SSH Communications Security Oyj
OMXH:SSH1V
US |
Fubotv Inc
NYSE:FUBO
|
Media
|
|
US |
Bank of America Corp
NYSE:BAC
|
Banking
|
|
US |
Palantir Technologies Inc
NYSE:PLTR
|
Technology
|
|
US |
C
|
C3.ai Inc
NYSE:AI
|
Technology
|
US |
Uber Technologies Inc
NYSE:UBER
|
Road & Rail
|
|
CN |
NIO Inc
NYSE:NIO
|
Automobiles
|
|
US |
Fluor Corp
NYSE:FLR
|
Construction
|
|
US |
Jacobs Engineering Group Inc
NYSE:J
|
Professional Services
|
|
US |
TopBuild Corp
NYSE:BLD
|
Consumer products
|
|
US |
Abbott Laboratories
NYSE:ABT
|
Health Care
|
|
US |
Chevron Corp
NYSE:CVX
|
Energy
|
|
US |
Occidental Petroleum Corp
NYSE:OXY
|
Energy
|
|
US |
Matrix Service Co
NASDAQ:MTRX
|
Construction
|
|
US |
Automatic Data Processing Inc
NASDAQ:ADP
|
Technology
|
|
US |
Qualcomm Inc
NASDAQ:QCOM
|
Semiconductors
|
|
US |
Ambarella Inc
NASDAQ:AMBA
|
Semiconductors
|
Utilize notes to systematically review your investment decisions. By reflecting on past outcomes, you can discern effective strategies and identify those that underperformed. This continuous feedback loop enables you to adapt and refine your approach, optimizing for future success.
Each note serves as a learning point, offering insights into your decision-making processes. Over time, you'll accumulate a personalized database of knowledge, enhancing your ability to make informed decisions quickly and effectively.
With a comprehensive record of your investment history at your fingertips, you can compare current opportunities against past experiences. This not only bolsters your confidence but also ensures that each decision is grounded in a well-documented rationale.
Do you really want to delete this note?
This action cannot be undone.
52 Week Range |
0.988
2.18
|
Price Target |
|
We'll email you a reminder when the closing price reaches EUR.
Choose the stock you wish to monitor with a price alert.
Fubotv Inc
NYSE:FUBO
|
US | |
Bank of America Corp
NYSE:BAC
|
US | |
Palantir Technologies Inc
NYSE:PLTR
|
US | |
C
|
C3.ai Inc
NYSE:AI
|
US |
Uber Technologies Inc
NYSE:UBER
|
US | |
NIO Inc
NYSE:NIO
|
CN | |
Fluor Corp
NYSE:FLR
|
US | |
Jacobs Engineering Group Inc
NYSE:J
|
US | |
TopBuild Corp
NYSE:BLD
|
US | |
Abbott Laboratories
NYSE:ABT
|
US | |
Chevron Corp
NYSE:CVX
|
US | |
Occidental Petroleum Corp
NYSE:OXY
|
US | |
Matrix Service Co
NASDAQ:MTRX
|
US | |
Automatic Data Processing Inc
NASDAQ:ADP
|
US | |
Qualcomm Inc
NASDAQ:QCOM
|
US | |
Ambarella Inc
NASDAQ:AMBA
|
US |
This alert will be permanently deleted.
Earnings Call Analysis
Q3-2023 Analysis
SSH Communications Security Oyj
In an impressive display of growth amid a competitive landscape, the company reported a 12% increase in net sales, with total revenues reaching EUR 5.2 million for the third quarter. Much of this growth is attributed to the company's success in subscription sales, ballooning by a notable 33%, and advancing the Annual Recurring Revenue (ARR) to EUR 19.4 million, marking a 10% increase.
Highlighting the quarter was the acquisition of a significant new customer, a global financial institution, which added approximately $0.25 million in annual recurring revenue from the PrivX solution. The company also unveiled 'Secure Collaboration 2024', expanding its product suite and signaling a move to enhance human-to-human interaction security. A strategic partnership with Beyond Identity was initiated to improve endpoint and session control, underscoring a shift towards comprehensive cybersecurity solutions.
The financials reflect a balance of strengths and strategic shifts. With a positive EBITDA of EUR 1 million and an EBIT of EUR 0.1 million, the company demonstrates effective cost control while investing in growth. Deferred revenues escalated to EUR 12.5 million, in tandem with overall business growth, while cash flow from operations was robust at EUR 0.8 million. The company concluded the quarter with a stable cash position of EUR 2.6 million.
In the broader cybersecurity market, the company maintains a unique position. While not the fastest-growing compared to some competitors, it boasts a convergence of robust and sustained growth with profitability, a rarity in a sector where many register high growth rates but fail to achieve profitability, as shown by the Rule of 40 benchmark. This aligns with the company's focus on profitability alongside expansion.
The company has made significant strides in product development, positioning PrivX as a comprehensive platform integrated with key products such as Tectia, UKM, and CollabX. This integration supports a strategy of selling holistic solutions rather than discrete products, matching the evolving needs of larger clients particularly appreciative of the company's focus on seamless access control, as opposed to merely erecting cyber barriers.
With the integration of Beyond Identity's secure device and location verification, the company moves towards eliminating cumbersome multi-factor authentication methods, targeting a frictionless user experience. The acquisition of Deltagon marks an expansion into secure collaboration offerings, addressing the stringent regulatory requirements of financial institutions, and laying the groundwork for services like video calls and instant messaging within business-to-business transactions.
Approximately half of the company's business is conducted through various partners, including legacy and new relationships. The company is steering these partnerships towards promoting its entire solution suite rather than individual products. Special emphasis is being placed on the industrial automation sector, encouraging end customers to maintain control over access to their systems, emphasizing security and autonomy in factory-to-cloud communications.
Welcome, welcome dear guests online. I'm admitting people offline. Please mute your microphones, if you are not told. Thank you. We will start in 10 seconds. Also, if I can ask everybody to shut cameras if you are not talking.So let's kick off our today's call. One moment. Yes. Welcome to our investor call on SSH Communications Security's Business Review July 1 to September 30, 2023, Q3. This meeting will be recorded, and the recording alongside with the presentation will be available on our web page after this call. My name is Lauri Koponen, and I'm the Communications Lead here at SSH. And I will be the host of this call. Results will be presented by our CEO, Teemu Tunkelo; and CFO, Michael Kommonen. You can ask questions at the end of the event by asking to speak in the chat or writing your question there. Please keep your mics and cameras muted and shutted whenever you don't have the floor. And I can see that people are still joining the call. But let's move to the financial results.Please, Michael. Floor is yours.
Thank you, Lauri.So in the third quarter of this year, we recorded net sales growth of 12%, while our EBITDA was positive EUR 1 million, and EBIT also positive in this quarter of EUR 0.1 million. So net sales accelerated, the growth accelerated compared to the first half of the year when we saw 9% sales growth and reached EUR 5.2 million in the third quarter. This sales growth was driven by the continued momentum in our subscription sales, which grew 33% in the quarter. And driven by the sales growth and the subscription sales growth, our ARR increased by 10% and reached EUR 19.4 million at the end of the third quarter.The EUR 1 million in quarterly EBITDA was a clear improvement, both compared to the previous quarters of this year and also a clear improvement compared to the third quarter last year. The improved EBITDA was mostly driven by the sales growth and supported by our cost control and our controlling spending overall. This last quarter was also our 10th quarter consecutive of positive EBITDA.Looking at the achievements during the third quarter. Some highlights. Then we will go into this in greater detail, but some things worth mentioning. We closed our third major lighthouse customer for PrivX in the U.S., a deal worth approximately $0.25 million in annual recurring revenue. This was to a global financial institution who chose PrivX solution. We also launched Secure Collaboration 2024, our suite for human-to-human interaction. In the third quarter, we also announced a partnership with Beyond Identity. We will collaborate to improve endpoint and session control security with Beyond Identity going forward.Next slide, please. Looking at the overall trend of the last quarter seen here, we can see that our sales momentum continues. As previously mentioned, our subscription sales grew strongly 33%. It was then partially offset by a reduction in license sales in line with our strategy and also a minor decline in maintenance sales, which declined slightly in the third quarter. Deferred revenues increased, reaching EUR 12.5 million, in line with the overall growth of the business. EBITDA and EBIT, as mentioned, EUR 1 million and EUR 0.1 million.Cash flow from operations was EUR 0.8 million in the third quarter. On a quarterly basis, cash flows will fluctuate a bit depending on the timing of invoicing and the closing of larger deals and the cash flows related to that. We ended the quarter with EUR 2.6 million of cash, which is the same amount we had at the end of the second quarter and close to the same number as a year ago of EUR 0.1 million below the third quarter of 2022.Next slide, please. If we look at the overall cybersecurity market, this picture is to illustrate kind of one perspective of how the market looks. It continues to be a market characterized as company's growing -- excuse me, investing significantly in growth. So, this chart shows -- on the Y axis, it shows the EBITDA percentage share of net sales and on the X axis, it shows net sales growth. So, many of you will be familiar with the Rule of 40, 20% net sales growth and 20% EBITDA. If we look at the picture overall, we see ourselves and then we see select competitors in the cybersecurity market. Not all of them are direct competitors. All of them are in the cybersecurity market. Most of them are also operating in the same segment of the market as we are.If we look at the numbers, we can see that for the last reported 6 months or 9 months depending on availability of numbers, many of the companies do achieve the growth component of the Rule of 40. So growing 20%, even beyond and above 20% annually, but very few of them are actually profitable on an EBITDA basis. We continue to grow and to grow profitably. So if we look at SSH in the picture, we can see that even though our growth is not as fast as some of our competitors, we are still growing robustly and sustainably, and we also have a profitable EBITDA profile in the company.Finally, on the chart, the size of the of the bubbles or the circles you can see in the company are proportionate to the size of the net sales of the company. So that's what the chart is showing.So with that, thank you for my part. And please go ahead, Lauri.
Yes. Thank you, Michael.And I'm now stopping sharing because let us talk next about the business highlights of the quarter. So please, Teemu, floor is yours.
Thank you.Going behind the numbers that Michael was presenting, I think our quarter was okay, taking into account it's also the vacation period of Europe, which is nowadays our biggest market. And the other thing is that we've done some major developments on our portfolio moving forward. So, we have more things to sell, more cross-selling opportunities and we have achieved in some of them already.So PrivX has been implemented now as a platform for Zero Trust Suite, which encompasses Tectia, UKM, CollabX, which is the rephrased Deltagon with a new technology based on PrivX. NQX with PrivX is getting a lot of traction. So, we are finally getting to the stage that we are really able to sell solutions instead of specific point solutions. The integration of PrivX with our core products has been now completed, and we have started to launch a wider marketing campaign to build a new approach where the customer can buy best-of-breed products that all work automatically out of the box together.We want to emphasize the topic that we are communication security between human systems and networks. We are not the traditional access control company. And at least with the bigger customers, with stronger own IT organization, they appreciate our focus on the access control instead of building walls. We were able to complete partnering with Beyond Identity to help our customers to get easier, secure device with secure person from a secure location. So basically, in my mind, a way to get rid of these clumsy SMSs as the MFA method, which is not even fully secured, but at least, it's not convenient.And with Beyond Identity, we have an element with PrivX. So it's not a separate product in the PrivX technology that makes the device safe from wherever you use it and you can put a lot of triggering points to make sure that the right place with the right device can access the system and the cloud and the data center, whatever you needs are. Deltagon, we acquired some time ago and now we're starting to move over and really also naming wise, both secure collaboration, human-to-human interaction as part of our main offering. We also want to expand it to video calls, to instant messaging. In a way, it's a tool for B2B business, which is pretty much driven by Wall Street and the Securities Exchange Commission requirements that the financial institutions have to be able to record the communication between customers and their employees. They've got some significant fights because they haven't done it. And for this NIST, the secure collaboration is now focused to take its own fair share. And it also has to do with other collaboration, where we want to really make it seamless. We will talk about them later, but we want to make a seamless experience with secure authentication, identity device location, going either cloud or data center, then user will not see any difference. That will be the next step of the secure communications offering that we are working on.Partner program, we have established our first phase. Roughly half of our business is with partners, various partners, some new ones, a lot still from the history. And we are moving the partners to sell the solution portfolio instead of the point products. And we have also now started with the traction with our OT partners here, industrial automation, system integrators that are not used to selling cybersecurity. And in that area, the partner business is focusing on the story that don't lose your keys to the Kingdom. The end customer should keep the keys to their factory and the keys between the factory and the cloud in their own hands. Because the problem with most of our end customers in OT side, they work with many automation vendors who have all their own security architecture, which makes it very classy and expensive to have a really secure factory to cloud connection. And for that, we have the solution. We have sold it directly and now we want to expand it through the partner channel as well. So, we have upstream and downstream partners. We are increasing our cooperation with the open source communities, which is, of course, the history of Tectia. We put SSH into open source initially. And with PrivX and now with human communications, we also want to be more integrated part of various open source projects.Numbers side, we're okay. And we are still investing back to the business. So, we have increased compared to third quarter last year, our R&D spend with 12%, and our go-to-market spend with 7%, both limited on our financial capabilities and remaining to stay under profitable EBITDA track. And we are still, I think, significantly putting effort to the R&D for the main customers to develop together with them the features they want.On the post-quantum side, which has been for us a really good way to get to the table with government organizations, big companies, it is still, as I said earlier, it is still more consulting, architecture building, understanding the part of which part of your network needs to be post quantum and which fits well with our history that we -- we are focused always on super and power users. We are not focused on the whole installed base.And if I now look at the discussions we have with our major customers where we participate on their post-quantum journey, one of the things that rises above others is health data. Because health data is something that you have to be protected forever, especially with people that have a significant role in the society or in the company. That is a thing that you want to keep safe. The other big thing is that certain parts, the lifeline of the corporate backbone between key systems that are essential for the business has to be safe from denial-of-service attacks and post-quantum and NQX, both in their own right give us a good position to offer something that is not widely contested in the market.We have products that have post-quantum; Tectia, [ Eccox ], UKM. We will have that in all products. Most of our competitors nowadays also speak about post-quantum, but they don't have the ready-made products. And to support this, as we historically have done a lot of IP right development and patents, we are joining the Post-Quantum Cryptography Consortium, where we are among a little bit bigger companies. But based on our deep cryptography knowledge, they have invited us to be on the road of building the post-quantum future.We are also actively cooperating with IQM, which is the Finnish quantum computer, and you will hear more about that in the near future. If you want to hear more, I'll do some self studies more. We have the Capital Markets Day at the end of August, that is on our investor website. The data is there that you can study on your own. And we are, of course, always available to answer deeper questions on the topics that interest you with the SSH Communications Security.So a little bit explanation of the Beyond Identity topic, I already a little bit touched it. So what we want to have is never trust, always verify. Verify means that you know that you have the identity, which comes from your system, where you have the identity provider, acting director, maybe the most common. And then the new things that are coming is that endpoint security. Endpoint security, as we used to know, is going away. What comes is hardening the browsers that run on Apple, Android and Microsoft, which will go or provide biometric recognition.So the operating system takes away big part of that you know that it's a safe entity or actor. So, a system or a person who is addressing you -- wanting to address your systems. And we want to have biometric authentication as standard. I also myself use Windows Hello to greet the screen. I don't anymore remember my password. And what we add there is the secure device, secure location, secure trigger points that you can know from indirect signals that you are dealing with the right person, with the right device, with the right location.And then you are -- with this technology, you are getting rid of one of the fundamental challenges of the SSH protocol, which is that the -- the SSH key is not connected to an identity. It's connected to assist them. So, you don't know which human uses to this. With our cooperation with Beyond Identity, you also know who uses the key. And this, I think, is a unique value proposition we are offering to our customers, and we are getting very good feedback on that approach, partially from ease of use, but also from higher security coming from more parameters and active monitoring of the status of the device, of the location of the user and the identity. In practically, real-time constant control what's going on, possibility to monitor the actions what is happening on the session.Now moving to human-to-human communications, which -- and secure communication has been dominated a lot by secure mail and signatures. We have had historical Deltagon suite. We signed with form, with rooms. And that we will continue to support our installed base of thousands of customers and hundreds of thousands of users in the Nordic countries. On top of that, we want to go to the next level of technology, so embed secure mail into the PrivX platform, get secure messaging, get secure video, all that will be able to be monitored and real-time control access. Also, secure collaboration is made ready to be able to be provided also a PQC edition in the later date.For our outlook, we remain. And with these words, I hand it back to Lauri.
Thank you, Teemu.So let's move to the next and last phase of our call, which is Q&A session. We have had a couple of questions in advance. I will start from those. And I'm very happy that we have also in the chat many questions. You can post your questions there. And if you are willing to raise your question out loud, you can raise your hand or write in the chat.But as tradition, we have first question coming from Frederic. So, please, Fredrik, floor is yours.
Teemu and Michael, congratulations to a very solid quarter. I have just a few questions. I mean the first question is to Michael, that you increased R&D and sales activities during the quarter. But I mean, at the same time, you improved the profitability and the EBITDA margin of 19.2% is very impressive. And you talked about the sales growth, cost control and spending overall is a factor, but I guess, there should also be a pricing factor in here as well?
Yes, you mean pricing on our products?
Yes.
Yes. It's definitely one of the factors, of course, that would be contributing to our sales is the overall pricing.
And maybe expanding a little bit on that, we have chosen -- since we see the recession coming, we've chosen to keep our price level as high as we can. So, we march our salespeople. We hold the line, keep your ground. We don't give discount. We don't see that our price is the problem. Surrounding price, the customer overall price might be, but then also we are better than the competition in the system integration. So, we have been able to keep the price levels high. Maybe we lost some business with it, but it's still better for us overall because it gives an impression of a quality product that we are proud enough to say that we want the proper price. And that is for me also a more strategic question that when you sell software, the price elasticity is perceived to be easy because the gross margin is almost 100%. On the other hand, we have a fixed block. 70% of all our costs are people, and they don't go away. So this is a volume game, which is, volume is units multiplied unit price. And that's why it is utterly important for us to keep the price level and that we have succeeded so far very well.
Okay. Great. And about that, the R&D spend is up 12% year-on-year. Can you give us some more color on the specific areas of the R&D? And then, of course, will you continue to increase the R&D for the rest of the year?
Well, R&D is a good question. I'm very happy that you asked because big part of our R&D, what we are improving is making installation easier, making testing more automated, making our manuals more readable. So, a big part of the investment has gone to the surrounding things that we are almost as easy to use an app. The other topic is that since we have gone to bigger environments with PrivX, we have customers who have millions session per day. We need to do performance testing, stress testing, intermittent testing, different things that we can really test in our lab. We can simulate an environment of 100,000 servers and million sessions per day, thousands of users. And that is -- it is R&D, but it's a different skill, it's different kind of people. It's actually investment also in the equipment because we want to remain industrial grade also in the big environments.
Okay. That makes sense. And just 2 quick questions for me, then I'm done. How fast did PrivX grew in the quarter? And then can you say something about the growth rate in NQX?
Yes. So, what we've given out is the year-to-date growth number on PrivX and it was -- the year-to-date growth is not 23%. We haven't talked about other products on a product level. Is that something you want to comment, Teemu?
Well, the NQX is still on a, I would say, infant phase. So the progress are impressive, but the absolute numbers are still disappointing. And NQX is at the phase that we are dependent on single orders. When they come, the growth rate is huge. When they are delayed, the growth rate is not impressive. So the growth percent with NQX is not yet relevant.
Thank you, Fredrik. Did you have any more questions? No. Okay. And yes, please continue writing your questions in the chat or raise your hand. But now, I will start from questions which came in advance, and then I will move forward with the questions from the chat.So first question is that do SSH competitors on the market offer PQC-ready solutions similar to SSH products? And has SSH protected its own patents in this aspect?
A lot of companies market PQC-ready products. Very few have actually general release on those products. We have not patented it, and we are still looking at that area because the standardization is not complete. What we have been lucky so far with PQC that we have been guessing the right NIST standards that we have implemented. Some of our competitors and some open source alternatives have chosen things that are not approved standards. So we are, in that sense, good. But itself, the PQC algorithms are standard. So, there's nothing to patent. Where the patent areas we are looking at is how we implement them. How do we bring it into the environment where you have a hybrid environment. 90%, 95% of the traffic is still PQC. 5% is non-PQC. And that's the area where we are looking at possibilities to patent something.
Thank you. Next question is, has the entry enforced the [ list ] in one year's time already? So it has been enforced. Had any impact on the demand side of SSH?
We've done campaigns recently on NIS2 in the Nordics and the research were quite promising. It was unfortunately still an email campaign, but we got an open rate of 30%. And we got actions from 6% of the answers. And compared to our other email campaigns, this is tens of times more than what we typically see because I also typically don't read the emails I get from an uninvited source.
And if I may comment that we have ongoing campaign in all our channels regarding NIS2, we have excellent guide, so please download it from our webpage. And my comments is that governmental agencies from Nordics are very, very interested in the topic.
And maybe one topic from the U.S. front, we are also active there on talking about the NIS2, even though it's a European standard, but it's for American companies who have operations in Europe, they have to comply with NIS2 and that's kind of a perfect because the American vendors don't have a clue that's going on. So, we can really tell something that they have to react and it's a foreign government imposing new rules for them and we are from that area, so we can really guide our American customers who have operations in Europe.
Yes. Thank you. Let's move forward because we have a lot of questions. What are SSH expectations for the SSH secure collaboration 2024 CollabX solution now launched? What features differentiate it from others on the market?
It's the suite approach that you don't have to have a separate signature program. You don't have to have a separate email program. It all comes from one hand collaborating, easy user experience. We haven't seen a lot of competitors taking the same route. We haven't seen any other competitor going for instant messaging and video calls. We've seen them as separate products, but not as a part of the total solution. So it's really and comprehensive human-to-human communication, be interactive, semi-interactive or passive data distribution, all comes with the same one tool. People don't have to learn, same look and feel. And I think that is a big differentiator in the market.
Thank you. Next question was about NQX. And that, I guess, we handled. Maybe as a follow-up questions is that when are the first solution expected to be sold outside Finland?
Commenting future is always difficult, but we have projects in several countries where the challenge is a little bit that every country wants to have the cryptographic part somehow under their own control. So, we are looking at licensing the technology that the target countries would be able to give them their own final touch. So do we ourselves directly sell NQX in other countries? Probably in certain countries, not the biggest countries in Europe, not probably in the first phase in the U.S., certain countries in Asia which have similar problems as we have with Russia, but another big country. And those are kind of the areas we are talking, but it is a technology transfer topic because the target country wants to be able to do within the country, for the country and that is delaying the expansion of NQX outside Finland.
Thank you. And last question, which came in advance has been was membership of NATO already been reflected in increased contracts and interest in SSH?
We have gotten our first contract to implement the architecture of NATO compatibility and different technology compatibilities to be NATO compliant and also to be able to run Finland separate from NATO and interconnected NATO. So, that work is already happening as our peers initiative. And there's a lot of activity that everybody wants to understand. We are eagerly waiting with our partners in Sweden to get Sweden into NATO because at the moment, we can't share things with them because they don't have the same level of data as we have.
Thank you. And then moving to questions in the chat.So first question. Invoicing decreased from EUR 5.9 million Q3 '22 to EUR 4.7 million Q3 '23, meaning 20% decline, reason for this?
Yes. I can maybe comment on that. Yes, I think the question is asking second quarter '22 compared to this quarter '23. But I guess it's the -- it's a typo anyway. As we discussed on the -- or was mentioned on the cash flow comment, if you look at quarterly numbers, they will fluctuate quite a bit. So in this case, we had some renewals, some larger renewals that took place in the second quarter of this year instead of the third quarter. So the invoicing happened earlier than it happened last year.So if you look at the year-to-date number or first of all, if you look at the second quarter number of this year, you'll notice that it's over a EUR 1 million. The invoicing is over EUR 1 million higher than in the previous year. And if you look at the year-to-date numbers, you'll see that they're broadly in line with last year's numbers. So in short, the explanation is timing of renewals.
And the more we go towards bigger average deal size, meaning our sweet spot, this EUR 0.25 million that is already over a percent of our revenues. So, timing of these deals will impact a lot how a single quarter or a single month looks like. So it's easier to look at us from running 12 months to see the trends.
Thank you. Next question. How many new customers have you signed in Q3 '23 and year-to-date during 2023? What was the average deal value in IRR and how has this been developing?
I think we don't go to that level of detail. The average deal size has increased. We still have a huge spectrum of new customers that pay us EUR 500 per year or pay us EUR 200,000 per year. So the number of customers without that data is kind of irrelevant, but it's more than we are willing to disclose at this point of time. But basic trend is clear. We go for bigger deals. We are increasing minimum purchase amounts that we get, our customers to buy more because we are B2B. We focus on large customers. So the customer count is irrelevant. What -- for me, what I focus on is new logos. Logo means the customer that everybody knows the name. We can't disclose the names, but I'm proud of the local customers. And I'm happy even one good local customer per quarter, it'll take us a mile ahead.
Thank you. And when -- yes, one moment. Please mute your microphones if you are not talking. Thank you. Let's move to next question. Profitability improved significantly to EUR 1 million EBITDA. You mentioned the reason being revenue growth and cost control. Please elaborate on the cost side. What costs specifically were managed? Did you manage sales or marketing costs in Q3 '23? And would this have a negative effect to future quarter sales growth?
What we did -- the other topic that was already mentioned is that we've been able to keep the price level. So the product mix has been favorable. On the cost cutting, yes, we were, this year, especially careful with out-of-pocket marketing spending in Q3, partially because we have also learned over the years that, actually, especially Europe is on vacation either July or August. And on September, people are reading their emails. So being too active on that market doesn't make sense. Also, there is the issue that the bigger marketing events we joined, they happen to be not happening in third quarter. They were in October. So it's a mix of many things, but I would say the most important thing, which I'm proud of is that we've been able to keep our price level.
Yes. Maybe to add a bit on that further is like expand on what Teemu was saying. We continuously manage all costs and focus that our spend is done wisely and carefully. So, part of that is the sales and marketing, but it's the overall cost of our cost base that we are continuously managing.
And one topic which is not big part of the number, but as such -- but of course, compared to past now post-COVID where our travel budget has exploded, which we feel is important for us to build the logo customers further to take care of the installed base. But of course, that also was limited travels in the third quarter compared to the beginning of the year for understandable reasons.
Thank you. Next question was actually about PrivX ARR growth that we handled.Next question is, can you please open up more of the relationship to Beyond Identity and SSH? Which party was active in opening up this venture? Was it the timeframe in which you see? What is the timeframe in which you see this partnership contributing the revenue and profit of SSH?
The cooperation was initiated by us a good year ago. They got interested in us as an OEM partner for them. So, we are not the reseller. We embed their technology into PrivX, and we want to have a two-way corporation. They can also embed PrivX to their solutions. And they see that we are taking them closer to the customers because the combined offering is something different and it goes very well with our strategy of optimizing data traffic throughput with minimum hindrance, but maximum output and full security. And what Beyond Identity does is the next-generation of endpoint security by hardening devices, get rid of SMSs. So it was kind of a -- it took some time to get them see that, okay, even though we might be smaller than them, but we are very savvy on our technology. They are also a very technology focused company, and they saw that there is a kind of a -- the 1 plus 1 is more than 2.So that's why they were happy to join forces with us, and the impact will be seen in fast PrivX growth when it kicks in. We have serious customer discussions, but we do together partially that our sales people learn to explain their identity. We also have projects going on where Beyond Identity takes us to their customers. But it's, of course, early phases. I would expect something coming in the next spring might be kind of realistic timeframe. Don't expect anything to happen this year that we will get the mega deal together with Beyond Identity. We will be able to sell it, and we sell a lot, but play deals closing this year, I would say unlikely.
Thank you. And I see more questions coming. Thank you for your activity. We have still time. You can write them in the chat. Next question is, do you expect to have steady increase of annual recurring revenue in Q4?
That is our target.
Next question. What reference value do you expect to have a new U.S.-based lighthouse customer order received end of September?
I'm not sure if I quite understood the question.
The question was the reference value. Or is there any reference value to the Lighthouse customer on PrivX?
In our business, it's a little bit difficult. I think there is -- the biggest impact we see with our logo customers is that where -- the technical people in U.S., they move jobs much faster than in Europe. So where we have gotten the reference value is that the person who has worked on PrivX on a customer goes to work to another customer and says I want to work with PrivX here as well. And that's where we've gotten the best leads and in the right circles when we have customer advisory boards. We encourage customers to tell their success stories. And so behind the closed doors, there is a value and there is certain clear pattern like, you know, Finland typically follows what Sweden does.The same with the big banks. They follow what each other is doing and they talk with each other, but they will, of course, not disclose it in public. But that is the way we succeed. In the bigger European banks, we can see -- we can really, clearly see the [ CRP ], our lead customer goes for Zero Trust. Everybody else wakes up and said, I want to hear about Zero Trust as well. So there is a reference value, but it's not like a normal transparent business.
Yes. Thank you. And next question. Do you see potential to merge or interest to initiate discussions?
No, I don't think we have anything to comment on that.
Next question. Do you see potential for more than EUR 1 million customer orders?
You mean single orders?
Yes.
We have -- yes, we have the biggest PrivX customer is on the trench. We have several on the trench. EUR 1 million is a funny number because then you typically end up in customers' governance. It goes to higher levels of management, which is slower decision making. That's why we still say that the EUR 0.25 million is the sweet spot for PrivX. But as I said, we do have interest in these big environments and that's why we are investing that the product is ready for that. And of course, average deal size increase comes best if we can really kick the glass rule for the PrivX size bigger. Just in that environment, you can't fail.So when we sell the first -- make a new customer on that price range, then we have to be really sure. So, we want to go after customers, as I said, logo customers that have a potential of being EUR 1 million or EUR 2 million customer, but we start with land and expand. We do something that we win the confidence, we get it working in their environment, in their infrastructure, in their network and then we roll it out over time, which also reduces the sales cost. So, we'd rather go with the sweet spot in and then do land and expand.
Thank you. And now I see last question, but we have still time so you can post your questions in the chat. But let's go further. So, you still have around EUR 10 million hybrid loan. What is the interest rate at the moment? Any thoughts to do financial arrangements related to this?
Yes. So the hybrid loan is -- the principle amount is EUR 12 million and the interest rate is 11.5%. Other than that, we don't have any plans or thoughts on arrangements that we can communicate at this stage.
Yes. Maybe softening it a little bit that now that we have EBIT positive quarter behind us, one of the challenges is that software companies don't have a lot of bankable assets. So, our bankable asset is the Rule of 40 and that's our main target we want to aim. And then once we get the confidence of the financial institutions, we might be in a position of refinancing it maybe on more favorable terms, but it's not a big deal at this point of time.
Thank you, Teemu. Thank you, Michael. Thank you dear guests for your activity. We are very pleased and happy about your questions.I think that at this point, we don't have any more questions. Thank you once again. And materials for this call and the presentation will be available on our webpage later this day.I will start wrapping up the call. SSH Communications Security will release its financial reporting calendar during 2024 Q4. I mean, the calendar for 2024 will be released during Q4. And my name is Lauri Koponen. I'm Communication Lead here at SSH. And on my behalf, I also thank you and see you next time.
Thank you.
Thank you.