local businesses.
Other operating income includes e.g. gain on sale of fixed assets and rent income.
FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
4. LEASES
EUR Consolidated Consolidated
Decrease in Cost of Revenue
Decrease in operating expenses (lease expenses)
Increase in right-of-use asset depreciation – –
Increase in EBIT
Increase in financial expenses – –
Profit / Loss for the period – –
Short-term leases booked as rent expense
Right of use assets and liabilities
Right of use assets
Buildings
Cars
Machinery
Total
Lease liabilities
Buildings
Cars
Machinery
Total
Repayments of lease liabilities
Right of use assets related changes are stated in disclosure 13. Non-current assets.
Right of use assets related interest payments are stated in disclosure 8. Financial income and expenses.
Maturity of lease liabilities is stated in disclosure 19. Financial liabilities.
5. DEPRECIATION, AMORTIZATION, AND IMPAIRMENT
EUR Consolidated Consolidated
Depreciation and amortization of non-current assets
Other intangible assets – –
Capitalized development – –
Intangible assets – –
Machinery and equipment – –
Right of use assets – –
Other tangible assets – –
Tangible assets – –
Impairment
Goodwill –
Capitalized development – –
Total impairment – –
Total depreciation and amortization – –
Depreciation and amortization by function
Sales and marketing – –
Research and development – –
Administration – –
Total depreciation and amortization – –
FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
8. FINANCIAL INCOME AND EXPENSES
EUR Consolidated Consolidated
Financial income
Interest income from loans and receivables –
Exchange gains
Other financial income
Total
Financial expenses
Interest expense from loans and liabilities – –
Interest expense from lease liabilities – –
Exchange losses – –
Other financial expenses – –
Total – –
Other financial expenses in comparative period 2019 include EUR 0.9 million from discounting MWR
InfoSecurity deferred consideration to present value.
6. PERSONNEL EXPENSES
EUR Consolidated Consolidated
Personnel expenses
Wages and salaries – –
Pension expenses – defined contribution plan – –
Share-based payments – –
Other social expenses – –
Total – –
Employee benefits of the management are stated in disclosure 24. Related party transactions.
Share-based payments are stated in disclosure 18. Share-based payment transactions.
Average number of personnel
Personnel by function December
Consulting and delivery
Sales and marketing
Research and development
Administration
Total
7. AUDIT FEES
EUR Consolidated Consolidated
Group auditor
Audit fees, PricewaterhouseCoopers – –
Audit related fees, PricewaterhouseCoopers –
Other consulting, PricewaterhouseCoopers – –
Total – –
PricewaterhouseCoopers Oy has provided non-audit services to entities of F-Secure Group in total 30
thousand euros during the financial year 2020, which are related to other services.
Other auditors
Audit fees – –
Total – –
FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
9. INCOME TAX
EUR Consolidated Consolidated
Current income tax for the year – –
Adjustments for current tax of prior periods
Change in deferred tax
Total – –
A reconciliation of income tax expense in the income statement and income tax calculated at the
parent company’s country of residence income tax rate (20%):
Result before taxes
Income tax at Finnish tax rate of % – –
Effect of overseas tax rates – –
Effect of changes in tax rates
Non-deductible expenses/tax-exempt revenue
Recognised tax losses –
Unrecognised tax losses – –
Adjustments for prior period tax
Other – –
Total – –
10. EARNINGS PER SHARE
Basic earnings per share amounts are calculated by dividing net profit for the year attributable to
ordinary equity holders of the parent by the weighted average number of ordinary shares outstanding
during the year. Diluted earnings per share amounts are calculated by dividing the net profit
attributable to ordinary shareholders by the weighted average number of ordinary shares outstanding
during the year adjusted for the effects of dilutive options.
EUR Consolidated Consolidated
Net profit attributable to equity holders from
continuing operations
Weighted average number of ordinary shares
()
Adjusted weighted average number of ordinary
shares for diluted earning per share
Basic and diluted earnings per share (EUR/share),
continuing operations
The weighted average number of shares take into account the effect of change in treasury shares.
11. ACQUISITIONS
Group hasn’t made acquisitions during 2019 or 2020.
12. GOODWILL
For impairment testing goodwill is allocated to cash-generating units (CGUs). The carrying amount of
goodwill EUR 81,944 thousand is allocated to two CGUs:
EUR Consolidated Consolidated
Consulting
MDR
Goodwill is tested for impairment annually, or more frequently if there are indications that goodwill
might be impaired. The recoverable amount for each CGU is determined based on a value in use
calculation which uses cash flows for the period determined for the CGU. Cash flows are based on
financial budgets and forecasts approved by the Board of Directors. For Consulting forecast period
of five years is used and for MDR the forecast period covers following seven years during which the
business is expected to achieve steady state. Discount rate for Consulting is 9.9% before taxes and for
MDR 13.4% before taxes.
Cash flows beyond forecast period have been extrapolated using steady 2% per annum growth rate for
both CGUs. Markets where CGUs operate are expected to grow significantly faster than the terminal
growth rate used in impairment testing. Managed detection and response (MDR) market is expected
to grow at 20% annually and Consulting at 10.4% annually by 2023.
Sensitivity analysis
The Group has prepared a sensitivity analysis of the impairment tests to changes in the key
assumptions which are revenue, profitability, and discount rate. Any reasonably possible changes in
the key assumptions in impairment tests would not cause the aggregate carrying amounts exceeding
the recoverable amounts.
COVID- impacts on goodwill
During second quarter of 2020 the management assessed that due to the impacts of COVID-19
pandemic on cyber security consulting business there is indication that Consulting goodwill might
be impaired. Additional impairment testing was carried out at the end of second quarter based on
updated long-term forecasts approved by the Board of Directors. Testing resulted in no need for
impairment but showed decreased sensitivity in the key assumptions. By the end of the year the
sensitivity has returned close to December 2019 level. More frequent forecasting to identify any
further indications of goodwill impairment in Consulting or MDR has taken place throughout the
financial year.
FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
13. NONCURRENT ASSETS
INTANGIBLE ASSETS TANGIBLE ASSETS
EUR
Other
intangible
Capitalized
development Goodwill
Advance
payments &
incomplete
development Total
Machinery &
equipment
Right of
use assets Other tangible Total
Acquisition cost Dec ,
Impact of IFRS
Acquisition cost Jan ,
Translation difference
Additions
Transfers – – –
Disposals – – – – – – –
Acquisition cost Dec ,
Translation difference – – – – – – – –
Additions
Transfers –
Disposals – – – – – –
Acquisition cost Dec ,
Acc. depreciation Jan , – – – – – –
Translation difference – – – – – –
Transfers
Depreciation for the period – – – – – – –
Depreciation of disposals
Acc. depreciation Dec , – – – – – – –
Translation difference
Transfers – –
Depreciation for the period – – – – – – –
Depreciation of disposals
Acc. depreciation Dec , – – – – – – –
Book value as at Dec ,
Book value as at Dec ,
At the end of 2020 book value of right of use assets consists of buildings EUR 8.6 million (8.5m), cars EUR 1.2 million (1.6m) and machinery EUR 0.0 million (0.1m).
FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
14. INVENTORIES
EUR Consolidated Consolidated
Inventories
15. FINANCIAL ASSETS
EUR Consolidated Consolidated
Cash at bank and in hand
Trade receivables
Loan receivables
Financial assets at FVTPL
Total
Trade receivables
Ageing of trade receivables
Not fallen due
– days past due
Over days past due
Less provision for bad debt – –
Total
Movements in the provision for impairment of trade receivables
Book value as at Jan
Change for the year –
Receivables written off during the year – –
Book value as at Dec
COVID-19 can have an impact on F-Secure’s customer’s liquidity in short and long term. Although
significant risks have not realized during the financial year, management has estimated that impacts
may become visible only during longer period as the pandemic prolongs. Thus, expected credit losses
under IFRS 9 have been reassessed during the financial year and provision increased slightly to address
the increased risk.
Financial assets at FVTPL
EUR Consolidated Consolidated
Fair value as at Jan
Change in fair value –
Fair value as at Dec
Shares – unlisted
Funds
Fair value as at Dec
16. OTHER RECEIVABLES
EUR Consolidated Consolidated
Non-current receivables
Other receivables
Current receivables
Other receivables
Prepaid expenses
Accrued income
Accrued income tax
Total
Material items included in prepaid expenses
Prepaid royalty
Grant receivables – –
Other prepaid expenses
Total
FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
17. SHAREHOLDERS’ EQUITY
Issued and fully paid
EUR
Number of
shares Share capital
Share
premium
fund
Unrestricted
equity
reserve
Treasury
shares
Dec , –
Share based
payments
Dec , –
Share based
payments
Dec , –
The share capital amounted to 1,551,311 euro and the number of shares was 158,798,739 (including own
shares 607,108) at the end of 2020. A share has no nominal value. Accountable par value is EUR 0.01.
Share premium fund
Proceeds from exercised warrants were recognized under the share capital and share premium fund
until March 26, 2008.
Unrestricted equity reserve
On March 20, 2007, the shareholders’ meeting decided to decrease the share premium fund. The
decreased amount of 33,582 thousand euro was transferred to unrestricted equity reserve. On March
26, 2008, the shareholders’ meeting decided that the total amount of the subscription prices paid for
new shares issued after the date of the meeting, based on stock options under the F-Secure Stock
Option Plan 2005, be recorded in Companys’ unrestricted equity reserve.
Translation differences
The translation difference is used to record exchange difference arising from the translation of the
financial statements of foreign subsidiaries.
Dividends proposed and paid
Proposed for approval at AGM for financial year 2020 is 0.04 euro per share. For financial year 2019
company decided to not to pay any dividend. For financial year 2018 company decided to not to pay
any dividend.
Treasury shares
Treasury shares contains the purchase value of own shares owned by the Group. The cost of
acquisition is reported as a deduction in shareholders’ equity. The shares have been acquired through
public trading on NASDAQ OMX Helsinki. The parent company has not acquired treasury shares
during the period. During the financial year parent company’s treasury shares have been used for
board remuneration according to Annual General Meeting’s decision, for incentive programs and for
deferred payment of the 2017 acquisition.
The total number of acquired treasury shares was 607,108 at the end of 2020. This represents 0.4% of
the Company’s voting power on December 31, 2020.
18. SHAREBASED PAYMENT TRANSACTIONS
During the period Group has had two incentive plans covering the key personnel of the Group. A
matching share plan available for all employees came to an end during the period. During the year a
restricted share plan was established as a complementary scheme targeted to individually selected key
employees.
Share-based incentive programs
During the period the Group had two share-based incentive program. The share-based incentive
programs have been established as part of the key employee incentive and retention system within
F-Secure Group. The programs offer for the participants a possibility to receive shares of F-Secure
Corporation as an incentive reward if the Company’s financial targets set for the earning period have
been achieved. No reward can be given to any participating employee, whose employment has
terminated before the end of the lock-up period.
The share-based incentive program 2017–2019 has been established in October 2017. The program’s
duration is five years and it comprises three earning periods. Each earning period lasts for three years.
The program ends on December 31, 2021. The rewards will be settled in two phases so that one part is
settled as equity-settled payment and one part as cash-settled payment. On the basis of the program
maximum total of 10,000,000 shares and a cash payment corresponding to the registration date value
of the shares shall be given as reward. The Board approves the metrics, targets and participants on
annual basis for each earning period.
A new share-based incentive program 2020–2022 was established in February 2020. The program’s
duration is five years and it comprises three earning periods. Each earning period lasts for three years.
The program ends on December 31, 2024. The rewards will be settled as equity-settled payments. The
Board approves the metrics, targets and participants on annual basis for each earning period.
A restricted share plan complementing the incentive programs comprises of three earning periods:
2020–2021, 2021–2022 and 2021–2023. On the basis of earning period for 2020–2021 maximum total
of shares to be given is 300,000. Maximum total shares to be given is 500,000 on the basis of earning
period for 2021–2022 and 500,000 on the basis of earning period for 2021–2023.
FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
The participating employee of a share-based incentive program shall be entitled to the shareholder
rights of the reward shares (e.g. dividend) from the moment the shares have been entered into the
participating employee’s book-entry account.
Expense arising from the share-based payment transactions during the period was EUR 801 thousand
(EUR 1,826 thousand euros in 2019). The costs of equity-settled transactions are measured by reference
to the fair value of the F-Secure Corporation share at the date on which they are granted. Fair value
for performance based programs is based on the F-Secure Corporation share price on the grant date.
Fair value for market based programs is based on externally accepted valuation methods. The costs of
cash-settled transactions are measured by reference to the market price of the F-Secure Corporation
share on date of balance sheet. The Group updates the estimate of the number of equity instruments
that will ultimately vest at each reporting date.
Matching share plan
During 2018 Group launched a matching share plan which is available to all employees. The first
retention period began in February 2018 and the matching share plan was extended in November 2018
with a new retention period. Every participant was eligible to acquire shares worth maximum of 10,000
euros and after first quarter of 2020 F-Secure will give each participant one extra share for each two
shares acquired through the plan.
Expense arising from matching share plan was fully booked by the end of 2019. The cost was measured
by the fair value of F-Secure Corporation share at the date on which they were granted net of
employee’s tax obligation.
Impacts of share-based payment transactions on financial statements
EUR Consolidated Consolidated
Booked as expense during the period
Booked in retained earnings during the period
Balance sheet liability at the end of the period
19. FINANCIAL LIABILITIES
Interest-bearing liabilities
EUR Consolidated Consolidated
Unsecured liabilities at amortized cost
Bank loans
Lease liabilities
Total
Total interest-bearing liabilities
Amount due for settlement within months
Amount due for settlement after months
Borrowings by currency EUR EUR
Bank loans
Bank loan of EUR 37,000 thousand was withdrawn on July 2, 2018. Annual repayments according to
the financing agreement are EUR 6,000 thousand. Financing agreement includes a Revolving Credit
Facility (RCF) for EUR 23,000 thousand. During 2020 EUR 10,000 thousand withdrawal was made from
RCF to address any unexpected liquidity challenges due to COVID-19 pandemic. As the Group’s cash
position remained solid, a repayment of EUR 5,000 thousand was made on the RCF which is presented
in short term liabilities.
The bank loans carry variable interest rates. The weighted average interest rates paid during the year
were as follows:
Bank loans % %
The financing agreement is subject to conventional loan covenants related to ratio of net debt to
EBITDA and equity ratio. Group complied with the covenants throughout the reporting period.
FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
Other financial liabilities
EUR Consolidated Consolidated
Contingent consideration, current
Total
Contractual maturities of financial liabilities Less than year to years to years to years Over years
Total
contractual
cash flows
Carrying
amount
Bank loans
Lease liabilities
Total financial liabilities
Lease liabilities consists mainly of buildings (EUR 8.7 million). Cars are totalling to EUR 1.2 million and the maturity for them is mainly less
than 2 years.
20. FINANCIAL ASSETS AND LIABILITIES
Classes and categories of financial assets and liabilities and their fair values
Fair value hierarchy levels 1 to 3 are based on the degree to which the fair value is observable:
Level 1: Fair values of financial instruments are based on quoted prices in active markets for identical assets and liabilities
Level 2: Financial instruments are not subject to trading in active and liquid markets. The fair values of financial instruments can be
determined based on quoted market prices and deduced valuation.
Level 3: Measurement of financial instruments is not based on verifiable market information, and information on other circumstances
affecting the value of the instruments is not available or verifiable.
Carrying value Fair value
Financial assets Financial liabilities Hierarchy level
Note FVTPL
Amortized
cost FVTPL
Amortized
cost Total Total
Cash and bank
Financial assets at FVTPL
Bank loans
Trade and other payables
FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
General
The goal of risk management is to identify risks that may hinder the Group from achieving its business
objectives. The responsibility for the Company’s risk management lies with the CEO, the management
and ultimately with the Board of Directors. The risks related to the Group’s financial instruments are
mainly related to credit risks, currency risk and interest rate risk.
Credit risk
The Group trades only with recognized, creditworthy third parties. Receivable balances are monitored
and collected on an ongoing basis. The maximum exposure to credit risk at the reporting date is the
carrying value of trade receivables. There are no significant concentrations of credit risk within the
Group. See note 15. Financial assets.
Liquidity risk
Liquidity risk arises if the Group’s existing liquidity reserves, net cash flows and available additional
financing are not sufficient to cover commitments falling due within next 12 months. Group manages
it’s liquidity risk by centralizing the management of cash and liquid assets and thereby optimizing the
use of liquid funds for operational and refinancing needs. Group Treasury is responsible for monitoring
cash balances and cash forecasts to keep liquidity risk at manageable level. The Group has not
identified any significant concentrations of liquidity risks in sources of available financing.
Cash and bank balance was at solid level throughout 2020, and at the end of the reporting period the
Group held EUR 51.4 million in it’s bank accounts (EUR 25.4 million euro in 2019). COVID-19 impacted
the liquidity risk management during second quarter, and due to unforeseeable uncertainties
regarding incoming cash flows the Group withdrew EUR 10 million from it’s Revolving Credit Facility
(RCF) to strengthen short term liquidity. As the pandemic continued and liquidity remained at solid
level, a repayment of EUR 5 million was done on the RCF in October. Repayments of the term loan
according to the original financing agreement were EUR 6.0 million during 2020.
Foreign currency risk
The Group operates globally and is exposed to a currency risk arising from exchange rate fluctuations
against its reporting currency euro. Transaction risk is related to foreign currency transactions in sales
and expenses. Translation risk arises from the Group’s net investments outside euro zone.
Transaction risk
Majority of sales is invoiced in Euros. Other main currencies for invoicing are GBP, USD and JPY.
Currency risk arising from sales invoicing is notably diminished by operational expenses arising in same
currencies as the sales invoicing. In order to minimize the impact of the fluctuation of the exchange
rates, the Group uses forward currency contracts to eliminate the currency exposure of the estimated
cash flow of these currencies. At the end of the reporting period the Group did not have any open
currency forward contracts.
Consolidated Consolidated
Sales in different currencies % %
EUR
GBP
USD
JPY
SEK
Other currencies
Derivatives Consolidated Consolidated
Currency instruments
Currency forward contract
Nominal value
Fair value –
The carrying Euro amounts of the Group’s financial assets and liabilities at the reporting date are as
follows:
Financial assets
Consolidated
%
Consolidated
%
EUR
JPY
GBP
USD
Other currencies
Financial liabilities
Consolidated
%
Consolidated
%
EUR
GBP
Other currencies
The table below demonstrates how sensitive the Group’s profit before taxes is to foreign exchange
rate fluctuations when all other variables are held constant. The open exposure against USD, GBP and
JPY arising from Group treasury, trade receivables and trade payables have an impact on Group’s profit
before taxes. In 2019 the contingent consideration from the acquisition of MWR InfoSecurity was also
measured in GBP. The sensitivity calculation is based on a change of 10% in the Euro exchange rate
against the functional currencies the Group operates in.
FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
EUR million Consolidated Consolidated
USD /– /–
GBP /– /–
JPY /– /–
Translation risk
Translation risk arises from the Group’s net investments in foreign currencies. Most significant
translation risks arise from goodwill generated in MWR InfoSecurity acquisition. Main currencies
in goodwill are GBP and ZAR. Translation differences also arise from translating Group companies’
balance sheets into euros using exchange rates prevailing on the reporting date. Internal loans are
granted mainly in subsidiaries’ home currencies. According to current policy F-Secure Corporation
does not hedge investments made in its subsidiaries.
The table below demonstrates how sensitive the Group’s equity is to foreign exchange rate fluctuations
when all other variables are held constant. The sensitivity calculation is based on a change of 10% in
the Euro exchange rate against the main functional currencies exposing the Group to translation risk.
EUR million Consolidated
GBP /–
ZAR /–
DKK /–
Interest rate risk
The Group is exposed to interest rate risk due to the term loan withdrawn in July 2018 to finance
the acquisition of MWR InfoSecurity and due to Revolving Credit Facility withdrawn in June 2020 to
decrease short-term liquidity risk under pandemic. The loans carry a variable interest rate. To manage
the risk of interest rate changes the Group is regularly evaluating the need for hedging. The table
below demonstrates the sensitivity of Group’s profit before taxes to 1% change in interest rate when all
other variables are held constant.
EUR million Consolidated Consolidated
Interest bearing liabilities, bank loans /– /–
Capital management
The Group’s shareholders’ equity is managed as capital. Group’s financing agreement has a covenant
term related to equity ratio of the Group. The objective of the Group’s capital management is to
maintain an efficient capital structure that ensures the functioning of business operations, promotes
shareholder value and meets with the requirements set in financing agreement. The Group’s capital
structure is reviewed regularly as a part of financial performance monitoring.
The capital structure can be adjusted among other things by distribution of dividends, share
repurchase or capital repayment. The dividend policy of F-secure Corporation is to pay approximately
half of its annual profit as dividend. Subject to circumstances, the Company may deviate from its policy.
21. DEFERRED TAX
EUR Consolidated Consolidated
Deferred tax assets relate to following:
Fixed assets
Accruals and provisions
Tax losses carried forward
Total
Offset against deferred tax liabilities – –
Net deferred tax assets
Change in deferred tax assets:
Recognized in profit or loss –
–
Deferred tax liabilities relate to the following:
Fixed assets
Accruals and provisions
Available-for-sale financial assets
Total
Offset against deferred tax assets – –
Net deferred tax liabilities
Change in deferred tax liabilities:
Recognized in profit or loss –
At December 31, 2020 the Group had EUR 19.2 million losses carried forward that are available to be
offset against future taxable profits in the companies in which the losses have been generated.
COVID-19 has impacted Group’s consulting business in multiple countries generating negative taxable
income temporarily in some of the subsidiaries. Management has assessed the capability to utilize
the losses against future taxable profits according to the principles of IAS 12 and deferred tax asset
has been booked if the criteria is met. As the impacts of COVID-19 can be viewed as temporary, the
management expects the subsidiaries to return profitable in the near future and thus have the ability
to utilize losses carried forward.
FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
22. OTHER LIABILITIES
EUR Consolidated Consolidated
Non-current liabilities
Deferred tax liability
Deferred revenue
Other non-current liability
Provisions
Total
Current liabilities
Deferred revenue
Trade payables
Contingent consideration
Other liabilities
Accrued expenses
Income tax liabilities
Total
Material amounts shown under accrued expenses
Accrued personnel expenses
Deferred royalty
Other accrued expenses
Total
Provisions
Book value as at .
Arising during the year
Used during the year – –
Book value as at .
Provision booked in 2019 relates to company restructuring.
23. CONTINGENT LIABILITIES
EUR Consolidated Consolidated
Other liabilities
Others
FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
24. RELATED PARTY DISCLOSURES
The Group’s related parties include Parent Company and subsidiaries, as well as members of the Board,
CEO and members of the Leadership Team.
Compensation of key management personnel of the Group
EUR Consolidated Consolidated
Wages and other short-term employee benefits
Share-based payments
Total
Wages and other short-term employee benefits
EUR Consolidated Consolidated
CEO
Leadership Team
Members of the Boards of Directors
Board of Directors and Managing Director
EUR Wages Fees
Share-
based
payment
Juhani Hintikka, Managing Director ( Nov –)
Samu Konttinen, Managing Director ( Jan– Oct )
Risto Siilasmaa, Chairman of the Board
Pertti Ervi
Päivi Rekonen
Bruce Oreck
Tuomas Syrjänen
Keith Bannister
Robert Bearsby
Total
Share-based payments granted to the CEO are presented at the IFRS 2 expense of the share plans.
The equity-settled part is measured at the fair value of the F-Secure Corporation share on the date
it was granted and cash-settled part at the fair value of the share on the reporting date. The cost is
recognized over the period in which the performance conditions are fullfilled (earning period).
The CEO’s retirement age and the determination of his pension conform to the standard rules
specified by Finland’s Employee Pension Act (TYEL). The pension cost of the CEO during the period
was 66 thousand euro (67 thousand euro in year 2019). The period of notice for the CEO is six (6)
months both ways and CEO is entitled to severance payment equivalent of six (6) months’ salary.
25. SUBSIDIARIES
Name
Country of
incorporation Group (%)
Parent F-Secure Corporation, Helsinki Finland
DF-Data Oy, Helsinki Finland
F-Secure Inc., Palo Alto United States
F-Secure (UK) Ltd, London United Kingdom
F-Secure KK, Tokyo Japan
F-Secure GmbH, Munich Germany
F-Secure eStore GmbH, Munich Germany
F-Secure SARL, Maisons-Laffitte France
F-Secure BV, Heverlee-Leuven Belgium
F-Secure AB, Stockholm Sweden
F-Secure Srl, Milano Italy
F-Secure SP z.o.o.,Warsaw Poland
F-Secure Corporation (M) Sdn Bhd, Kuala Lumpur Malaysia
F-Secure Pvt Ltd, Mumbai India
F-Secure B.V., Utrecht The Netherlands
F-Secure Limited, Hong Kong Hong Kong
F-Secure Pty Limited, Sydney Australia
F-Secure Iberia SL, Barcelona Spain
F-Secure do Brasil Tecnol. da Informãcao Ltda, Saõ Paulo Brazil
F-Secure Informatica S de RL de CV, Mexico City Mexico
F-Secure Software (Shanghai) Co Ltd, Shanghai China
F-Secure Danmark A/S, Copenhagen Denmark
F-Secure Cyber Security Services Oy, Helsinki Finland
nSense Estonia OÛ, Tartu Estonia
F-Secure Norge AS, Baerum Norway
F-Secure Argentina S.R.L., Buenos Aires Argentina
F-Secure Digital Assurance Consulting Ltd, London United Kingdom
F-Secure Cyber Security Limited, Basingstoke United Kingdom
F-Secure Consulting Pte. Ltd., Singapore Singapore
F-Secure Cyber Security (Pty) Ltd, Johannesburg South Africa
F-Secure Cyber Security Inc, Newark United States
Bytegeist GmbH, Oldenburg Germany
FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
EUR FAS FAS
REVENUE ()
Cost of revenue () – –
GROSS MARGIN
Other operating income ()
Sales and marketing (, ) – –
Research and development (, ) – –
Administration (, ) – –
EBIT –
Financial income and expenses () –
PROFIT (LOSS) BEFORE APPROPRIATIONS AND TAXES
Appropriations ()
Income taxes () – –
RESULT FOR THE FINANCIAL YEAR
INCOME STATEMENT
JAN1DEC31,2020
FINANCIAL STATEMENTS F-SECURE CORPORATIONFINANCIAL STATEMENTS F-SECURE CORPORATION
Corporate governance
Corporate responsibility
Financial statements
F-Secure 2020
Board of Directors’ Report
EUR FAS FAS
ASSETS
NON-CURRENT ASSETS
Intangible assets ()
Tangible assets ()
Investments in group companies ()
Total non-current assets
CURRENT ASSETS
Inventories ()
Long-term receivables ()
Short-term receivables ()
Deferred tax assets ()
Short-term investments ()
Cash and bank accounts ()
Total current assets
TOTAL ASSETS
EUR FAS FAS
SHAREHOLDERS’ EQUITY AND LIABILITIES
SHAREHOLDERS’ EQUITY (, )
Share capital
Share premium
Treasury shares – –
Reserve for invested unrestricted equity
Retained earnings
Profit for the financial year
Total shareholders’ equity
APPROPRIATIONS
Depreciation reserve
LIABILITIES
Long-term liabilities ()
Short-term liabilities ()
Total liabilities
TOTAL SHAREHOLDERS’ EQUITY AND LIABILITIES
BALANCE SHEET DEC 31, 2020
FINANCIAL STATEMENTS F-SECURE CORPORATION
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
CASH FLOW STATEMENT JAN 1DEC 31, 2020
EUR FAS FAS
Cash flow from operations
Result for the financial year
Adjustments
Depreciation and amortization
Profit / loss on sale of fixed assets – –
Other adjustments –
Financial income and expenses –
Income taxes
Adjustments –
Cash flow from operations before change in
workingcapital
Change in net working capital
Current receivables, increase (–), decrease ()
Inventories, increase (–), decrease ()
Non-interest bearing debt, increase (),
decrease(–) –
Provisions, increase (), decrease (–) –
Cash flow from operations before financial items and
taxes
Interest expenses paid – –
Interest income received
Other financial income and expenses – –
Income taxes paid
Cash flow from operations
EUR FAS FAS
Cash flow from investments
Investments in intangible and tangible assets – –
Investments in subsidiary shares –
Proceeds from sale of intangible and tangible assets
Intercompany loans granted – –
Intercompany loans repayments
Dividends received
Proceeds from subsidiary liquidations
Cash flow from investments – –
Cash flow from financing activities
Increase in interest-bearing liabilities
Decrease in interest-bearing liabilities – –
Group contributions
Cash flow from financing activities –
Change in cash –
Effect of exchange rate changes on cash – –
Cash and bank at the beginning of the period
Cash and bank at period end
FINANCIAL STATEMENTS F-SECURE CORPORATION
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
Basic information
F-Secure provides cyber security products and services globally for
consumers and businesses.
F-Secure Corporation is the parent company of F-Secure Group,
incorporated in Finland and domiciled in Helsinki. Company’s
registered address is Tammasaarenkatu 7, 00180 Helsinki. Copy
of consolidated financial statements can be downloaded from
www.f-secure.com or can be received from the Company’s
registered address.
ACCOUNTING PRINCIPLES
The financial statement of F-Secure Corporation has been
prepared in accordance with Finnish Accounting Standards (FAS).
Foreign currency translation
Foreign currency transactions are translated using the exchange
rates prevailing at the dates of the transactions. On the reporting
date, assets and liabilities denominated in foreign currencies
are translated using the European Central Bank’s exchange
rates prevailing at that date. Exchange rate gains and losses are
recognized in financial items in the income statement.
Revenue recognition
Revenue is derived from corporate and consumer businesses.
Corporate security business revenue includes cyber security
products, managed services, and cyber security consulting.
Cyber security products comprise endpoint protection solutions
(Protection Service for Business, PSB; Business Suite, Cloud
Protection for Salesforce, Cloud Protection for Microsoft Office
365), as well as solutions targeted at detecting and responding
to advanced attacks (Rapid Detection and Response, RDR and
F-Secure Countercept) and vulnerability management (F-Secure
Radar and phishd). Consumer security business revenue comes
through operator and direct consumer channels, and the main
products include F-Secure SAFE, F-Secure FREEDOME, F-Secure
SENSE, F-Secure KEY and F-Secure ID PROTECTION.
Endpoint protection solutions and
vulnerability management products
Endpoint protection security solutions (PSB, Business Suite for
corporate and RDR) are sold to corporate customers by granting
the customer access to use the intellectual property during the
license period or as Security-as-a-Service. F-Secure delivers the
product and provides continuous automated updates against
new threats. The software and the accompanied services are
highly interdependent and therefore treated as one performance
obligation for which revenue is recognized over time on a straight-
line basis for the license period.
Consumer customer products and vulnerability management
products for corporate customers (Radar and phishd) are
treated as Security-as-a-Service as they do not include a license
of intellectual property. Revenue is accounted for as a single
performance obligation and recognized over time on a straight-
line basis for the contract period.
When there is a hardware component to the solution (SENSE) the
hardware is considered as a distinct performance obligation and
revenue for hardware is recognized separately at point in time of
delivery.
Cyber security consulting services and
managed detection and response solutions
Cyber security consulting services are recognized as revenue
based on the delivery of the work. For F-Secure managed
detection and response solution (F-Secure Countercept) the
software and the service are considered as single performance
obligation. The customer is granted access to use the intellectual
property and the service is provided by F-Secure continuously
throughout the contract period. Revenue for managed services is
recognized on a straight-line basis for the contract period.
Pensions
Pension arrangement is a local statutory arrangement, which is a
defined contribution plan. Contributions to defined contribution
plans are recognized in income statement in the period to which
the contributions relate. The Company recognizes the disability
commitment of TyEL pension plan when disability appears.
Leases
Leases where the lessor retains substantially all the risks and
benefits of ownership of the asset are classified as operating leases.
Operating lease payments are recognized as an expense in the
income statement on a straight-line basis over the lease term. The
Company has only operating leases.
Income taxes
Current income taxes are calculated in accordance with the local
tax and accounting rules.
Tangible and intangible assets
Intangible assets include intangible rights and software licenses.
Tangible and intangible assets are recorded at historical cost less
accumulated depreciation, amortization, and possible impairment.
Depreciation and amortization is recorded on a straight-line basis
over the estimated useful life of an asset. The estimated useful lives
of tangible and intangible assets are as follows:
Machinery and equipment 3–8 years
Capitalized development costs 3–8 years
Intangible rights 3–8 years
Intangible assets 5–10 years
Ordinary repairs and maintenance costs are charged to the income
statement during the financial period in which they are incurred.
The cost of major renovations is included in the assets’ carrying
amount when it is probable that the Company will derive future
economic benefits in excess of the originally assessed standard
or performance of the existing asset. Any gain or loss arising on
derecognition of the asset (calculated as the difference between
the net disposal proceeds and the carrying amount of the asset)
is included in the income statement in the year the asset is
derecognized.
NOTES TO THE PARENT COMPANY FINANCIAL STATEMENTS
FINANCIAL STATEMENTS F-SECURE CORPORATION
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
Research and development expenditure
Research expenditure is recognized as an expense at the time it is
incurred. Development expenditures are capitalized as intangible
assets.
Inventories
Inventories are valued at the lower of cost and net realizable value.
Cost is determined by first-in first-out method. Net realizable value
is the estimated selling price that is obtainable, less estimated
costs of completion and the estimated costs necessary to make
the sale.
Financial assets and liabilities
Cash and cash equivalents in the balance sheet comprise cash at
bank and in hand and other highly liquid short-term investments.
F-Secure classifies loans from financial institutions, trade payables
and other payables as other financial liabilities which are measured
at amortized cost. Financial liabilities are classified as current unless
F-Secure has unconditional right to postpone their repayment by
at least 12 months from the end date of the reporting period.
Treasury shares
The company has acquired treasury shares in 2008–2011. The
purchase price of the shares has been deducted from equity.
Share-based payment transactions
F-Secure provides incentives to employees in the form of
equity-settled share-based instruments. Currently the Company
has share-based programs.
F-Secure’s share-based incentive programs are targeted to the
Group’s key personnel. The programs are divided into equity-
settled and cash-settled part. The cash-settled part is recognized
in the income statement over the vesting period with the counter-
entry in liabilities. Valuation is initially based on fair value at grant
date. On each reporting date the cash-settled part is revalued to
fair value and the expense is recognized in the income statement
over the vesting period with the counter-entry in liabilities.
Fair value is determined using the market value of the share of
F-Secure Corporation. The cumulative expense recognized at
grant date is based on the company’s estimate of the number of
shares that will ultimately vest at the end of the vesting period.
F-Secure updates estimated number of shares to be vested at each
reporting date. If a person leaves the company before vesting, the
reward is forfeited. Equity-settled part is recognized in the equity
on vesting date.
Presentation of expenses
Classification of the functionally presented expenses has been
made by presenting direct expenses in their respective functions
and by allocating other expenses to operations on the basis of
average headcount in each function.
FINANCIAL STATEMENTS F-SECURE CORPORATION
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
1. REVENUE
EUR FAS FAS
Geographical information
Nordic countries
Europe excl. Nordics
North America
Rest of the world
Total
2. OTHER OPERATING INCOME
EUR FAS FAS
Rental revenue
Government grants
Other
Total
Government grants are recognized as income over those periods in which the corresponding
expenses arise.
Other operating income includes e.g. gain on sale of fixed assets and rental revenue.
Other operating income includes 1,804 thousand euro profit from liquidation of French subsidiary
F-Secure SDC SAS
3. DEPRECIATION, AMORTIZATION AND IMPAIRMENT
EUR FAS FAS
Depreciation and amortization of non-current assets
Other intangible assets – –
Capitalized development – –
Intangible assets – –
Machinery and equipment – –
Tangible assets – –
Total depreciation – –
Reduction in value from non-current assets
Capitalized development –
Total reduction in value –
Total depreciation and amortization – –
Depreciation and amortization by function
Sales and marketing – –
Research and development – –
Administration – –
Total depreciation and amortization – –
FINANCIAL STATEMENTS F-SECURE CORPORATION
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
4. PERSONNEL EXPENSES
EUR FAS FAS
Personnel expenses
Wages and salaries – –
Pension expenses – –
Other social expenses – –
Total – –
Compensation of key management personnel
Wages and other short-term employee benefits – –
Wages and other short-term employee benefits
Managing Directors – –
Members of the Board of Directors – –
Wages and other short-term employee benefits of the Board of Directors and Managing Director:
see group disclosure 24. Related party disclosures.
The Managing Director’s retirement age and the determination of his pension conform to the
standard rules specified by Finland’s Employee Pension Act (TYEL). The pension cost of the Managing
Director over the period was 66 thousand euro (67 thousand euro in year 2019). The period of notice
for the Managing Director is six (6) months both ways and Managing Director is entitled to severance
payment equivalent of six (6) months’ salary.
FAS FAS
Average number of personnel
Personnel by function Dec
Consulting and delivery
Sales and marketing
Research and development
Administration
Total
5. AUDIT FEES
EUR FAS FAS
Audit fees, PricewaterhouseCoopers – –
Audit related fees, PricewatehouseCoopers –
Other consulting, PricewaterhouseCoopers – –
Total – –
6. FINANCIAL INCOME AND EXPENSES
EUR FAS FAS
Interest income
Interest expense – –
Other financial income
Dividends
Exchange gains and losses – –
Other financial expenses – –
Total –
7. APPROPRIATIONS
EUR FAS FAS
Change in depreciation reserve
Group contribution
Total
8. INCOME TAXES
EUR FAS FAS
Income tax for the year – –
Adjustments for income tax of prior periods
Total – –
Result before appropriations and tax
FINANCIAL STATEMENTS F-SECURE CORPORATION
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
9. NONCURRENT ASSETS
INTANGIBLE ASSETS TANGIBLE ASSETS
Other intangible
Capitalized
development
Incomplete
development
Advance
payments Total
Machinery &
equipment Other tangible Total
Acquisition cost Jan ,
Additions
Transfers –
Disposals – – – –
Acquisition cost Dec ,
Additions
Transfers –
Disposals – –
Acquisition cost Dec ,
Acc. depreciation Jan , – – – – –
Depreciation for the period – – – – –
Acc. depreciation of disposals
Acc. depreciation Dec , – – – – –
Depreciation for the period – – – – –
Acc. depreciation of disposals
Acc. depreciation Dec , – – – – –
Book value as at Dec ,
Book value as at Dec ,
FINANCIAL STATEMENTS F-SECURE CORPORATION
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
10. INVESTMENTS IN GROUP COMPANIES
EUR
Shares in group
companies Total
Book value as at Jan
Additions
Decreases – –
Book value as at Dec
Decrease of book value in group companies relates liquidation of F-Secure SDC SAS (France).
Name
Country of
incorporation
Share of
ownership (%)
Parent F-Secure Corporation, Helsinki Finland
DF-Data Oy, Helsinki Finland
F-Secure Inc., Palo Alto United States
F-Secure (UK) Ltd, London United Kingdom
F-Secure KK, Tokyo Japan
F-Secure GmbH, Munich Germany
F-Secure eStore GmbH, Munich Germany
F-Secure SARL, Maisons-Laffitte France
F-Secure BV, Heverlee-Leuven Belgium
F-Secure AB, Stockholm Sweden
F-Secure Srl, Milano Italy
F-Secure SP z.o.o.,Warsaw Poland
F-Secure Corporation (M) Sdn Bhd, Kuala Lumpur Malaysia
F-Secure Pvt Ltd, Mumbai India
F-Secure B.V., Utrecht The Netherlands
F-Secure Limited, Hong Kong Hong Kong
F-Secure Pty Limited, Sydney Australia
F-Secure Iberia SL, Barcelona Spain
F-Secure Informática S. de R.L. de C.V, Mexico City Mexico
F-Secure Danmark A/S, Copenhagen Denmark
F-Secure Argentina SRL, Buenos Aires Argentina
F-Secure Digital Assurance Consulting Ltd, London United Kingdom
F-Secure CyberSecurity Limited, Basingstoke United Kingdom
11. DEFERRED TAX
EUR FAS FAS
Deferred tax assets
Accruals and provisions
Total
12. INVENTORIES
EUR FAS FAS
Other inventories
FINANCIAL STATEMENTS F-SECURE CORPORATION
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
13. RECEIVABLES
EUR FAS FAS
Non-current
Receivables from group companies
Loan receivables
Total
Non-current receivables total
Current receivables
Trade receivables
Loan receivables
Other receivables
Prepaid expenses and accrued income
Total
Receivables from group companies
Trade receivables
Loan receivables
Other receivables
Total
Current receivables total
Material items included in prepaid expenses and
accrued income
Prepaid royalty
Grant receivables – –
Other prepaid expenses
Accrued income
Total
14. SHORTTERM INVESTMENTS
EUR FAS FAS
Fair value as at Jan
Fair value as at Dec
Shares – unlisted
Fair value as at Dec
Original purchase price as at Dec
15. CASH AND SHORTTERM DEPOSITS
EUR FAS FAS
Cash at bank and in hand
FINANCIAL STATEMENTS F-SECURE CORPORATION
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
16. STATEMENT OF CHANGES IN SHAREHOLDERS’ EQUITY
Parent Company FAS
EUR Share capital
Share premium
fund Treasury shares
Unrestricted
equity reserve Retained earnings Total equity
Equity Dec , –
Result of the financial year
Other change
Equity Dec , –
Result of the financial year
Cost of share based payments – –
Other change
Equity Dec , –
17. SHAREHOLDERS’ EQUITY
The Company’s share capital amounted to 1,551,311 euro and the number of shares was 158,798,739 at
the end of the year 2020. See group disclosure 17. Shareholders’ Equity.
Treasury shares
See group disclosure 17. Shareholders’ Equity.
Distributable shareholders’ equity on December ,
EUR
Unrestricted equity reserve
Retained earnings
Result of the financial year
Less capitalized development expense –
Distributable shareholders’ equity on December ,
18. SHAREBASED PAYMENT TRANSACTIONS
See group disclosure 18. Share-based payment transactions.
FINANCIAL STATEMENTS F-SECURE CORPORATION
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
19. LIABILITIES
EUR FAS FAS
Non-current liabilities
Deferred revenues
Interest bearing liabilities
Other liabilities
Total
Liabilities to the group companies
Cashpool
Other liabilities
Total
Total non-current liabilities
Current liabilities
Deferred revenues
Trade payables
Interest bearing liabilities
Other liabilities
Accrued expenses
Total
Liabilities to the group companies
Advance payments
Trade payables
Other liabilities
Total
Total current liabilities
Material amounts shown under accruals and deferred
income
Accrued personnel expenses
Deferred royalty
Accrued expenses
Accrued tax
Restructuring
Total
20. FINANCIAL RISK MANAGEMENT OBJECTIVES AND POLICIES
See Group disclosure 20. Financial assets and liabilities.
21. OPERATING LEASE COMMITMENTS
The Group has entered into commercial leases on office space and on motor vehicles. Motor vehicle
leases have an average life of three years and office space between two and five years with renewal
terms included in the contracts.
Future minimum rentals payable under non-cancellable operating leases as at 31 December are as
follows:
As lessee
EUR FAS FAS
Within one year
After one year but not more than five years
Total
22. CONTINGENT LIABILITIES
EUR FAS FAS
Guarantees for other group companies
Other liabilities
Others
Derivatives see Group disclosure 20. Financial assets and liabilities
FINANCIAL STATEMENTS F-SECURE CORPORATION
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
Signatures of the Board of Directors
Helsinki, February ,
Risto Siilasmaa Pertti Ervi Bruce Oreck
Chairman
Päivi Rekonen Tuomas Syrjänen Keith Bannister
Robert Bearsby
Juhani Hintikka
Managing director
Auditors’ note
Our auditors’ report has been issued today.
Helsinki, February ,
PricewaterhouseCoopers Oy
Authorized Public Accountants
Janne Rajalahti
Authorized Public Accountant
FINANCIAL STATEMENTS F-SECURE CORPORATIONFINANCIAL STATEMENTS
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
To the Annual General Meeting of F-Secure Oyj
Report on the Audit of the Financial Statements
Opinion
In our opinion
– the consolidated financial statements give a true and fair view of the group’s financial position
and financial performance and cash flows in accordance with International Financial Reporting
Standards (IFRS) as adopted by the EU
– the financial statements give a true and fair view of the parent company’s financial performance
and financial position in accordance with the laws and regulations governing the preparation of the
financial statements in Finland and comply with statutory requirements.
Our opinion is consistent with the additional report to the Audit Committee.
What we have audited
We have audited the financial statements of F-Secure Oyj (business identity code -) for the
year ended December . The financial statements comprise:
– the consolidated statement of financial position, statement of comprehensive income, statement
of changes in equity, statement of cash flows and notes, including a summary of significant
accounting policies
– the parent company’s balance sheet, income statement, cash flow statement and notes.
Basis for Opinion
We conducted our audit in accordance with good auditing practice in Finland. Our responsibilities
under good auditing practice are further described in the Auditor’s Responsibilities for the Audit of the
Financial Statements section of our report.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for
our opinion.
Independence
We are independent of the parent company and of the group companies in accordance with the
ethical requirements that are applicable in Finland and are relevant to our audit, and we have fulfilled
our other ethical responsibilities in accordance with these requirements.
To the best of our knowledge and belief, the non-audit services that we have provided to the parent
company and to the group companies are in accordance with the applicable law and regulations
in Finland and we have not provided non-audit services that are prohibited under Article 5(1) of
Regulation (EU) No 537/2014. The non-audit services that we have provided are disclosed in note 7 to
the Financial Statements.
AUDITOR’S REPORT
Our Audit Approach
Overview
– Overall group materiality: €,,, which represents .% of
consolidated revenue
– Audit scope: We have audited parent company and we have performed
audit procedures related to three most significant subsidiaries. In
addition, we have performed group level procedures over specific
consolidated accounts and analytical procedures to assess unusual
movements across all entities.
– Revenue recognition
– Valuation of goodwill
– Capitalization of R&D costs
As part of designing our audit, we determined materiality and assessed the risks of material
misstatement in the financial statements. In particular, we considered where management made
subjective judgements; for example, in respect of significant accounting estimates that involved
making assumptions and considering future events that are inherently uncertain.
Materiality
The scope of our audit was influenced by our application of materiality. An audit is designed to
obtain reasonable assurance whether the financial statements are free from material misstatement.
Misstatements may arise due to fraud or error. They are considered material if individually or in
aggregate, they could reasonably be expected to influence the economic decisions of users taken on
the basis of the financial statements.
Based on our professional judgement, we determined certain quantitative thresholds for materiality,
including the overall group materiality for the consolidated financial statements as set out in the table
below. These, together with qualitative considerations, helped us to determine the scope of our audit
and the nature, timing and extent of our audit procedures and to evaluate the effect of misstatements
on the financial statements as a whole.
Materiality
Group
scoping
Key audit
matters
AUDITOR’S REPORT
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
Overall group materiality
€1,100,000 (previous year €1,100,000)
How we determined it
0.5% of consolidated revenue
Rationale for
the materiality
benchmark applied
The groups profitability has been volatile during the last years
due to business combinations related integration costs and
amortization, significant investments in both product development
and go-to-market strategy. Therefore, we chose revenue as the
benchmark because, in our view, it is the benchmark against which
the performance of the Group is commonly measured by users and is
a generally accepted benchmark. We chose 0.5% which is within the
range of acceptable quantitative materiality thresholds in auditing
standards.
How we tailored our group audit scope
We tailored the scope of our audit, taking into account the structure of the Group, the accounting
processes and controls, and the industry in which the Group operates.
Group operates globally through several legal entities. Group’s sales are mainly generated by the
parent company and we have audited the parent company as part of our audit of the consolidated
financial statements. In addition, we have performed audit procedures related to the three most
significant subsidiaries. We have considered that the remaining subsidiaries don’t present a reasonable
risk of material misstatement for consolidated financial statements and thus our procedures have been
limited to targeted audit procedures over significant balances and to analytical procedures performed
at Group level.
By performing the procedures above at legal entities, combined with additional procedures at the
Group level, we have obtained sufficient and appropriate evidence regarding the financial information
of the Group as a whole to provide a basis for our opinion on the consolidated financial statements.
Key Audit Matters
Key audit matters are those matters that, in our professional judgment, were of most significance
in our audit of the financial statements of the current period. These matters were addressed in the
context of our audit of the financial statements as a whole, and in forming our opinion thereon, and we
do not provide a separate opinion on these matters.
As in all of our audits, we also addressed the risk of management override of internal controls,
including among other matters consideration of whether there was evidence of bias that represented
a risk of material misstatement due to fraud.
Key audit matter in the audit of the group
Revenue recognition
Refer to note 2 to the consolidated financial statements for the related disclosures.
Revenue is derived from corporate and consumer businesses. Corporate security business
revenue includes cyber security products, managed services, and cyber security consulting.
Consumer security business revenue comes through operator and direct consumer channels.
In the corporate and direct consumer businesses, license agreements consist of initial license
agreements and periodic maintenance agreements. The software and the accompanied services
are highly interdependent and therefore treated as one performance obligation for which revenue
is recognized over time on a straight-line basis for the license period. In the operator business,
most of the license sales are usage-based and booked based on usage reports, but there are
also fixed price operator agreements. The terms of these agreements vary significantly, and their
revenue recognition is therefore defined case-by-case.
Service revenue, including cyber security consulting and managed services, is recognized at the
time of delivery of the service.
Due to materiality and judgment associated with the timing of revenue recognition we have
considered timing of revenue recognition as key audit matter in the audit of the Group.
This matter is a significant risks of material misstatement referred to in Article 10(2c) of
Regulation (EU) No 537/2014.
How our audit addressed the key audit matter
We evaluated the design and tested the operating effectiveness of certain controls over revenue
recognition.
We tested sample of revenue recognized during the year.
We assessed appropriateness of the company’s revenue recognition policy and tested sample of
revenue agreements to ensure those have been recognized based on contractual terms and based
on the company’s revenue recognition policy. We have also tested deferred revenue on a sample
basis to assess appropriateness of revenue recognition.
In addition, we tested sample of fixed priced agreements.
AUDITOR’S REPORT
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
Key audit matter in the audit of the group
Valuation of goodwill
Refer to note 12 to the consolidated financial statements for the related disclosures.
Goodwill is one of the most significant balance sheet items and amounted € 81,9 million at the
balance sheet date. The determination and whether an impairment charge is required involves
significant management judgement, including identifying on which cash generating unit level the
goodwill is tested and estimating the future performance of the business and the discount rate
applied to these future cash flows.
Due to materiality and judgment associated we have considered valuation of goodwill as key
audit matter in the audit of the Group.
How our audit addressed the key audit matter
Our audit focused on assessing the appropriateness of management’s judgment and estimates
used in the goodwill impairment analysis through the following procedures:
We tested the methodology applied in the value in use calculation by comparing it to the
requirements of IAS 36, Impairment of Assets, and we tested the mathematical accuracy of
calculation;
We evaluated the process by which the future cash flow forecasts are drawn up, including
comparing them to the latest Board approved targets and long-term plans
We tested the key underlying assumptions for the cash flow forecasts, including sales and
profitability forecasts, discount rate used and the implied growth rates beyond the forecasted
period
We compared the current year actual results included in the prior year impairment model to
consider whether forecasts included assumptions that, with hindsight, had been optimistic.
We tested whether the sensitivity analysis performed by the management around key
assumptions of the cash flow forecast are appropriate by considering the likelihood of the
movements of these key assumptions.
Key audit matter in the audit of the group
Capitalization of R&D costs
Refer to note 13 to the consolidated financial statements for the related disclosures.
Company’s research and development activities have increased due to focus on the
development of new products and product amendments both for corporate and consumer
customers.
Capitalization of R&D costs requires use of judgment as capitalization requires estimating
technical and economical feasibility of the product developed. In addition, there is judgement
involved in assessing recoverability of capitalized R&D costs as future cash flows generated by
these intangible assets needs to be estimated.
Due to materiality and judgment associated with capitalization of R&D costs, we have
considered capitalization of R&D as key audit matter in the audit of the Group.
How our audit addressed the key audit matter
We assessed appropriateness of the company’s R&D capitalization policy.
We evaluated the design and operating effectiveness of controls over R&D capitalization.
We assessed whether capitalization criteria for R&D projects are met.
We tested a sample of invoices and personnel related costs capitalized during the year.
We evaluated the relevant assumptions used in the impairment testing of intangible assets,
focusing on the reasonableness of the forecasted economic information.
We tested the accuracy of the management’s earlier estimates by performing subsequent
review.
We have no key audit matters to report with respect to our audit of the parent company financial
statements.
There are no significant risks of material misstatement referred to in Article 10(2c) of Regulation
(EU) No 537/2014 with respect to the parent company financial statements.
AUDITOR’S REPORT
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
Responsibilities of the Board of Directors and the
Managing Director for the Financial Statements
The Board of Directors and the Managing Director are responsible for the preparation of consolidated
financial statements that give a true and fair view in accordance with International Financial Reporting
Standards (IFRS) as adopted by the EU, and of financial statements that give a true and fair view in
accordance with the laws and regulations governing the preparation of financial statements in Finland
and comply with statutory requirements. The Board of Directors and the Managing Director are also
responsible for such internal control as they determine is necessary to enable the preparation of
financial statements that are free from material misstatement, whether due to fraud or error.
In preparing the financial statements, the Board of Directors and the Managing Director are
responsible for assessing the parent company’s and the group’s ability to continue as a going concern,
disclosing, as applicable, matters relating to going concern and using the going concern basis of
accounting. The financial statements are prepared using the going concern basis of accounting unless
there is an intention to liquidate the parent company or the group or to cease operations, or there is
no realistic alternative but to do so.
Auditor’s Responsibilities for the Audit of the Financial Statements
Our objectives are to obtain reasonable assurance about whether the financial statements as a whole
are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report
that includes our opinion. Reasonable assurance is a high level of assurance but is not a guarantee
that an audit conducted in accordance with good auditing practice will always detect a material
misstatement when it exists. Misstatements can arise from fraud or error and are considered material
if, individually or in the aggregate, they could reasonably be expected to influence the economic
decisions of users taken on the basis of these financial statements.
As part of an audit in accordance with good auditing practice, we exercise professional judgment and
maintain professional skepticism throughout the audit. We also:
– Identify and assess the risks of material misstatement of the financial statements, whether due
to fraud or error, design and perform audit procedures responsive to those risks, and obtain
audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not
detecting a material misstatement resulting from fraud is higher than for one resulting from error,
as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override
of internal control.
– Obtain an understanding of internal control relevant to the audit in order to design audit proce
-
dures that are appropriate in the circumstances, but not for the purpose of expressing an opinion
on the effectiveness of the parent company’s or the group’s internal control.
– Evaluate the appropriateness of accounting policies used and the reasonableness of accounting
estimates and related disclosures made by management.
– Conclude on the appropriateness of the Board of Directors’ and the Managing Director’s use
of the going concern basis of accounting and based on the audit evidence obtained, whether
a material uncertainty exists related to events or conditions that may cast significant doubt on
the parent company’s or the group’s ability to continue as a going concern. If we conclude that a
material uncertainty exists, we are required to draw attention in our auditor’s report to the related
disclosures in the financial statements or, if such disclosures are inadequate, to modify our opinion.
Our conclusions are based on the audit evidence obtained up to the date of our auditor’s report.
However, future events or conditions may cause the parent company or the group to cease to
continue as a going concern.
– Evaluate the overall presentation, structure and content of the financial statements, including the
disclosures, and whether the financial statements represent the underlying transactions and events
so that the financial statements give a true and fair view.
– Obtain sufficient appropriate audit evidence regarding the financial information of the entities or
business activities within the group to express an opinion on the consolidated financial statements.
We are responsible for the direction, supervision and performance of the group audit. We remain
solely responsible for our audit opinion.
We communicate with those charged with governance regarding, among other matters, the planned
scope and timing of the audit and significant audit findings, including any significant deficiencies in
internal control that we identify during our audit.
We also provide those charged with governance with a statement that we have complied with relevant
ethical requirements regarding independence, and to communicate with them all relationships and
other matters that may reasonably be thought to bear on our independence, and where applicable,
related safeguards.
From the matters communicated with those charged with governance, we determine those matters
that were of most significance in the audit of the financial statements of the current period and
are therefore the key audit matters. We describe these matters in our auditor’s report unless law or
regulation precludes public disclosure about the matter or when, in extremely rare circumstances,
we determine that a matter should not be communicated in our report because the adverse
consequences of doing so would reasonably be expected to outweigh the public interest benefits of
such communication.
AUDITOR’S REPORT
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
Other Reporting Requirements
Appointment
We were first appointed as auditors by the annual general meeting on 7 April 2016. Our appointment
represents a total period of uninterrupted engagement of five years.
Other Information
The Board of Directors and the Managing Director are responsible for the other information. The other
information comprises the report of the Board of Directors and the information included in the Annual
Report but does not include the financial statements and our auditor’s report thereon. We have
obtained the report of the Board of Directors prior to the date of this auditor’s report and the Annual
Report is expected to be made available to us after that date.
Our opinion on the financial statements does not cover the other information.
In connection with our audit of the financial statements, our responsibility is to read the other
information identified above and, in doing so, consider whether the other information is materially
inconsistent with the financial statements or our knowledge obtained in the audit, or otherwise
appears to be materially misstated. With respect to the report of the Board of Directors, our respon
-
sibility also includes considering whether the report of the Board of Directors has been prepared in
accordance with the applicable laws and regulations.
In our opinion
– the information in the report of the Board of Directors is consistent with the information in the
financial statements
– the report of the Board of Directors has been prepared in accordance with the applicable laws and
regulations.
If, based on the work we have performed on the other information that we obtained prior to the date
of this auditor’s report, we conclude that there is a material misstatement of this other information, we
are required to report that fact. We have nothing to report in this regard.
Helsinki 9 February 2021
PricewaterhouseCoopers Oy
Authorised Public Accountants
Janne Rajalahti
Authorised Public Accountant (KHT)
AUDITOR’S REPORT
F-Secure 2020
Board of Directors’ Report
Corporate governance
Corporate responsibility
Financial statements
In the digital and connected world we currently live in, targeted online
attacks and cyber crime have the ability to seriously damage global
businesses, result in losses of hundreds of millions of Euros, and even
cause human suffering.
was not only the year of COVID-, but also the year of cyber attacks
exploiting the pandemic. In addition to costing close to million lives, the
COVID- Pandemic devastated economies and reshaped how societies
and institutions operate, and even how people and companies use
technology. While the pandemic was disrupting lives and organizations’
operations and remote working became the new normal, cyber criminals
moved quickly to capitalize on the fear and confusion it spread with
phishing and ransomware attacks.
Statement of
corporateresponsibility
FSECURE EXISTS TO BUILD TRUST IN
SOCIETY AND TO KEEP PEOPLE AND
BUSINESSES SAFE
STATEMENT OF CORPORATE RESPONSIBILITY
As a cyber security company, F-Secure secures the world around us. For over years, we have been
committed to helping people and businesses fight cyber threats. We believe that by improving our
customers’ security, resilience, and the sustainability of their digital lives or businesses through our
core business and everyday actions we play a vital role in ensuring the functioning of the modern
society, and help to maintain trust between people and organizations.
At F-Secure, we want to do what is right. Trust ensures we will succeed in our mission. Trust is earned
when action matches words. Everyone working for F-Secure has a critical role in building and
maintaining the trust in the eyes of each other and earning the trust of our customers.
F-Secure’s Code of Conduct reflects the company’s business culture for highest standards of ethical
conduct, sets clear expectations on the business conduct and provides guidance for critical risk areas.
It guides us on everything we do. The Code of Conduct is available at F-Secure’s webpages
https://www.f-secure.com/en/investors/governance
STATEMENT OF CORPORATE RESPONSIBILITYSTATEMENT OF CORPORATE RESPONSIBILITY
Financial statements
Corporate governance
Corporate responsibility
F-Secure 2020
Board of Directors’ Report
By combining sophisticated technology with machine learning and
human expertise, F-Secure provides a comprehensive offering of
security products and cyber security services. For businesses, we
offer vulnerability scanning and management solutions, endpoint
protection products, detection and response solutions, as well
as comprehensive security and risk assessment services for top
management, and technical consulting. For consumers, we
offer security and privacy solutions for all connected devices. As
proven by several independent research institutions, our products
and services provide our customers best-in-class security. E.g.
F-Secure’s Detection and Response solutions achieved excellent
scores also in the second round of MITRE ATT&CK evaluation, and
the endpoint protection products for consumers and businesses
have regularly gotten highest scores in AV-Test’s security tests.
We offer our products and services to defend thousands of compa
-
nies and millions of people around the world through our network
of about telecommunication operators and thousands of IT
service and retail partners. With our partner-led business model,
trust has always been a cornerstone of all our operations.
In our industry, it is critical that appropriate care is taken when
handling customer information. Respecting customer privacy is
an integral part of our company culture. All F-Secure employees
commit to protecting the confidentiality of customer data.
FSECURE’S BUSINESS MODEL AND VALUE CREATION
We have always put a strong emphasis on shared core values:
integrity, commitment, and excellence. These values are also
driving our Corporate Responsibility and its three focus areas.
We are committed to continuously improving the wellbeing
of our employees, decreasing our carbon footprint through
energy efficiency and other sustainable practices, and ensuring
technology is not turned against the society.
There are specific F-Secure guidelines and policies for each area.
The foundation of all activities is our Code of Conduct; it guides
everything we do, and reflects the company’s culture for highest
standards of ethical conduct. F-Secure suppliers and partners are
also expected to act responsibly and comply with the principles set
in the Code of Conduct.
WE VALUE OUR EMPLOYEES WE SECURE TRUST IN DIGITALITY WE RESPECT THE PLANET
Protecting the digital world, our employees, and sustainable growth
The three focus areas for F-Secure’s corporate responsibility are:
Securing the right competencies and
constant development
Ensuring equality, equal opportunity
and diversity
Ensuring the wellbeing of employees
Protecting people against cyber threats
and supporting the fight against
online crime
Taking action to enhance cybersecurity
in society
Protecting personal data
Reducing energy consumption from
IT operations
Reducing energy consumption and
waste in our offices
Travelling sensibly
STATEMENT OF CORPORATE RESPONSIBILITY
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate governance
Corporate responsibility
SOCIAL RESPONSIBILITY AND TREATMENT OF EMPLOYEES:
We value our employees
Focus area key aspects
Securing the right competencies and constant development
Ensuring equality, equal opportunity and diversity
Ensuring the wellbeing of employees
F-Secure employs ca. , security experts, product developers,
sales & marketing professionals and other experts globally. We
recruit the best minds in the industry while focusing relentlessly
on growing the next generation of cyber security professionals.
Consultants, developers, engineers, researchers, specialists and
everyone who shares our values is welcome to F-Secure. Our
experts strive to disrupt the industry every day. Their research-led
approach, victories in hacking contests, and key notes at confer
-
ences win respect around the globe. This gives us our edge over
the competition and, more importantly, attackers.
F-Secure emphasizes the importance of fellowship and shared
values. We strive to ensure employee wellbeing, a healthy work-life
balance, and equality and equal opportunities for our people. In
our rapidly evolving industry, the company must also be prepared
to help its employees to continuously learn new skills.
People Operations & Culture team is responsible for developing
people management processes, tools, and ways of working.
To measure success, the company conducts a Fellow Survey,
including an Employee Net Promoter Score (eNPS), among staff to
measure employee loyalty, productivity and wellbeing biannually.
The company’s Leadership Team is responsible for following up
on the results of the Fellow survey and ensuring corrective action
plans are developed.
2020:
During the first half of , F-Secure’s overall Employee Net
Promoter Score (eNPS) developed very positively (). The
Covid- pandemic had accelerated the adoption of several
Future of Work initiatives related to more flexible working.
Key performance indicator for
overall employee wellbeing
Employee Net Promoter Score
)
H1
9
H2
13
H2
13
H2
21
H1
23
H1
26
H1
33
)
Key performance indicator of overall wellbeing. The Employee Net
Promoter Score (eNPS) measures employee satisfaction by asking people
how likely it is that they would recommend F-Secure as an employer. The
score is derived by deducting the share of employees giving low scores (
to , “detractors”) from the share of employees giving high scores ( to ,
“promoters”). Scores from to are considered neutral.
Securing the right competencies
and continuous development
We constantly strive to attract candidates and retain fellows with
the right skills and competences and enable professional develop
-
ment through on-the-job learning. We aim to create the best
possible environment for our employees to thrive in regardless of
whether they work at the office or remotely.
Successful talent acquisition is crucial for F-Secure’s business.
Our aim is to ensure that we hire the best professionals whose
skills and competences that are in line with F-Secure’s business
objectives, culture and values. Our globally operating recruitment
team guides managers to ensure consistency and equal treatment
of candidates, as well as to always provide candidates a positive
experience when applying for a job.
After recruitment, the responsibility for competence development
lies both with the individual employees and their line managers,
as well as with the management team of the employee’s unit. Our
STATEMENT OF CORPORATE RESPONSIBILITY
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate governance
Corporate responsibility
Ensuring equality, equal
opportunity and diversity
Treating every employee fairly and with respect is a fundamental
part of the F-Secure company culture. Everyone is valued,
supported and encouraged to participate. We embrace individu
-
ality and value characteristics that make people unique, without
bias towards nationality, gender, age differences, sexual orienta
-
tion or disabilities.
F-Secure is a very diverse workplace. We employed different
nationalities by the end of , a significant part of which are also
represented at the company headquarters.
We know that diverse mix of backgrounds, expertise and genders
contribute to a more open working atmosphere, better discussion
and decision making. We assess individuals based on competence,
skills and achievements. Equality, non-discrimination and fairness
are key principles in recruitment, compensation and advancement
at F-Secure.
In South Africa’s Broad-Based Black Economic Empowerment
program (BBBEE), F-Secure is partnering with Masibambisane
Empowerment Trust, and focusing on development projects
with the Rays of Hope graduate programs on cyber and technical
skills. To support gender equality in our industry, we support and
promote initiatives to encourage women to pursue a career in
technology and cyber security.
Share of women, of total employees
1,104
1,666
1,696
1,678
23% 23% 23% 24%
internal development and training guidelines address the roles and
responsibilities as well as practices related to learning and personal
development.
F-Secure has a number of global and local learning and development
programs available for both managers and employees including:
– Leadership and managerial work development modules
– Network mentoring and internal mentoring programs
– Cyber security competence development
– Education and development programs for sales
– Country specific Graduate programs
– Site-specific coaching and supporting services
2020:
Despite the challenges posed by the COVID- pandemic,
F-Secure’s Leading Performance reform has progressed as
expected. The target of the process is to enable rolling objective
setting and continuous feedback to create a high performance
culture.
The annual voluntary attrition rate across F-Secure was ,%,
which is on industry level both for consulting and technology
companies. (%).
Voluntary attrition rate
)
9.8
8.6
16.0
11.8
)
Voluntary attrition Number of voluntary leavers over the period/average
headcount over the period. In , end of e.g. fixed-term contracts
previously reported in “Voluntary” category were moved to a new category
“Other”
Share of women, of managers
)
16%
20%
23%
24%
)
Including all line managers
2020:
At the end of , the total headcount had decreased with
employees (%) compared to year end . The share and
number of both female managers and female employees
continued their increase; at the end of , % of F-Secure’s
total workforce and % of managers were female.
A new global Diversity & Inclusion role was established at
F-Secure, initially focusing on mapping the current situation
and building a roadmap to ensure the right D&I principles are in
place and aligned with F-Secure company culture.
F-Secure took part in the Plan International’s global Girls
Takeover campaign as one of the eight invited institutions and
companies from Finland whose work can help promote equality
in technology. The campaign highlighted the impact of
technology on the position and future of girls.
STATEMENT OF CORPORATE RESPONSIBILITY
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate governance
Corporate responsibility
Ensuring the wellbeing of employees
We want to ensure the wellbeing of each employee and aim to
continuously improve our culture where all our employees can
work to their full potential, both in mind and body.
– In most countries we provide at least basic health care services
to employees, but practices vary locally depending on the
market practices. In certain regions, employees are provided
with additional sports benefits, and extended health care
services according to local practices. Also, in some locations
there are additional benefits such as the possibility for massage
or for arranging a caretaker for a sick child.
– In ensuring the wellbeing of employees, F-Secure emphasizes
the importance of good leadership in addition to a preventative
approach to health care. F-Secure supports flexible working
hours and the possibility of working remotely. and offer
voluntary wellbeing lectures and training for both employees
and managers.
2020:
The COVID- pandemic had a big impact on how we work at
F-Secure. The whole company quickly transitioned to remote
working in March . To reduce the physical burden of
working from home, ergonomic guidance was provided and
employees were able to take their work equipment, such as
monitors, to their home offices.
A special employee wellbeing survey to map the effect on
Covid- and remote work was conducted in May . %
of respondents stated their productivity had stayed the same
or increased while working remotely, and % responded their
stress levels had either stayed the same of decreased. Long term
remote working can also cause wellbeing related problems. In
we organized webinar series around wellbeing at work, and
will keep monitoring the effects of long term remote working
on our employees regularly.
F-Secure closely monitors employee sick leaves. In case of longer
sick leaves, the company supports employees, and assists them in
returning back to work.
2020:
The relative sick leave percentage* (%) was about the same as in
and on an industry average in Finland. Number of short sick
leaves decreased dramatically: – days by % and – days by
around %. The number of long, unpaid sick leaves increased
significantly, but the reasons for leaves varied. Focused actions
have subsequently been taken to actively support both physical
and mental employee wellbeing.
* Sick leave percentage is the average amount of sick days per employee. The
figure includes personnel in Finland only, which represents % of total
employees.
2020:
Wellbeing from helping others. F-Secure has traditionally
supported local societies with various charity initiatives. In addi
-
tion to annual donations, in we launched a global initiative
where all F-Secure employees were given the opportunity to
help others and spend up to one working day in a selected
charity.
Focus area key policies and guidelines
Code of conduct
Recruitment Policy
Leading performance framework
Development and training guidelines
Equality plan
Harassment prevention policy
STATEMENT OF CORPORATE RESPONSIBILITY
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate governance
Corporate responsibility
PROTECTING HUMAN RIGHTS AND SUPPORTING THE FIGHT AGAINST ONLINE CRIME:
Securing trust in digitality
Key aspects
Protecting people against cyber threats and supporting the
fight against online crime
Taking action to enhance cyber security in society
Protecting personal data
Humanity is faced with unprecedented challenges. To solve the
root causes of these challenges radical technological innovation is
needed. F-Secure has driven innovations in cyber security for over
three decades. We secure thousands of businesses, and millions
of people wake up every day knowing they can rely on our high
standards and uncompromised integrity. The world’s top financial
institutions count on us to battle cyber-attacks. We secure
factories, power grids, and vital telecommunication infrastructure.
Our sophisticated technology combines the power of machine
learning with the human expertise of our world-renowned
security labs. From decades of experience stopping advanced
cyber-attacks, we’ve developed a passion for taking on the world’s
most potent cyber threats. This teaches us how attackers defeat
defenders. With these insights, we’ve pioneered threat hunting
and been at the forefront of the movement away from traditional
forensics to continuous real-time response.
Protecting people and businesses
from cyber attacks
Cyber criminals never let a global crisis go to waste. Every world
event is the perfect storm when trying to create a context to
trap user with the purpose of extortion or theft. COVID- was
no exception with so many countries impacted and so much
information being produced on the subject while companies were
challenged to rapidly and securely enable remote work for as
many employees as possible. During we witnessed COVID-
related phishing scams, elaborate ransomware campaigns against
major corporations, increased attacks against cloud infrastructure
and attacks targeting COVID- vaccine research.
During the lockdown period in spring we also saw an increase
in stalkerware, a worrying trend we want to combat. Therefore ,
we joined the “Coalition against Stalkerware” where we provide
insights and malware analysis to advocacy groups, software
developers, security firms, media and victims working to eliminate
this new threat. We also provided free threat intelligence to help
authorities and the healthcare sector fighting cyber attacks and
offered journalists during World Press Freedom Day free F-Secure
FREEDOME VPN licenses to support the freedom of the press.
F-Secure Labs invests yearly thousands of man-days to provide
free research and tools to improve products’ security and
businesses cyber resilience. Our research led to e.g. Microsoft
implementing detection controls in Azure in direct response to
a tool we published, the UK Government awarded us a research
grant for autonomous vehicle security and we were invited to
participate in several industry forums as well as collaborating with
national authorities.
Protecting people’s security and
privacy with integrity
F-Secure applies strict security measures to protect the personal
data of the users of our solutions. We seek to protect our users’
privacy, not to sell it. All F-Secure products and services are
produced independent of governmental direction.
We recognize that there is an imbalance between the defenders
of fair practices and human rights, and online criminality and
the offensive capabilities of nation state threat actors. To level
the playing field, F-Secure refuses to introduce backdoors in our
products and will detect malware no matter what the source is.
In , both the first court and court of appeal in Finland made
a ruling in favor of F-Secure regarding how the police can request
FREEDOME data from F-Secure. Both court instances confirmed
our interpretation of the law; F-Secure has helped and will
continue helping law enforcement to fight against serious crimes,
but will request police authorities to follow the legal way through
a court warrant to obtain data. We want to protect our customers’
right for privacy and protect them against illegal surveillance and
are committed to our law-abiding customers – whether normal
citizens, human rights activists or investigative journalists.
STATEMENT OF CORPORATE RESPONSIBILITY
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate governance
Corporate responsibility
Operating with highest ethical standards
F-Secure exists to build trust in society and to keep people
and businesses safe. Trust is earned only when action matches
words. We offer our products and services to defend thousands
of companies and millions of people around the world through
our network of around telecommunication operators and
thousands of IT service and retail partners. With our partner-led
business model, trust has always been a cornerstone of all our
operations.
F-Secure works responsibly with malware and offensive
techniques:
– Clear criteria for categorizing threats and classifying potential
unwanted applications.
– Strict rules for handling and analyzing malicious content.
– Cooperation with authorities to ensure the safety of the general
public, assisting investigations into online crime that bring
criminals into justice.
– Security assessments are conducted only with customers’
permission and within agreed scope.
– In our work, we may create offensive code, but only do so with
the intention to secure and benefit our customers and digital
safety of the society.
– Coordinated vulnerability disclosure policy and a vulnerability
reward program.
Everyone at F-Secure must apply the highest standards of ethical
conduct.
– We do not make or accept any bribes or other improper
payments.
– We never engage in fraudulent practices.
– We do not give or accept gifts or hospitality over the appro
-
priate limits.
– We do not endorse or provide financial support to individual
political parties.
– When conducting business with any governmental body,
we carefully abide by all applicable regulations and ethical
standards.
– We do not tolerate any form of bribery, corruption or
fraudulent practices by our partners or any parties acting on
our behalf.
The Code of Conduct guides everyone at F-Secure to ethical
conduct. We have also issued a specific Anti-Bribery Policy that
applies to all employees. It defines the rules to be applied related
to gifts, hospitality, travelling and accommodation, specific
terms concerning governmental officials, as well as the process
for escalation as needed. Ethical business practices are also
emphasized in contracts and the company engages in continuing
dialogue with relevant stakeholders.
2020:
F-Secure published a statement based on the UK Modern
Slavery Act, setting a clear signal against slavery and servitude,
forced or compulsory labor and human trafficking in its value
chain.
Focus area key policies and guideline include:
Code of conduct
Cyber Security Principles
Risk Management Principles
Lifecycle security Policy
Personal data policy
Vulnerability Reward Program
Export Control Policy
Anti-Bribery policy
Modern Slavery Statement
STATEMENT OF CORPORATE RESPONSIBILITY
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate governance
Corporate responsibility
Key aspects:
Reducing energy consumption from IT operations
Reducing energy consumption and waste in our offices
Travelling sensibly
F-Secure acknowledges climate change and other environmental
impacts are both global as well as local concerns, and strive to
minimize our environmental footprint. We are committed to
working in an environmentally responsible and efficient manner,
and expect our partners and suppliers to do the same.
As stated in the F-Secure Code of Conduct, our approach to envi
-
ronmental challenges emphasizes the importance of precaution.
– We aim to continuously increase the energy efficiency of
the company as well as to reduce the amount of waste and
emissions produced by our operations.
– We encourage the use of environmentally friendly technolo
-
gies, tools and services in the research and development of our
products and services.
– We aim to reduce the environmental impact of our global
operations by connecting people from different locations
through technology and choosing environmentally friendly
means of travelling.
– We provide local guidelines and support for employees to
move from private cars to public transportation and bicycles for
their commute.
As F-Secure’s business activities involve the development,
production and delivery of software and professional services,
our environmental footprint derives primarily from the use of
electricity for office activities as well as the use of electricity from
IT operations.
To evaluate our success in limiting our environmental impact,
F-Secure conducts an annual energy review to estimate our total
direct consumption of electricity at company level.
Reducing the energy consumption
of IT operations
F-Secure uses both private servers and third-party cloud platforms
to develop and run its services. With third-party cloud platforms,
F-Secure mainly partners with Amazon Web Services (AWS) as well
as Microsoft Azure.
ENVIRONMENTAL MATTERS:
Respect for the planet
The transition to third-party provided servers increased the
company’s overall energy efficiency and lower total consumption,
as third-party providers are running the more energy-efficient
servers. Consumption data for these is not available, as electricity
costs are part of the overall service contract. Our main service
partners Microsoft Azure and AWS have publicly committed to
reducing their carbon footprints; both are committed to operating
in the most environmentally friendly way possible, and estimate
achieving % renewable energy usage in .
In co-location facilities, we are able to directly measure our
electricity consumption on a monthly basis. F-Secure utilizes
server hardware with good energy efficiency (Energy Star), and
some of the server facilities were already operating on %
renewable energy in . In , the energy consumption of our
servers in Finland dropped by % compared to .
2020:
F-Secure continued outsourcing the company’s server activity
globally as planned, further decreasing the company’s energy
consumption compared to using its own servers. By the end of
the year, the outsourcing was at % of the target level.
Reducing energy consumption
and waste in our offices
F-Secure has offices in locations globally. The majority of
operations are concentrated in Helsinki in Finland, London in the
UK, Kuala Lumpur in Malaysia, Poznan in Poland and Johannesburg
in South Africa.
The company rents office facilities from local real estate
providers.Typically a lease agreement includes service charges
for electricity and heating, as well as handling of a limited amount
of waste generated by office activities. All waste is primarily
recycled according to local practices. Hazardous waste consists
solely of batteries, which are disposed of at suitable recycling
points.Electronic waste is recycled carefully and, as appropriate,
with careful attention to ensuring that confidential waste is
STATEMENT OF CORPORATE RESPONSIBILITY
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate governance
Corporate responsibility
specifically managed.Confidential paper waste is also managed
with special care.
2020:
F-Secure continued to roll out the environmental impact
improvement program. In , the annual office energy
consumption decreased by %, one contributing factor being
the increase in remote working.
Electricity consumption, MWh
568
773
1,236
1,081
1,032
1,548
● Co-location servers
)
● Offices
2)
)
The electricity consumption includes F-Secure servers in Finland
)
The electricity consumption includes vast majority of F-Secure’s offices
globally. Increase in electricity consumption in was due to the fact
that for the fiscal year all acquisition related offices from MWR
InfoSecurity were been fully taken into account, whereas in due to
the timing of the acquisition, consumption of these premises was included
only for H–.
Travelling sensibly
F-Secure’s Travel policy aims to reduce the environmental impact
of travelling, and minimizing energy consumption and emissions
by choosing environmentally friendly means of travelling. The
policy requires a pre-approval of employee travels, and encour
-
ages employees to use online conferencing tools when collabo-
rating with our internal and external stakeholders. CO emissions
from work related travelling are tracked across all European offices,
covering a clear majority of the company’s employees. We aim to
include data from more offices as it becomes available, and look
into for carbon compensation options with selected airlines in .
2020:
F-Secure reacted swiftly to the COVID- pandemic and shifted
to remote working in March . Virtually all travel was also
suspended. This had an immediate effect on emissions for ,
which dropped to , Carbon COe (DEFRA) (kg/unit), a
quarter of the level.
Focus area key policies and guidelines
Code of conduct
Travel policy
Recycling policy
Environmental friendly, country specific
transportationpolicies
Helsinki, February
F-Secure Corporation
Board of Directors
Risto Siilasmaa
Pertti Ervi
Bruce Oreck
Päivi Rekonen
Tuomas Syrjänen
Keith Bannister
Robert Bearsby
President and CEO
Juhani Hintikka
STATEMENT OF CORPORATE RESPONSIBILITY
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate governance
Corporate responsibility
published as a stock exchange release and is made available on the
company’s website.
2020:
The AGM was held on May in the company’s headquar-
ters in Helsinki.
The resolutions and the meeting minutes of the AGM are
available on F-Secure’s website.
Board of Directors
The Board of Directors is responsible for the administration of
F-Secure Corporation and appropriate organization of its opera
-
tions. The Board’s operations, responsibilities and duties are based
on the Finnish Companies Act and other applicable legislation and
are supplemented by the Board Charter. These cover the following
main areas:
– approving the strategy of F-Secure, overseeing its operations
and annual budgets
– appointing and dismissing the CEO
– approving any major investments, acquisitions, changes in
corporate structure or other matters that are significant or
far-reaching
– ensuring that the supervision of the company’s accounting and
financial management is duly organized
– ensuring that internal control and risk management systems are
in place
– approving personnel policies and rewards systems
– preparing matters to be handled at the General Meeting
The Board of Directors meets as frequently as necessary and
according to the Board Charter at least five times during its term.
The Board of Directors has quorum when more than half of the
members are present. An annual self-assessment is carried out
by the Board to evaluate its operations. The Board of Directors
primarily strives at unanimous decisions. If a decision cannot
be made unanimously, the decision will be made by voting and
Corporate Governance
at F-Secure
F-Secure’s corporate governance practices are based on applicable
Finnish laws, the rules of Helsinki Stock Exchange (NASDAQ
Helsinki Oy) and the regulations and guidelines of Finnish Financial
Supervisory Authority as well as with the company’s Articles of
Association. This statement has been prepared in accordance with
the Finnish Corporate Governance Code (publicly available at
http://cgfinland.fi/en/) issued by the Securities Market Association
of Finland.
Up-to-date information about F-Secure’s governance is available
on the company’s website at
https://www.f-secure.com/en/investors.
Governing bodies
F-Secure’s highest decision-making body is the General Meeting
of Shareholders which elects the members of the Board of
Directors. The Board of Directors is responsible for the administra-
tion of F-Secure Corporation and appropriate organization of its
operations. The Board of Directors appoints the CEO. The CEO,
assisted by the Leadership Team, is responsible for managing
the company’s business and implementing its strategic and
operational targets.
Auditors
ExternaI control Internal control
General meeting of shareholders
CEO
Leadership team
Board of Directors
Personnel committee Audit committee
Internal controls and
processes
Risk management
General Meeting of Shareholders
Under the Limited Liability Companies Act, shareholders exercise
their decision-making power at the General Meeting.
The General Meeting is normally held once a year as an Annual
General Meeting (AGM). The AGM decides on matters stipulated
by the Articles of Association and the Limited Liability Companies
Act, including:
– adoption of the Financial Statements
– distribution of profit for the year
– discharging the members of the Board of Directors and the
CEO from liability
– selection of members of the Board the decision on the
remuneration of the Board members
– approval of the Remuneration Policy and the Remuneration
Report
– election of the auditor and the decision on the auditor’s
remuneration, and
– other proposals submitted to General Meeting
Each share carries one vote in the General Meeting.
A shareholder may propose items to be included on the agenda
provided they are within the authority of the meeting, and
the Board of Directors has received the request in advance in
accordance with the set schedule. The invitation to the AGM is
FSECURE’S CORPORATE GOVERNANCE STATEMENT 2020
CORPORATE GOVERNANCE
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate responsibility
Corporate governance
Members of the Board of Directors and the Committees
Members
Independence of the
company
Independence of major
shareholders
Board
(Meeting attendance)
Audit Committee
(Meeting attendance)
Personnel Committee
(Meeting attendance)
Risto Siilasmaa Yes No
)
Chairman (/) Chairman/Member
)
(/)
Pertti Ervi Yes Yes Member (/) Chairman (/)
Bruce Oreck Yes Yes Member (/) Member (/)
Päivi Rekonen Yes Yes Member (/) Member (/)
)
Chair/Member
)
(/)
Tuomas Syrjänen Yes Yes Member (/) Member (/)
Keith Bannister (as of May ) Yes Yes Member (/) Member (/)
Robert Bearsby (as of May ) No
)
Yes Member (/) Member (/)
Matti Aksela (until May ) No
)
Yes Member (/) Member (/)
)
Risto Siilasmaa is the founder of F-Secure and on December owned % of F-Secure shares.
)
Robert Bearsby was elected from among F-Secure Corporation’s personnel, according to the process described above in .
)
Matti Aksela was elected from among F-Secure Corporation’s personnel, according to the same process in .
)
Päivi Rekonen was a member of the Audit Committee until May .
)
Päivi Rekonen has been the Chair to the Personnel Committee starting from the meeting held in November .
with single majority. If the votes are even, the Chairman’s vote is
decisive.
In accordance with F-Secure’s Articles of Association, the Board
of Directors comprises three to seven members, who are elected
at the Annual General Meeting for a period of office that extends
to the subsequent AGM. The Board of Directors represents all
shareholders.
Diversity is an essential part of F-Secure’s success. According
to Diversity Principles established by the Board of Directors, an
optimal mix of diverse backgrounds, expertise and experience
strengthens the Board’s performance and promotes creation
of long-term shareholder value. The Diversity Principles of the
Board of Directors aim to strive towards appropriately balanced
gender distribution. Both genders are represented in the Board of
Directors.
To create openness, one member of the Board of Directors is
elected from among F-Secure’s personnel. An election is arranged
annually for F-Secure personnel and each permanent F-Secure
employee is eligible to stand as a candidate. The Personnel
Committee interviews three persons who have obtained the
highest number of votes in the elections, and chooses a candidate
from amongst them to be proposed for election as a member of
the Board by the Annual General Meeting. Robert Bearsby was
appointed to the Board of Directors through this process in .
The majority of Board members are independent from the
company and from its major shareholders. For a detailed descrip
-
tion of the members of the Board of Directors and their sharehold-
ings see the end of this statement.
2020:
In the Board of Directors convened times, Audit
Committee times and Personnel Committee times.
Board Committees
In , the Board established two committees: Audit Committee
and Personnel Committee (nomination and remuneration matters).
The Board of Directors appoints from among itself the members
and the Chairman of the committee. Each committee must have
at least three members. The Board of Directors confirms the main
duties and operating principles of each committee. The duties of
each committee are defined in the committee charters which are
available on F-Secure’s website at
https://www.f-secure.com/en/investors.
Audit Committee
The Audit Committee monitors and evaluates risk management,
internal controls, IT strategy and practices, financial reporting
as well as auditing of the accounts. The Audit Committee also
prepares a proposal for the election of auditor to the Board of
Directors and regularly considers the need for a separate internal
audit function. Members of the Audit Committee must have broad
business knowledge, as well as an adequate expertise and experi
-
ence with respect to the committee’s area of responsibility and
the mandatory tasks relating to auditing. The majority of members
of the Audit Committee shall be independent from F-Secure
Corporation and at least one member shall be independent of the
company’s significant shareholders. The Audit Committee calls
in experts to its meetings when necessary for the issues to be
discussed. Materials of the Audit Committee meetings are made
available for all members of the Board of Directors.
The Audit Committee convenes at least four () times a year as
notified by the Chairman of the Committee. Members of the Audit
Committee are listed in the table above.
CORPORATE GOVERNANCE
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate responsibility
Corporate governance
Personnel Committee
The Personnel Committee prepares material and instructs with
issues related to the composition of the Board of Directors and
compensation of the company’s management as well as remunera
-
tion and incentives of key personnel. The Committee also prepares
the proposals for the Board composition and remuneration for
the Annual General Meeting of Shareholders. The Personnel
Committee calls in experts to its meetings when necessary for the
issues to be discussed. Materials of Personnel Committee meet
-
ings are made available for all members of the Board of Directors.
The Personnel Committee convenes at least two () times a year
as notified by the Chairman of the Committee. Members of the
Personnel Committee are listed in the table above.
President and CEO
The Board of Directors appoints and may dismiss the CEO and
decides upon the CEO’s remuneration and other benefits in
accordance with the Remuneration Policy. The CEO is responsible
for the day-to-day management of the company. The CEO’s main
duties include:
– managing the business according to the instructions issued by
the Board of Directors
– presenting the matters to be handled in the Board of Directors’
meetings
– implementing the decisions made by the Board of Directors
– other duties determined in the Limited Liability Companies Act
2020:
In , Samu Konttinen acted as F-Secure’s President and CEO
until October . Juhani Hintikka was appointed as the
President and CEO of F-Secure, effective November .
The biographical details of the CEO including the shareholdings
are specified later in this report. The remuneration of the CEO is
specified in F-Secure’s Remuneration Policy and Report.
Leadership Team
The Leadership Team supports the CEO in the daily operative
management of the company.
2020:
Current information on the F-Secure Leadership Team can be
found on our website: https://www.f-secure.com/en/investors.
For descriptions of all members of the Leadership Team during
and their roles, respective membership periods and
shareholdings, see the end of this statement.
Internal control and
risk management
Risk Management
Risk management and internal control processes at F-Secure
seek to ensure that risks related to the business operations of
the company are properly identified, evaluated, monitored and
reported in compliance with the applicable regulations.
F-Secure’s Board of Directors defines the principles of risk manage
-
ment and internal controls which are followed within the company.
The Audit Committee assists the Board in the supervision of
F-Secure’s risk management function. The CEO is accountable for
ensuring that the risk management principles are implemented
and applied constantly and consistently across the organization.
The primary goal of F-Secure’s risk management principles is to
empower the organization to identify and manage risks more
effectively. The potential negative impact and probability of
different situations arising from our business operations on the
company, its customers, or its partners are monitored as part of
the risk management process.
F-Secure promotes continuous risk evaluation by the company’s
personnel. The relevant operational risks identified through the
risk management process are regularly reviewed by the CEO
and Leadership Team and the company’s statutory auditor. Risk
Management is an integrated part of F-Secure’s governance and
management, and the risk management process is aligned with
the ISO- standard. The Audit Committee regularly evaluates
the effectiveness of the risk management system.
Internal Control
The purpose of Internal Control is to ensure that operations are
effective and aligned with the strategy, and that financial reporting
and management information is reliable and in compliance with
applicable regulations and operating principles.
CORPORATE GOVERNANCE
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate responsibility
Corporate governance
Internal control consists of all the guidelines, policies, processes,
practices and relevant information about organizational structure
that help ensure that the business conduct is in compliance with
all applicable regulations. The purpose of internal control is also to
ensure that accounting and financial information provides a true
and accurate reflection of the activities and financial situation of
the company. Actual performance is monitored against sales and
cost targets by operative reporting systems on a daily, weekly, or
monthly basis.
The company constantly monitors its key financial processes
linked to sales, revenue, costs and profitability as well as incoming
and outgoing payment transactions. If any inconsistencies appear,
the issues are handled without delay. The company’s finance
department is responsible for the consistency and reliability
of internal control methods. The finance team works in close
cooperation with the CFO and businesses, providing relevant data
for business planning purposes and sales estimates. The team also
regularly assesses and monitors the reliability of estimates and
revenue recognition.
Internal audit
Audit Committee considers the need for and appropriateness
of a separate Internal Audit function on a regular basis. To
date, the Audit Committee has concluded that, due to the size,
organizational structure and largely centrally controlled financial
management of the company, a separate Internal Audit function is
not necessary.
In the absence of an Internal Audit function, attention is paid to
periodical review of the written guidelines and policies concerning
accounting, reporting, documentation, authorization, risk
management, internal control and other relevant matters in all
departments. Related controls are also tested from time to time.
The guidelines and policies are coordinated by the company’s
finance department with active involvement by the legal
department.
The absence of a separate Internal Audit function is considered
when defining the scope of the company’s external audit. Where
necessary, the Internal Audit services will be purchased from an
external service provider.
To facilitate transparency and exchange of information on Internal
Audit related matters, the financial management team has
frequent meetings with the auditors. The Audit Committee also
meets regularly with the auditors.
The company has taken into use a whistleblowing line for any
employees to notify the Board and Leadership Team of any compli
-
ance concerns.
Related party transactions
The Audit Committee defines the principles for monitoring and
assessing F-Secure’s related party transactions. The definition of
the related parties is based on IAS standard. F-Secure collects
information about its related parties on regular basis. The Board
of Directors decides on related party transactions that are not
conducted in the ordinary course of business of the company
or are not implemented under arm’s-length terms. Related party
transactions are disclosed as part of financial statements according
to the applicable legislation.
Insider management
F-Secure complies with the applicable legislation, including EU
Market Abuse Regulation (MAR), the regulations of the Finnish
Financial Supervisory Authority as well as Nasdaq Helsinki’s
Guidelines for Insiders. F-Secure has established its own insider
policy to complement the regulation and guidelines above.
F-Secure maintains a list of all persons who have regular access to
company’s financial data. Due to the sensitive nature of financial
information, persons having access to financial information before
publication of an interim financial report or a year-end report shall
be subject to a thirty () day trading restriction prior to publica
-
tion of such report.
In addition, F-Secure maintains a project-specific insider list of
any projects and events which, if realized, would be likely to have
a significant effect on the value of F-Secure’s shares or other
financial instruments, and which have been subject to delaying of
disclosure in accordance with MAR.
F-Secure has decided not to include any persons as permanent
insiders. All persons with inside information regarding a project will
be included in the project specific insider list.
Persons discharging managerial responsibilities comprise the
Board of Directors, the CEO and other members of the Leadership
Team. These persons have a duty to notify F-Secure and the Finnish
Financial Supervisory Authority of every transaction in their own
account relating to Financial Instruments of F-Secure within three
business days. The company publishes these notifications as a
stock exchange release, as specified by MAR. All releases published
on managers’ transactions are available on the company’s website.
Auditors
The auditor is elected by the Annual General Meeting for a term
of service ending at the close of the next Annual General Meeting.
The auditor is responsible for auditing the consolidated and parent
company financial statements and accounting. The auditor reports
to the Board of Directors or the Audit Committee at least once a
year.
2020:
F-Secure has been audited by PricewaterhouseCoopers with
Janne Rajalahti, Authorized Public Accountant, as the respon
-
sible auditor.
F-Secure paid the auditor EUR , in audit fees (: EUR
,), and EUR , (: EUR ,) for non-audit
services.
CORPORATE GOVERNANCE
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate responsibility
Corporate governance
PERTTI ERVI
Board member since
Chairman of the Audit Committee
Born , B.Sc. (Electronics)
Main employment history:
Currently an independent management
consultant and professional board member
Chairman of the Board –, Member of
the Board –, Teleste Corporation
Co-CEO, Member of the Executive Board,
Computer AG, –
Co-founder, Managing Director, Computer
Finland Corporation, –
Current board memberships and public
duties:
Chairman of the Board –, Member of the
Board –, Efecte Corporation
Chairman of the Board, Mintly, –
Holdings: number of shares ,
BRUCE ORECK
Board member since
Born , LL.M. (Taxation)
Main employment history:
CEO, The Train Factory Oy, –
Executive in Residence, Aalto University, –
Ambassador to Finland, United States, –
Founding and managing partner, Oreck, Bradley,
Crighton, Adams & Chase, –
Executive Vice-President and General Counsel,
Oreck Corporation, –
Holdings: number of shares ,
In this section are the biographies
of the Members of the Board
of Directors during .
Shareholdings are listed as of
December unless otherwise
stated.
BOARD OF DIRECTORS
RISTO SIILASMAA
Chairman of the Board of Directors since
Born , M.Sc. (Engineering)
Main employment history:
Founder, President and CEO, Member of the Board,
F-Secure Corporation, –
Chairman of the Board –, Member of the
Board –, Interim CEO –, Nokia
Corporation
Member of the Board –, Chairman of
the Board –, Vice-Chairman of the Board
–, The Federation of Finnish Technology
Industries
Current board memberships and public duties:
Chairman, Ministry of Finance – Technology
Advisory Board, –
Member of the Board, Picosun Oy, –
Member of the Board, Futurice Corporation, –
Senior Advisor, Boston Consulting Group, –
Member, International Advisory Board IESE, –
Member, Global Advisory Board of Yonsei University
School of Business, –
Member, Komatsu International Advisory Board,
–
Member, Global Tech Panel, an initiative of EU High
Representative Federica Mogherini, –
Holdings: number of shares ,,, holding
.%
CORPORATE GOVERNANCE
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate responsibility
Corporate governance
TUOMAS SYRJÄNEN
Member of the Board since
Born , M.Sc. (Engineering)
Main employment history:
CEO, Futurice Corporation, –
Head of Business Unit, Futurice Corporation,
–
Business Development, Futurice Corporation,
–
Current board memberships and public
duties:
Member of the Board, Vaisala Corporation, –
Member of the Board, Futurice Corporation,
–
Member of the Board, Aito Intelligence
Corporation, –
Member of the Board, Taaleri Corporation, –
Member of the Board, Fira Group Corporation,
–
Holdings: number of shares ,
KEITH BANNISTER
Board member since
Born , B.Sc. (Hons) (Mathematics and
Computer Science)
Chartered Accountant (Fellow of ICAEW)
Non-Executive Director – FT Advanced
Professional Diploma
Main employment history:
KPMG LLP, London UK, –
KPMG LLP, Partner, –
Current board memberships and public
duties:
Member of the Board of Governors, Bridewell
Royal Hospital, –
Holdings: number of shares ,
ROBERT BEARSBY
Board member since
Born , B.Sc. (Audio & Music Technology)
Main employment history:
Senior Security Consultant, F-Secure Consulting,
–
Security Consultant, MWR InfoSecurity / F-Secure
Consulting –
Junior Security Consultant, MWR InfoSecurity
–
Holdings: number of shares ,
NON-CURRENT MEMBERS
MATTI AKSELA
Board member since March until May
Holdings: number of shares ,
PÄIVI REKONEN
Member of the Board since
Chair to the Personnel Commitee
Born , M.Sc. (Economics), M.Sc. (Social
Sciences)
Main employment history:
Independent strategy advisor and professional
board member, –
Managing Director, Group Technology, UBS,
–
Senior Vice President, Global Head of Digital
Strategy, Adecco Group, –
Head of IT, Credit Suisse, –
Various leadership positions, Cisco Systems,
–
Various leadership positions, Nokia Corporation,
–
Current board memberships and public duties:
Chair to the Board of Directors, SEBA Bank AG,
–
Member of the Board, Alma Media Corporation,
–
Member of the Board, Efecte Corporation, –
Member of the Board, Konecranes Corporation,
–
Member of the Strategy Advisory Board, UNOPS,
–
Holdings: number of shares ,
CORPORATE GOVERNANCE
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate responsibility
Corporate governance
LEADERSHIP TEAM
JUHANI HINTIKKA
President and Chief Executive Officer
Born , M.Sc. (Technology)
Member of the Leadership Team since
Main employment history:
President and CEO, F-Secure, –
Investor, advisor, –
President and CEO, Comptel Corporation,
–
Various leadership positions, Nokia Networks and
Nokia Siemens Networks, –
Various leadership positions, Konecranes
Corporation, –
Holdings: number of shares
In this section are the biographies
of all the members of the
Leadership Team during .
Shareholdings are listed as of
December unless otherwise
stated.
JUHA KIVIKOSKI
Executive Vice President, Business Security
Born , M.Sc. (Econ.)
Member of the Leadership Team since
Main employment history:
EVP, Business Security, F-Secure, –
EVP, Enterprise & Channel Sales, F-Secure,
–
Managing Director, Dustin Finland, –
Vice President, Sales, McAfee/Intel Security,
–
Chief Operating Officer, Stonesoft, –
Vice President, Stonesoft, –
Holdings: number of shares ,
KRISTIAN JÄRNEFELT
Executive Vice President, Consumer Security
Born , M.Sc. (Economics)
Member of the Leadership Team since
Main employment history:
EVP, Consumer Security, F-Secure, –
Director, Sales, Fujitsu Finland Corporation,
–
CEO and partner, Miradore Corporation,
–
CEO and partner, Concilio Networks Corporation,
–
Various leadership positions, Hewlett-Packard,
–
Holdings: number of shares ,
CORPORATE GOVERNANCE
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate responsibility
Corporate governance
EDWARD PARSONS
Executive Vice President, Cyber Security
Consulting
Born , B.Sc. (History)
Member of the Leadership Team since
Main employment history:
EVP, Cyber Security Consulting, F-Secure, –
Managing Director, F-Secure Consulting (UK),
–
Director, MWR InfoSecurity, –
Senior Manager, KPMG, –
Civil Servant, –
Consultant, Accenture, –
Holdings: number of shares ,
TIM ORCHARD
Executive Vice President, Managed Detection &
Response
Born ,B.Sc. (Psychology)
Member of the Leadership Team since
Main employment history:
EVP, Managed Detection & Response, F-Secure,
–
Chief Operating Officer, Countercept, –
Various leadership positions, BAE Systems
Applied Intelligence, –
Technical Director, Activity Info Management Ltd.,
–
Holdings: number of shares
ERIIKKA SÖDERSTRÖM
Chief Financial Officer
Born , M.Sc. (Econ.)
Member of the Leadership Team since
Main employment history:
CFO, F-Secure, –
CFO, KONE Corporation, –
CFO, Vacon Corporation, –
CFO, Nautor Corporation,
Various finance leadership positions, Nokia
Networks and Nokia Siemens Networks,
–
Current Board memberships:
Member of the Board, Bekaert, –
Member of the Board, Valmet Corporation, –
Chairman of the Audit Committee, Valmet
Corporation, –
Holdings: number of shares ,
JARI STILL
Chief Information Officer
Born , B.Sc. (Information processing science)
Member of the Leadership Team since
Main employment history:
CIO, F-Secure, –
Vice President, R&D Operations, F-Secure,
–
Head of R&D, Mobile Business Unit, F-Secure,
–
CEO and Co-founder, Modera Point Corporation,
–
Current Board Memberships:
Member of the Board, Dimecc Oy, –
Member of the Board, Oulu Chamber of
Commerce, –
Member, Innovation Working Group, The
Federation of Finnish Technology Industries,
–
Holdings: number of shares ,
CORPORATE GOVERNANCE
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate responsibility
Corporate governance
JYRKI TULOKAS
Chief Technology Officer
Born , M.Sc. (Economics)
Member of the Leadership Team since
Main employment history:
CTO, F-Secure, –
EVP, Cyber Security Products & Services, F-Secure,
–
EVP, Strategy and Corporate Development,
F-Secure, –
Various leadership positions in product
management, marketing, strategy and business
development, F-Secure, –
Head of Business Development, Suunto
Corporation, –
Holdings: number of shares ,
ANTTI HOVILA
Executive Vice President; Strategy, Brand &
Communications
Born , M.Sc. (Technology), MBA
Member of the Leadership Team since
Main employment history:
EVP, Strategy, Brand & Communications, F-Secure,
–
EVP, Strategy and Corporate Development,
F-Secure,
Associate Director, Strategy & Planning, Fidelity
International, –
Equity Research Analyst, Fidelity International,
–
Business Development Manager, Nokia
Corporation, –
Management Consultant, McKinsey & Company,
–
Holdings: number of shares
EVA TUOMINEN
Executive Vice President, People Operations &
Culture
Born , M.Sc. (Econ.)
Member of the Leadership Team since
Main employment history:
EVP, People Operations & Culture, F-Secure, –
Director, Human Capital Consulting, Deloitte
Finland, –
Consulting Director, Nordic Region, NGA Human
Resources, –
Business Unit Manager, NGA Human Resources,
–
Holdings: number of shares
CHANGES IN LEADERSHIP TEAM
COMPOSITION AFTER PERIOD-END
In February , Ari Vänttinen started as Chief
Marketing Officer. Consequently, Antti Hovila is
now Executive Vice President, Strategy & Portfolio.
NON-CURRENT MEMBERS
SAMU KONTTINEN
President and CEO – until end of October
IAN SHAW
Executive Vice President, Cyber Security
Consulting – until end of October
CORPORATE GOVERNANCE
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate responsibility
Corporate governance
REMUNERATION STATEMENT
REMUNERATION REPORT
The reporting and transparency requirements for listed companies
increased as the new EU Shareholder Rights Directive (SHRD) and
Finnish Corporate Governance Code 2020 were implemented.
F-Secure’s Remuneration Policy was renewed to comply with
these regulations, and it was approved in the Annual General
Meeting in May 2020. The Remuneration Report is now updated
in accordance with the SHRD and Finnish Corporate Governance
Code and it provides a comprehensive picture of the remuneration
of the company’s governing bodies for the financial year 2020.
Remuneration principles at F-Secure
According to F-Secure’s Remuneration Policy, the company’s
remuneration is designed to promote the business objectives and
long-term profitability of the company. The company’s objective is
to reward for performance and competencies. The remuneration
is designed to be competitive compared to the relevant peer
groups, increase commitment and work engagement and to be
consistent across the organization. These principles have been
taken into account in the company’s remuneration in the financial
year 2020.
The President and CEO’s remuneration follows the same principles
as for all other employees. A significant portion of the President
and CEO’s remuneration package is based on performance, on
target level the short-term and long-term incentives comprise
57% of the total remuneration. The short- and long-term
incentive plans are based on company’s financial performance to
ensure a strong link between company’s performance and CEO
remuneration. The President and CEO is also expected to build and
maintain a shareholding corresponding to at least one year’s base
salary in the company to align management’s interests with those
of shareholders.
Remuneration in
The Personnel Committee regularly reviews executive
remuneration in F-Secure compared to the peer groups to ensure
competitiveness and alignment with market practices. During
2020, the Committee conducted a benchmark study to analyze
CEO compensation against peer companies. The study showed
that the President and CEO’s base salary is at market median, while
the short-term and long-term incentive earning opportunities are
slightly above the market median.
During 2020, F-Secure renewed the long-term incentive plans
and introduced a Performance Share Plan as the main share-
based long-term incentive plan and a Restricted Share Plan as a
complementary plan. The purpose of all share-based long-term
incentive plans are to retain, motivate and reward individually
selected key employees as well as to align their interests with
those of the Company’s shareholders by creating a long-term
equity interest for these individuals.
In November 2020, Juhani Hintikka was appointed as the new
President and CEO, and due to this change in leadership, an
exception to the Remuneration Policy was done as a one-time
allocation of restricted shares was granted to the new President
and CEO under the Restricted Share Plan. According to
F-Secure’s Remuneration Policy, the Board of Directors may
temporarily deviate from the Remuneration Policy in exceptional
circumstances, such as in connection with the appointment of a
new CEO. There are no financial performance criteria attached to
the Restricted Share Plan and the shares vest after the three-year
restriction period in 2024, given that the employment continues
without interruption until the payment. The annual base salary was
defined to be EUR 350,000 for the President and CEO. Otherwise,
the pay mix and the target and maximum levels of short- and
long-term incentives for the President and CEO continue as they
have been defined in the Remuneration Policy.
For President and CEO Samu Konttinen, total earned remuneration
in 2020 was EUR 482,863 (EUR 466,780 in 2019), of which EUR
172,442 (EUR 171,192 in 2019) was in the form of variable pay. For
Juhani Hintikka total earned remuneration in 2020 was EUR 58,374.
At the end of 2020, the President and CEO Juhani Hintikka held no
F-Secure’s shares.
Introduction
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate responsibility
Corporate governance
158
170
191
217 220
7% 7%
12%
14%
1%
19
18
17
23
36
-4%
-5%
-4%
33%
55%
0
50
100
150
200
250
REMUNERATION STATEMENT
Remuneration of the Executives
F-Secure has been focusing on growth in the past years which is
visible in the company’s revenue development since 2016. The
COVID-19 affected the markets heavily during 2020 and as a
result, the revenue growth slowed down. At the same time, the
company’s profitability has improved significantly during 2019 and
2020.
Over the same period, the compensation of executives has
developed modestly. The remuneration of Board of Directors was
brought closer to market median levels in 2018 and it has stayed
on the same level since. The total remuneration of the President
and CEO has varied year over year as a significant part of the
remuneration is tied to company’s financial performance.
Revenue development
–
Adjusted EBITDA development
–
Value of theorethical investment of
EUR done in
Share price development, paid dividends re-invested to share
● F-Secure
● OMX TECH
● HACK
Source: FactSet
● Revenue, MEUR
● Revenue development, year over year %
● Adjusted EBITDA, MEUR
● EBITDA Development, year over year %
Average annual
remuneration (EUR)
President and CEO
)
Chairman of the Board
Other Board Members
)
Average employee
)
)
Paid remuneration during the calendar year, including base salary as well as short- and long-term incentives.
)
Average of the remuneration paid to the Board Members, excluding the employee representative.
)
The total paid wages and salaries during the calendar year / average headcount during the year in all countries.
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate responsibility
Corporate governance
REMUNERATION STATEMENT
The Annual General Meeting on 12 May 2020 decided that the
Board of Directors be paid fixed annual compensation for the
term ending at the end of the next Annual General Meeting.
Approximately 40% of the annual remuneration is paid in
F-Secure’s shares. No additional meeting fees are paid to members
of the Board of Directors. The company will pay any applicable
asset transfer tax arising from remuneration paid in shares on
Board Members’ behalf.
For Members of the Board of Directors, changes in the holdings
of the company shares and rewards paid in shares are reported
according to the Market Abuse Regulation. Related stock
exchange releases are available on the company’s web pages.
The fixed annual fee for Chairman of the Board is EUR 80,000, for
the Committee Chairmen EUR 48,000, for Members of the Board
EUR 38,000 and for Board Member belonging to the personnel of
the company EUR 12,667.
The travel expenses and other costs directly related to the
board work of the members of the Board of Directors are paid in
accordance with the company’s compensation policy in force at
any given time. In addition, the Chairman of the Board of Directors
is offered assistant and administrative services.
The Board of Directors Remuneration in
Member
Remuneration paid in
cash
Remuneration paid in
shares, EUR
Remuneration paid in
shares, pcs Total
Risto Siilasmaa EUR EUR EUR
Pertti Ervi EUR EUR EUR
Bruce Oreck EUR EUR EUR
Päivi Rekonen EUR EUR EUR
Tuomas Syrjänen EUR EUR EUR
Keith Bannister
)
EUR EUR EUR
Robert Bearsby
)
EUR EUR EUR
Total EUR EUR EUR
)
Since May
Remuneration of the Board of Directors
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate responsibility
Corporate governance
REMUNERATION STATEMENT
Salaries and financial benefits paid in and accrued based on 2020 are described in the table below.
President and CEO Samu Konttinen
Payments in Accrued based on
Base salary, including fringe benefits EUR –
Supplement Pension / Other financial benefits –
Short-term incentive (STI)
Earning period EUR
Earning period EUR EUR
Long-term incentive (LTI) EUR/shares
LTI – EUR
LTI – shares
Total EUR EUR / shares
President and CEO Juhani Hintikka
Payments in Accrual based on
Base salary, including fringe benefits EUR –
Pension / Other financial benefits – –
Short-term incentive (STI)
Earning period – –
Earning period – EUR
Long-term incentive (LTI) €/shares
LTI – – –
LTI – – –
Total EUR EUR
Remuneration of the President and CEO in
CEO and President
JuhaniHintikka
Paymix, actual payments
● Base salary
100%
CEO and President
SamuKonttinen
Paymix, actual payments
● Base salary ● STI ● LTI
64%
24%
11%
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate responsibility
Corporate governance
REMUNERATION STATEMENT
Short-term incentive payments are done bi-annually. The short-
term incentive rewards paid in 2020 comprise of the reward for
the 2nd half of 2019 and the reward for the 1st half of 2020. The STI
Plan 2019 for the President and CEO Samu Konttinen was based on
F-Secure’s revenue growth with 70% weight and adjusted EBITDA
with 30% weight of total. The overall performance for these two
criteria in the 2nd half of 2019 was 33,0% and the corresponding
reward was paid in March 2020.
The STI Plan 2020 for the President and CEO Samu Konttinen was
based on F-Secure’s revenue with 60% weight and adjusted EBITDA
with 40% weight of total. The overall performance for these two
criteria was 86.0% and the corresponding reward is paid in two
instalments in August 2020 and February 2021.
The STI Plan 2020 for the President and CEO Juhani Hintikka
was based on F-Secure’s revenue with 60% weight and adjusted
EBITDA with 40% weight of total. The overall performance for
these two criteria was 86.0% and the corresponding reward is
paid in February 2021. The reward is pro-rated according to the
employment time with the company.
Long-term incentive paid in 2020 was based on the LTI Plan
2017–2019. The performance criterion for this plan was F-Secure
Revenue in 2019 and the achievement was 56.7% and the
corresponding reward was paid to the President and CEO Samu
Konttinen in April 2020 partly in shares and partly in cash.
The LTI Plan 2018–2020 will be paid in 2021 and the performance
criterion for this plan was F-Secure Revenue in 2020. The
achievement for this plan is estimated to be 30.0% and the
corresponding gross reward of 21,600 shares will be paid to the
former President and CEO Samu Konttinen in March 2021 partly in
shares and partly in cash.
Rolling structure of long-term incentive plans
Long-term incentive plan –
Long-term incentive plan –
Long-term incentive plan –
Reward
payout
Reward
payout
Reward
Payout
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate responsibility
Corporate governance
Contact information
Eriikka Söderström, CFO, F-Secure
Henri Kiili, Investor Relations and Corporate Finance Director,
F-Secure
+358 40 840 5450
investor-relations@f-secure.com
INFORMATION FOR SHAREHOLDERS
content F-Secure
design and layout Kreab
photographs F-Secure
Financial calendar
During the year , F-Secure Corporation will publish
financial information as follows:
•
Interim report January–March , April ,
•
Half year financial report January–June , July ,
•
Interim report January–September , October ,
Annual General Meeting
The Annual General Meeting is scheduled for
Wednesday, March , at : EET. More information is available at
https://www.f-secure.com/en/investors/governance?aannual-general-meeting.
F-Secure 2020
Board of Directors’ Report
Financial statements
Corporate governance
Corporate responsibility
F-Secure Corporation
Tammasaarenkatu 7
P.O. Box 24, 00181 Helsinki
Tel. +358 9 2520 0700
helsinki@f-secure.com
www.f-secure.com
Corporate responsibility
Corporate governance
F-Secure 2020
Board of Directors’ Report
Financial statements
