NCC Group - Experts & Thought Leaders

NCC Group, a people-powered, tech-enabled global cyber resilience business, announces a partnership with SentinelOne with the addition of the SentinelOne AI-powered Singularity™ Platform to NCC Group’s Managed Services and Incident Response offering. This addition provides NCC Group’s clients with expanded options for tech-flexibility as well as robust protection against cyber threats through advanced threat detection and response. Expanded options for tech-flexibility Integration of the pioneer Endpoint Detection and Response technology to reinforce NCC Group’s Managed Services and Incident Response engagements. Customers benefit from the power of SentinelOne’s agentic AI security analyst Purple AI™, enabling NCC Group’s cyber experts to deliver more effective defence against evolving threats. Seamless integration with NCC Group’s Unified Cyber Platform (UCP) delivering faster, smarter threat detection and intelligence-driven insights. Benefits of the partnership This partnership delivers advanced, AI-driven protection to NCC Group’s services, enabling autonomous threat detection, response, and remediation. Leveraging both agentic AI and automation, the solution empowers analysts to identify and contain threats in real time by streamlining investigation workflows and delivers insights faster, reducing mean time to response (MTTR) and supporting more informed decision-making. NCC and SentinelOne technology SentinelOne’s technology enriches NCC Group’s Unified Cyber Platform SentinelOne’s technology enriches NCC Group’s Unified Cyber Platform, cross-correlating threat intelligence from both platforms to deliver actionable, data-backed insights. By combining NCC Group’s proprietary intelligence with SentinelOne’s autonomous capabilities, the collaboration empowers clients to stay ahead in a dynamic and complex threat landscape. Words from NCC Group SVP Graham Francis, SVP Global Managed Security Services, NCC Group comments: “We’re committed to offering our clients the most trusted, transparent and tech-flexible Managed Services and Incident Response offering on the market.” “The combination of our people-powered and insight driven expertise, with SentinelOne’s AI powered endpoint solution, adds greater depth to our offering and importantly, enables our team to respond to increasingly sophisticated threats with enhanced speed, accuracy, and confidence.” Words from SentinelOne AVP Tracy Ryan, AVP, Global MSSP/MSP, SentinelOne comments: "We are thrilled to partner with NCC Group as they integrate SentinelOne’s Singularity Platform with Purple AI into their managed services portfolio.” “By combining SentinelOne’s industry-leading, AI-powered platform with NCC Group’s expertise in managed and incident response services, we are empowering customers with a comprehensive and proactive security solution. This partnership demonstrates our commitment to delivering innovation and flexibility, helping organisations stay ahead of evolving cyber threats."

NCC Group, an independent provider of global cyber security and resilience services, is pleased to announce the appointment of Diji Akinwale to the role of Director of Strategy and Transformation with immediate effect. This new role has been created as the Group looks to implement and execute the updated strategy announced on 2 February, and Diji will report directly to Chief Executive - Mike Maddison. Increasing recurring revenue Diji Akinwale joins the Group from The Guardian where he served as Group Strategy Director. In this role, Diji successfully supported the media group’s international growth, whilst increasing recurring revenue and accelerating the development of its digital offering and capabilities. Diji joins the Group from The Guardian where he served as Group Strategy Director During his time at The Guardian, Diji Akinwale was responsible for developing and delivering a plan to generate positive cashflow – a key objective and a milestone The Guardian achieved for the first time in many years in Diji’s final full year at the group. Before The Guardian, Diji spent several years at McKinsey where he led digital strategy and transformation projects for clients across sectors including technology, financial services and the public sector.  Global delivery model Mike Maddison commenced his role as Chief Executive of NCC Group on 7 July 2022, and on 2 February 2023 the Group announced the next chapter its strategy which will deliver revenue from a broader service portfolio, addressing the full cyber security lifecycle, with deeper presence across sectors. This will be supported by the activation of a global delivery model, including an offshore delivery and operations centre, and investment in the go-to-market model and brand for Cyber. Core to Diji’s responsibilities will be establishing a transformation management office resourced to deliver this next chapter of the strategy at pace.  Enterprise-level transformation Core to Diji’s responsibilities will be establishing a transformation management office Mike Maddison, Chief Executive of NCC Group, commented: “Diji’s experience successfully developing and delivering enterprise-level transformation projects for some of the world’s most important organisations supports my confidence that he will be a great asset to our group.” He adds, “Diji has a grounding in client services and his sector experience means he understands both how we and our clients operate. I look forward to working closely with him as we pursue our strategy to create a more resilient business positioned to capitalise fully on opportunities to meet changing client needs in a dynamic Cyber market.” Secure digital future Diji Akinwale commented: “This a fantastic opportunity to lend my experience and transformation expertise to a global business at the cutting edge of an exciting, fast-moving industry and at a critical moment in the Group’s journey.” “Underpinned by a focus on insights, intelligence and innovation, NCC Group’s proposition and strategy mean it is well placed to deliver on its purpose of creating a more secure digital future, and I look forward to working with my new colleagues to contribute to this.”

NCC Group plc announces the signing of an agreement for the proposed acquisition of the Intellectual Property Management business (the “IPM Business”) of Iron Mountain Inc., comprising substantially all of the assets of Iron Mountain Intellectual Property Management, Inc. (“IPM”) together with certain other assets of affiliates of Iron Mountain exclusively related to the IPM Business, for a cash consideration of $220 million (£156 million) (the Acquisition). Strategic Highlights Creating an escrow business IPM is a provider of software resilience services to a large and diverse US market – the combination will provide immediate additional scale to NCC’s core software resilience business, making the US region the largest contributor to the division’s revenues and profits. IPM reported revenue of $32.9 million (£23.3 million) and EBITDA of $21.6 million (£15.4 million) for the 12 months ended 31 December 2020 (audited). The IPM Business has built a market-leading escrow business, serving more than 6,000 customers, across the full life-cycle of escrow and verification services as well as across a range of industries. IPM has a strong, established team, led by Mr. John Boruvka and Ms. Joy Egerton, which is expected to be retained as part of the acquisition. Mr. Boruvka, Ms. Egerton, and the senior members of the IPM Business team have agreed to continue in their roles following completion. Strong strategic alignment In addition to organic growth across the recurring revenue base of IPM, the proposed acquisition represents a compelling opportunity for both of NCC’s Assurance and Software Resilience divisions to benefit from revenue synergies across an enlarged, blue-chip customer base that spans a majority of the Fortune 500. NCC believes that these revenue synergies could be made up of: Increased penetration of NCC’s verification services into the IPM Business customer base Offering the Group’s nascent but fast-growing Escrow-as-a-Service (eaas) cloud proposition into the IPM Business customer base Satisfying IPM client demands for cyber assurance services Compelling financial rationale  The proposed transaction is expected to provide the Enlarged Group with several financial benefits and therefore provide further compelling reasons for the combination: The acquisition will be significantly accretive to earnings per share from completion, even without factoring in revenue synergies. The acquisition will be immediately accretive to Group EBITDA margins. The Group will have an enlarged recurring revenue base, with 80% of IPM’s revenues being recurring (against 60% of NCC’s Software Resilience division’s revenues being recurring). The acquisition will strengthen the Group’s cash generation owing to IPM’s cash conversion ratio of over 90% for the last three years which, following cash interest and tax deductions, should provide a rapid de-leveraging profile and enable further organic and inorganic investment in the near term. Material tax savings which the Directors believe will be created over a 15 year period as a result of intangible assets created by the Acquisition that can be amortised for tax purposes The provision of material additional scale to the Group – the IPM Business reported revenue of $32.9 million (£23.3 million) and EBITDA of $21.6 million (£15.4 million) for the 12 months ended 31 December 2020 (audited) Greater strategic strength Following the acquisition, the software resilience business will have a greater global presence and is expected to achieve critical mass and international reach that provides the Group with enhanced scale and strategic flexibility. The enlarged recurring revenue profile and enhanced cash generation will provide the group with a platform to make further strategic investments if deemed appropriate and value-accretive. Such investments could take the form of organic initiatives, inorganic opportunities in line with the Group’s strategy, or a complementary mix across both divisions. Financing of the acquisition The consideration for the acquisition of $220 million will be satisfied entirely in cash. The consideration and all related transaction costs will be funded through a combination of: Approximately $99 million (£70 million), being the estimated gross proceeds of the placing announced on the date of this announcement $70 million (£50 million) from a new three-year Term Facility Agreement Existing cash balances of $10 million (£7 million) The balance from the Company’s existing Revolving Credit Facility Agreement The Directors expect leverage to be approximately 1.5x net debt to Enlarged Group EBITDA immediately following the acquisition. Timetable to completion The size of the acquisition means that it constitutes a Class 1 transaction for the Listing Rules and accordingly is conditional on the approval of Shareholders at a General Meeting. A circular containing further details of the Acquisition, the Directors’ recommendation, the notice of the General Meeting, and the Resolutions (the “Circular”), is expected to be published on 14 May 2021. Assuming shareholders approve the acquisition at the General Meeting, the acquisition is expected to be completed a few days thereafter. Trading update The Directors reaffirm their current expectation that the Group’s Pre-IFRS 16 Adjusted EBIT for the year ending 31 May 2021 will be no less than the market consensus of £33 million. Pre-IFRS 16 Adjusted EBIT is defined as the Group’s operating profit before adjusting items to assist in the understanding of the Group’s performance. Adjusting items represent amortisation of acquired intangibles, the impact of IFRS 16, share-based payments, and individually significant items. Cybercrime solutions Adam Palser, Chief Executive Officer, NCC, commented, “This acquisition will transform NCC Group’s Software Resilience business, making it a market leader, and deliver immediate financial and operational benefits to the whole of the Group. The IPM Business shares many similarities with our own Software Resilience business, including a commitment to providing exemplary service for clients. There are tremendous opportunities to grow the combined business by offering IPM’s blue-chip clients the choice of new services and support." "Following completion, NCC Group will be a stronger and broader business with an even greater ability to support clients in the ceaseless struggle against cyber-crime in all its forms.”

Fueled by mounting concerns about the cybersecurity vulnerability of U.S. ports, President Joe Biden has signed an Executive Order aimed at shoring up defences against cyberattacks. Cybersecurity initiative The cybersecurity initiative marks a significant shift in policy, empowering key agencies and outlining concrete actions to bolster defences.  By empowering agencies, establishing clear standards, and fostering collaboration, the initiative aims to strengthen U.S. ports against the evolving threat of cyberattacks, safeguarding the nation's maritime economy and national security.   Expanded authority for DHS  The proactive approach aims to prevent incidents before they occur The Executive Order grants expanded authority to the Department of Homeland Security (DHS) and the Coast Guard to address maritime cyber threats. DHS gains the power to directly tackle these challenges, while the Coast Guard receives specific tools. The Coast Guard can compel vessels and waterfront facilities to address cyber vulnerabilities that endanger safety. The proactive approach aims to prevent incidents before they occur.   Real-time information sharing Reporting any cyber threats or incidents targeting ports and harbors becomes mandatory. This real-time information sharing allows for swifter response and mitigation efforts. The Coast Guard also gains the authority to restrict the movement of vessels suspected of posing cyber threats. Inspections can be conducted on vessels and facilities deemed risky.  Mandatory cybersecurity standards  The standardisation aims to eliminate weak links in the chain and prevent attackers from exploiting Beyond these broad powers, the Executive Order establishes foundational elements for improved cybersecurity. Mandatory cybersecurity standards will be implemented for U.S. ports' networks and systems, ensuring a baseline level of protection across the board. This standardisation aims to eliminate weak links in the chain and prevent attackers from exploiting individual vulnerabilities.  Importance of collaboration and transparency Furthermore, the initiative emphasises the importance of collaboration and information sharing. Mandatory reporting of cyber incidents fosters transparency and allows government agencies and private sector partners to work together in mitigating threats.  Additionally, the Executive Order encourages increased information sharing among all stakeholders, facilitating a unified response to potential attacks.  Maritime Security Directive The Executive Order encourages investment in research and development for innovative cybersecurity solutions To address specific concerns, the Coast Guard will issue a Maritime Security Directive targeting operators of Chinese-manufactured ship-to-shore cranes. This directive outlines risk management strategies to address identified vulnerabilities in these critical pieces of port infrastructure. The long-term success of this initiative hinges on effective implementation. The Executive Order encourages investment in research and development for innovative cybersecurity solutions, recognising the need for continuous improvement and adaptation to evolving threats.  Recognising the urgency of cyber threats  The initiative has been met with widespread support from port authorities, industry stakeholders, and cybersecurity experts who recognise the urgency of addressing cyber threats. However, some concerns exist regarding the potential burden of complying with new regulations for smaller port operators.  Effective communication, resource allocation, and collaboration among all stakeholders will be crucial to ensure the successful implementation of this comprehensive plan.  Enhancing cybersecurity The more impactful and noteworthy piece is the associated NPRM from the U.S. Coast Guard (USCG) “This Executive Order is a positive move that will give the U.S. Coast Guard (USCG) additional authority to enhance cybersecurity within the marine transportation system and respond to cyber incidents,” comments Josh Kolleda, practice director, transport at NCC Group, a cybersecurity consulting firm.  The more impactful and noteworthy piece is the associated Notice of Proposed Rulemaking (NPRM) from the U.S. Coast Guard (USCG) on “Cybersecurity in the Marine Transportation System,” adds Kolleda. Portions of the notice of proposed rulemaking (NPRM) look similar to the Transportation Security Administration (TSA) Security Directive for the rail industry and the Emergency Amendment for the aviation industry.   Coordinating with TSA on lessons learned  The USCG should be coordinating with TSA on lessons learned and incorporating them into additional guidance to stakeholders and processes to review plans and overall compliance, says Kolleda. “At first glance, the NPRM provides a great roadmap to increase cybersecurity posture across the various stakeholders, but it underestimates the cost to private companies in meeting the requirements, particularly in areas such as penetration testing,” says Kolleda. Cyber espionage and threats The focus is on PRC because nearly 80% of cranes operated at U.S. ports are manufactured there “It is unclear if or how the federal government will provide support for compliance efforts. As this seems to be an unfunded mandate, many private companies will opt for the bare minimum in compliance.”  “Cyber espionage and threats have been reported by the Director of National Intelligence from multiple nation-states including China, Russia, and Iran,” adds Paul Kingsbury, principal security consultant & North America Maritime Lead at NCC Group. The focus here is on the People’s Republic of China (PRC) because nearly 80% of cranes operated at U.S. ports are manufactured there, he says.  Destructive malware “The state-sponsored cyber actors’ goal is to disrupt critical functions by deploying destructive malware resulting in disruption to the U.S. supply chain,” says Kingsbury. “These threat actors do not only originate in China or other nation-states but also include advanced persistent threats (APTs) operated by criminal syndicates seeking financial gain from such disruptions." "The threat actors don’t care where the crane was manufactured but rather seek targets with limited protections and defences. The minimum cyber security requirements outlined within the NPRM should be adopted by all crane operators and all cranes, regardless of where they are manufactured.”  PRC-manufactured cranes Kingsbury adds, “The pioneering risk outlined in the briefing is that these cranes (PRC manufactured) are controlled, serviced, and programmed from remote locations in China." "While this is a valid concern and should be assessed, there are certainly instances where PRC-manufactured cranes do not have control systems manufactured in PRC. For example, there are situations in maritime transportation system facilities where older cranes have been retrofitted with control systems of European Union or Japanese origin.”  Monitoring wireless threats  “The Biden Administration’s recent Executive Order is a critical step forward in protecting U.S. ports from cyberattacks and securing America’s supply chains,” says Dr. Brett Walkenhorst, CTO at Bastille, a wireless threat intelligence technology company. “To ensure proper defence against malicious actors accessing port-side networks, attention must also be paid to common wireless vulnerabilities." "Attacks leveraging Wi-Fi, Bluetooth, and IoT protocols may be used to access authorised infrastructure including IT and OT systems. Monitoring such wireless threats is an important element in a comprehensive approach to upgrading the defences of our nation’s critical infrastructure.”

The global pandemic caused by the novel coronavirus is changing work environments to an unprecedented degree. More employees than ever are being asked to work remotely from home. Along with the new work practices comes a variety of security challenges. Without the proper precautions, working from home could become a cybersecurity nightmare, says Purdue University professor Marcus Rogers. “Criminals will use the crisis to scam people for money, account information and more,” he says. “With more people working from home, people need to make sure they are practicing good cybersecurity hygiene, just like they would at work. There is also a big risk that infrastructures will become overwhelmed, resulting in communication outages, both internet and cell.” Covid-19 concerns  Concerns about the coronavirus have increased the business world’s dependence on teleworking. According to Cisco Systems, WebEx meeting traffic connecting Chinese users to global workplaces has increased by a factor of 22 since the outbreak began. Traffic in other countries is up 400% or more, and specialist video conferencing businesses have seen a near doubling in share value (as the rest of the stock market shrinks). Basic email security has remained unchanged for 30 years Email is a core element of business communications, yet basic email security has remained unchanged for 30 years. Many smaller businesses are likely to still be using outdated Simple Mail Transfer Protocol (SMTP) when sending and receiving email. “The default state of all email services is unencrypted, unsecure and open to attack, putting crucial information at risk,” says Paul Holland, CEO of secure email systems provider Beyond Encryption. “With remote working a likely outcome for many of us in the coming weeks, the security and reliability of our electronic communication will be a high priority,” says Holland. The company’s Mailock system allows employees to work from any device at home or in the office without concerns about data compromise or cybersecurity issues. Acting quickly and effectively  As the virus spreads, businesses and organisations will need to act quickly to establish relevant communication with their employees, partners and customers surrounding key coronavirus messages, says Heinan Landa, CEO and Founder of IT services firm Optimal Networks. Employers should also enact proper security training to make sure everyone is up to speed with what’s happening and can report any suspicious online activity. Reviewing and updating telework policies to allow people to work from home will also provide flexibility for medical care for employees and their families as needed. Scammers, phishing, and fraud  An additional factor in the confusing environment created by the coronavirus is growth in phishing emails and creation of domains for fraud. Phishing is an attempt to fraudulently obtain sensitive information such as passwords or credit card information by disguising oneself as a trusted entity. Landa says homebound workers should understand that phishing can come from a text, a phone call, or an email. “Be wary of any form of communication that requires you to click on a link, download an attachment, or provide any kind of personal information,” says Landa. Homebound workers should understand that phishing can come from a text, a phone call, or an email Email scammers often try to elicit a sense of fear and urgency in their victims – emotions that are more common in the climate of a global pandemic. Attackers may disseminate malicious links and PDFs that claim to contain information on how to protect oneself from the spread of the disease, says Landa.  Ron Culler, Senior Director of Technology and Solutions at ADT Cybersecurity, offers some cyber and home security tips for remote workers and their employers: When working from home, workers should treat their home security just as they would if working from the office. This includes arming their home security system and leveraging smart home devices such as outdoor and doorbell cameras and motion detectors. More than 88% of burglaries happen in residential areas. When possible, it’s best to use work laptops instead of personal equipment, which may not have adequate antivirus software and monitoring systems in place. Workers should adhere to corporate-approved protocols, hardware and software, from firewalls to VPNs. Keep data on corporate systems and channels, whether it’s over email or in the cloud. The cyber-protections that employees depended on in the office might not carry over to an at-home work environment. Schedule more video conferences to keep communication flowing in a controlled, private environment. Avoid public WiFi networks, which are not secure and run the risk of remote eavesdropping and hacking by third parties. In addition to work-from-home strategies, companies should consider ways to ensure business cyber-resilience and continuity, says Tim Rawlins, Director and Senior Adviser for risk mitigation firm NCC Group. “Given that cyber-resilience always relies on people, process and technology, you really need to consider these three elements,” he says. “And your plan will need to be adaptable as the situation can change very quickly.” Employees and their employers Self-isolation and enforced quarantine can impact both office staff and business travelers Self-isolation and enforced quarantine can impact both office staff and business travelers, and the situation can change rapidly as the virus spreads, says Rawlins. Employees should be cautious about being overseen or overheard outside of work environments when working on sensitive matters. The physical security of a laptop or other equipment is paramount. “It’s also important to look at how material is going to be backed up if it’s not connected to the office network while working offline,” says Rawlins. It’s also a good time to test the internal contact plan or “call tree” to ensure messages get through to everyone at the right time, he adds.