Cyber Security 1 : CYBER1 Annual Report 2023 English

Annual Report

Table of Contents
Table of Contents	2
CYBER1 in short	4
Highlights 2023	5
President's message	7
CYBER1 as an investment	9
Financial Highlights	12
Administrator's report	13
Key Financial Ratios	13
Financial Statements	17
Consolidated and Parent Company Statement of Financial Position	18
Consolidated and Parent Company Statement of Comprehensive Income	20
Consolidated Statement of Changes in Equity	22
Consolidated and Parent Company Statement of Cash Flows	24
Accounting policies and explanatory notes to the financial statements	26
Significant Accounting policies	26
Notes to the annual financial statements:	40
1.	Financial instruments and risk management	40
2.	Segment information	52
3.	Salaries and other salary remuneration	56
4.	Audit and consulting fees	60
5.	Depreciation, amortisation, and write-downs	60
6.	Income tax	61
7.	Intangible Assets	61
8.	Impairment test of Goodwill	63
9.	Tangible fixed assets	66
10.	Leases	66
11.	Investment in subsidiaries	67
12.	Discontinued Operations	69
13.	Inventories	69
14.	Trade and other receivables	70
15.	Liabilities and other provisions	71
16.	Non-Controlling interest	71
17.	Share capital	72
18.	Earnings per share	73
19.	Equity	74
		2| P a g e

20.	Related party transactions	74
21.	Major Shareholders	75
22.	Events after reporting period	75
23.	Appropriation of current year profit/(loss)	75
24.	Approval of annual report	76

3| P a g e

CYBER1 in short

Significant revenue and gross profit improvements, combined with streamlining of operating expenditure to showcase EBITDA profitability and upside growth potential leading into 2024.

CYBER1 is a multi-product and multi-jurisdictional leader in cyber security advisory and solutions. We are uniquely placed to help customers achieve cyber resilience. CYBER1 has been listed on First North Growth Market since 2016.

It's headquartered in Stockholm Sweden, with multiple offices across Africa and the EMEA region which creates good opportunities for adapting services to local conditions and security threats, where each company's needs are unique.

TRINEXIA is the trusted Cyber Security, forensics, governance, risk and compliance value added distributor of leading solutions across Europe, Middle East, Africa, Southern Africa and India. We are consistently and successfully adding great value to our partner community, with our partners, we design and deliver intuitive, trusted and leading solutions that are customised to achieve the required results, whilst being admired for our people, partnerships and performance.

CYBER1 Solutions - Our advisory solutions deliver information security; IT risk management; fraud detection; governance and compliance; as well as a full range of managed services. We also provide bespoke security services across the spectrum, with a portfolio that ranges from the formulation of our customers' security strategies to the daily operation of end-point security solutions. To do this, we partner with world-leading security vendors to deliver cutting-edge technologies augmented by our wide range of professional services.

C1 SOC- A robust Next-Generation SOC can bolster any organisations cybersecurity by offering improved threat intelligence, automation, real-time visibility, and compliance with regulations and standards. Gartner suggests that organisations consider outsourcing their SOC if they lack the resources or expertise to build and maintain one in-house. CYBER1 SOC offers ongoing monitoring of advanced threats across endpoints, networks, cloud environments, and applications. Our services detect emerging, evolving, and established threats through the latest threat intelligence and hunting.

Outsourcing a SOC to a Managed Security Services Provider (MSSP) can offer several benefits, including:

• Access to expert resources: MSSPs can provide access to a team of experienced security professionals who can monitor and respond to threats around the clock.
• Cost savings: MSSPs can provide SOC services at a lower cost than building and maintaining an in- house SOC.
• Scalability: MSSPs can quickly ramp up or down services based on an organisation's changing security needs.
• Flexibility: MSSPs can provide a range of SOC services tailored to an organisation's specific needs and requirements.

4| P a g e

Highlights 2023

CYBER1 Value Added Distribution companies to rebrand as TRINEXIA

At the start of 2023, CYBER1 announced that its Value-Added Distribution (VAD) companies, Credence Security, Cyber Security Africa Distribution (CSAD) and Cyber Security South Africa (CSSA), will be rebranded as TRINEXIA. This announcement is in keeping with the global growth plans, as the company expands its footprint and aligns our VAD under one, cohesive brand.

CYBER1 Carries Out Directed Set-Off New Issue

In March of 2023, pursuant to authorization granted by the annual general meeting on 25 May 2022 the board of directors in CYBER1 resolved on a directed set-off issue of 4,615,385 new shares at a subscription price of EUR 0.0130 per share. The new issue is directed to a supplier of services to the Company, with share payment made by set-off of invoice claims on the Company.

CYBER1 Solutions Division Expands Further Into Europe

CYBER1 Solutions announced the expansion of its European presence, and the appointment of Hilbert Long as the General Manager for the region in line with the EMEA expansion plans. The company's European office is based out of London and with staff across EMEA. The business aims to grow its footprint in the region by expanding its set of cyber security services to current and future customers.

CYBER1 announced partnership with 9TH BIT on mutual opportunities around DevSecOps and Cyber Security

CYBER1 announced a partnership with 9TH BIT, a leading provider of Information Technology in Integration, Microservices & API, DevOps & DevSecOps, DataOps & NoSQL as well as Observability & AIOps domains. The partnership agreement will see both organisations collaborating in the referral of customers, as well as joint sale and supply of technologies and services.

CYBER1 announced formal closure of American Depositary Receipt programme

The decision has been taken related to the programme previously established in 2018, following the company's strategic focus on its core offering and engagement in capital markets, through its listing on Nasdaq First North Growth Market in Sweden.

CYBER1 Next-Gen Security Operations Centre receives ISO 27001 certification

CYBER1 announced that its Next-Gen Security Operations Centre (C1 SOC) has been certified by the International Organisation for Standardisation (ISO), related to its 27001 approach on information security management.

This achievement demonstrates CYBER1's commitment to attain the highest industry standards for safeguarding data and protecting against cyber threats. This accomplishment also underscores C1 SOC's effectiveness in delivering robust and reliable security measures, to ensure the safety and integrity of our clients' critical assets.

5| P a g e

CYBER1 subsidiary in South Africa achieves B-BBEE Level 1 award

CYBER1's largest subsidiary CYBER1 Solutions South Africa, announced its attainment of a B-BBEE(Broad-Based Black Economic Empowerment) Level 1 status.

B-BBEE is a vital framework in South Africa, designed to address historical inequalities and promote economic transformation. The rating system ranges from Level 8 (the lowest) to Level 1 (the highest), with Level 1 indicating the highest commitment to empowerment and diversity. This achievement demonstrates CYBER1 and its subsidiaries dedication to advancing the economic empowerment of previously disadvantaged groups and fostering inclusivity.

6| P a g e

President's message

Increased expansion paving the way for improved growth and profitability

Dear shareholders, Following the close of 2023, I am pleased to announce the formal results for the financial year. We confirmed at the end of 2023 that the company saw significant underlying investment in our Security Operations Centre, as well as providing a solid organisational foundation in which to realise growth in 2023. I am pleased to confirm that we have achieved progress on our strategic priorities, as well as significantly improving our financial results for the full year.

Year-to-date group revenue has increased by 13% year on year from €46,833k in 2022 to €52,905k in 2023. This overall growth achievement is significant, as the business has strategically focused on improving commercial engagements with clients, partners, distributors, and vendors respectively, ensuring that the business is growing in line with market trends.

Gross Margin for 2023 has been a significant success for the company, increasing overall by €2,797k (30%). This growth has been achieved through closer collaboration with our valued vendor portfolio, alongside a significant investment in professional services and SOC provisions.

Operating Expenditure for 2023 has continued the downward trend, decreasing in the financial year by €1,032k, when compared to 2022. This 8% reduction has been achieved through greater alignment within the distribution segment (Trinexia), followed by greater technology and staffing efficiencies being realised within Cyber1 Solutions South Africa.

Finally, EBITDA for the full year has shown a return to positive results, recording €636k for 2023. This result is an improvement of €3,706k from the prior year. A significant effort in achieving growth and investment in the right areas has led to the company being placed on a strong foundation on which to build in 2024.

Our business units continue to grow and be at the forefront of cyber security developments.

CYBER1 Solutions has experienced significant success in Europe and the Middle East, with the acquisition of new clientele and the integration of cutting-edge technologies. Meanwhile, our longstanding entity, C1 Solutions SA, has undergone a transformative evolution in its business strategies, positioning itself as a leader in cyber security provisions within the region.

The highlight of the year was the appointment of Ethel Nyembe as Executive Director for Africa, whose extensive business expertise promises to unlock new avenues for further growth.

In TRINEXIA, our African and South African branches have seamlessly integrated into our group operations. The acquisition of additional distribution rights with major vendors like Skyhigh Security and CyberArk signifies promising growth and market expansion prospects.

In the Middle East, our entity continues its upward trajectory, with a new management team driving positive advancements in vendor partnerships. We anticipate further evolution throughout 2024 and beyond from these positive developments.

C1 SOC has enjoyed a remarkably successful 2023, culminating in ISO 27001 certification and the acquisition of new customers in which to provide twenty-four by seven monitoring. The milestone of the certification has not only enhanced our internal operations but has also expanded our market reach beyond Africa. We are now focusing on targeting European and Middle Eastern markets,

7| P a g e

leveraging our expertise to secure multi-year deals across various sectors. Our commitment to delivering bespoke solutions with the latest technologies remains unwavering.

Our three year strategic focus has seen some great examples of progress within 2023:

• "Expanding into target territories" Within CYBER1 Solutions During the year, our UK operations continues to positively expand, with new customers being added as well as additional commercial resources to further drive growth. Developments within Uganda have also proven to be effective, providing services and solutions within a rapidly growing market. We value the role of our larger operational hubs across EMEA in supporting our expanding regions. Within Trinexia
• "Developing our Next-Gen SOC offering on a global scale" We were delighted for our SOC to become ISO 27001 Certified. This has opened the gateway to new markets. We have expanded our customer base, whilst innovating through the addition of new technologies. Our SOC staff are continually evolving their capabilities, with new accreditations and experience adding direct value to the end user experience.
• Engaging with the latest innovative technologies on the market. Our search for the latest technologies continued to realise significant opportunities for the company. Under CTO Simon Perry's remit, he has worked tirelessly to ensure each region is working with the best of breed and latest technologies, to drive positive impact for our customer base.
• "Identifying new business lines based on new trends within the market." CYBER1 is continually growing its partnerships with leading providers. The announcement of our collaboration with 9TH BIT has seen an increased pipeline of new customers, as well as exposure at leading technology events. Beyond this partnership, CYBER1 is developing its approaching around providing educational training and development within Africa. Given the global shortage of qualified cyber security personnel, we are well positioned to provide meaningful change in this area, whilst improving individual opportunities for innovators in this space.

With the end of 2023, CYBER1 is continuing to implement its strategic objectives for 2024, building on the progress achieved on the four growth priorities. The company's vision is to create the world's most resilient cyber security environments for our customers and our strategy will enable our clients to be ready to handle the latest threats. Our continued thanks go to our valued stakeholders, especially our shareholder base for your support throughout 2023. From the platform started in 2022, we have in 2023 built an increased base in which to drive significant growth and shareholder value in 2024. There is significant potential in this fast-developing market, and we are more committed than ever, to unlocking and realising the potential of CYBER1 into the future.

Stockholm, 24 May 2024.

Robert Brown Group President and Executive Director

8| P a g e

CYBER1 as an investment

Four key areas are driving growth.

CYBER1 has excellent opportunities to continue to grow at a high rate throughout EMEA , based on our best of breed products and services, history of growth, and the strongly underlying market demand in cyber security.

Continued lack of skills capabilities and global shortage of cyber security professionals

The last two years have seen an interesting shift in the overall demand of cyber security requirements. Historically, the open vacancies globally have widened but with developing technologies and further automation being realised, 2021, 2022 and 2023 have seen a dip in overall employment vacancies. Despite this, there is still anticipated, by 2025, for there to be 3.5 million open vacancies. This has caused not only an increase in spend to cover additional resources but also the solutions required to meet the needs of a rapidly expanding security environment.

According to Gartner, global spending in cyber security will increase at a CAGR of 11% in 2026, taking the total projected annual global spend to €244 billion. Areas such as cloud computing investment will see exponential growth immediately, with a projected 27% increase to 2023 (€6.24 billion). The demand for these types of provisions should be aligned with our vendor portfolio, to ensure our stack meets the needs of customers whilst also leveraging on the additional uplift in spending.

Local presence within growing cyber security markets

CYBER1 has seven entities which cover predominantly across EMEA but with a globally expanding scope with our Next-Gen SOC offering. Trinexia Distribution, with offices in South Africa, Mauritius and the United Arab Emirates. CYBER1 Solutions, which covers the Group's advisory and solutions component in South Africa, Kenya, Europe and Middle East. Our C1SOC entity, which delivers twenty- four by seven monitoring and threat intelligence, is based in South Africa. The companies have technical specialists, enabling them together with sales and development to assess security environments and advocate solutions for each unique environment. The different markets depend on the deeply entrenched relationships CYBER1's key people hold with niche vendors in cyber security. These relationships ensure that the CYBER1 group is the gateway to some of the fastest growing regions.

Specialist Services

CYBER1 is a leading provider of innovative solutions and services in the field of cybersecurity. The company has partnered up with numerous leading cybersecurity vendors, enabling them to provide customers with a robust line of defence against potential threats to their organisation. In addition to software sales, CYBER1 also offers professional services to help identify potential vulnerabilities, provides expert advice on preventative solutions, and ensures that appropriate protocols are in place in the event of a security breach.

CYBER1's Next-Gen Security Operating Centre employs state-of-the-art technology to ensure real-time monitoring of client security, remotely. This feature provides CYBER1's clients with a formidable defence against cyber-attacks.

With its diverse array of products and services, CYBER1 is well positioned to continue generating strong sales and maintaining healthy margins into the future. As a customer-focused company, CYBER1 is

9| P a g e

committed to providing superior cybersecurity solutions and ensuring the safety and security of all its clients.

CYBER1 offers best in class software solutions and services related to cyber security. The company has license rights to sell software programs from many suppliers in cyber security, which gives them the opportunity to offer strong protection. The company also uses professional services to identify deficiencies, acts as an advisor regarding solutions, and ensures that the right processes are in place in the event of a data intrusion. The Next-Gen Security Operating Centre area gives customers a chance to defend themselves against cyber-attacks by CYBER1, by monitoring security in real time, remotely. Our selected products and services give CYBER1 the opportunity to increase its sales and maintain good margins going forward.

Markets and trends

Middle East and Africa

Across the Middle East, a number of jurisdictions are investing heavily in their commercial endeavours, to diversify amongst natural resource production and extraction. The Middle East cybersecurity market is calculated to reach €42 billion by 2028, with a growth of 17.1% during the forecast period of 2022- 2028. Due to the proliferation of digitalization, the advanced sophistication of cyberattacks across heavy industries to result in financial and reputational failures, stringent government regulations, and cyberattacks are anticipated to be the major market drivers. Adopting the necessary steps to secure the overall security posture and technological advancements in cloud and IoT has bolstered potential use cases across verticals.

According to Markets and Markets, the Middle East Cybersecurity Market is expected to witness rapid growth in various countries across the Middle East region. The Kingdom of Saudi Arabia is expected to have the largest market share and dominate the Middle East Cybersecurity Market from 2022 to 2027, due to the need to safeguard enterprises in various industrial verticals such as BFSI, energy and utilities, government and defence, healthcare, IT and ITeS and others from advanced threats. This development follows the requirement for investment in new smart cities and government projects.

Within the enterprise level community in the Middle East, there are a number of trends related to competence and knowledge surrounding key security components. Based on the Digital Trusts Insights (Middle East 2022) by PwC there is a clear lack of appropriate mechanisms to protect and combat against cloud security, Internet of Things (IoT) and Software Supply Chain Risk.

Across the Africa region, the rapid advancement in digitisation creates a number of additional threats that have become present. Due of the speed in which technology is being adopted, creating a security by design approach has not always been enforced as stringently within the private sector. Further complication in the environment is made through the lack of adoption of cyber security legislation.

From a government perspective, there are still countries within the continent without any formal legislation either implemented or in draft form (please see below). Of the countries on the continent of Africa, those with legislation stands at thirty-nine (72%), those with draft legislation at two (4%), no legislation at twelve (22%) and one nation no data (2%). In contrast, Europe has a much higher adoption of security legislation at 91%. The maturity of businesses within Africa can greatly impact on the strategy of CYBER1 and the opportunities available in Africa. KPMG Africa Cyber Security Outlook has identified that large organisations with defined strategies on cyber security stand at 97%, whereas within the Small, Medium and Enterprise (SME) space, this drops down to 77% with defined strategies on cyber security.

10| P a g e