NCC Group (LON:NCC) used a capital markets-style event at its Manchester headquarters to outline the direction of its cybersecurity business following a multi-year restructuring that management described as a “reset” that is now complete. Executives emphasized that the group is now a streamlined, pure-play cyber resilience services provider, while noting that the company is in an offer period and therefore constrained in providing forward-looking guidance.
From fragmented boutiques to a unified global cyber business
Chief Executive Officer Mike described how NCC historically operated as “isolated boutiques” with duplicated processes, limited financial visibility, and a significant concentration in large U.S. technology clients. Over the past few years, management said it simplified the portfolio, divested non-core activities, aligned technology platforms—particularly in managed services—matured pricing approaches, and streamlined back-office processes.
Market tailwinds and the role of AI
Management pointed to several demand drivers for cybersecurity services: an expanding attack surface from digitization, increased volume and sophistication of cyberattacks amid geopolitical tension, monetization of cybercrime (including ransomware), digital activism, a complex regulatory environment, and a persistent shortage of skilled cyber professionals.
Using third-party market data cited from L.E.K., NCC said the 2025 market opportunity is estimated at approximately:
- GBP 5–6 billion in the U.K.
- EUR 23–25 billion in Europe
- $55–60 billion in the U.S.
Executives said only about half of the market is currently penetrated by service providers, implying “white space” for growth, and cited an 8%–10% medium-term growth forecast across the U.K., U.S., and Europe.
On artificial intelligence, the CEO argued AI is “more of an opportunity than a threat” for NCC. Management said AI can automate parts of delivery such as scanning, analysis, and reporting, improving productivity and supporting outcome-based models like “Testing as a Service,” while retaining the need for human judgment in regulated and complex environments. Executives also said AI adoption creates new vulnerabilities, generating additional client demand for governance and assurance services.
Financial snapshot and changing revenue mix
Chief Financial Officer Guy Ellis provided metrics for the year ended September 2025, describing disclosure as “clearer” and the financial structure as more resilient. He reported:
- Annual revenue: GBP 227 million
- Gross margin: 36.6%
- Managed Services: just over one-third of revenue (34% cited elsewhere in the presentation)
- Consulting & Implementation growth: 16.6% in the prior full year, with momentum continuing
NCC operates from 13 offices in 11 countries, serves more than 3,000 clients, and has 1,800 global colleagues. Ellis said the top 100 clients by revenue have an average tenure of 10 years. He also highlighted operational centralization, with support functions centered around Manchester and Manila, and said the Manila office has approximately 240 colleagues.
By geography, NCC said FY2025 revenue was split 56% U.K., 25% North America, 16% EU (noted as Benelux-based), and 4% Asia Pacific. By capability, management reported 34% Managed Services and 21% Consulting & Implementation, while noting a decline in Technical Assurance over time. Ellis cited Technical Assurance revenue falling to GBP 88 million in FY2025 from GBP 126 million in FY2023, attributing much of the deterioration to North America and large tech testing work that surged during COVID, while stating Technical Assurance was stable in other regions and “back in growth.”
Clients, capabilities, and the 1/4-20 go-to-market plan
Service leader Damian Child described four core capability pillars: Technical Assurance, Consulting & Implementation, Digital Forensics & Incident Response (DFIR), and Managed Services. He said clients buy from NCC due to its cyber heritage, global subject matter expertise, research and advisory role with governments, and its ability to deliver end-to-end outcomes. Child cited examples including an engagement with F5 that involved incident response and code review delivered across North America, Spain, the U.K., and Manila, and work for the Royal Borough of Kensington and Chelsea that began with incident support and led to consulting and managed services.
Chief Commercial Officer Peter Vorley outlined a revamped go-to-market approach intended to deepen relationships with high-potential clients while handling smaller, transactional accounts more efficiently. He described a tiered model, including a “white glove” top-tier program called NCC Select featuring dedicated client executives, solution architects, and client services managers. The company also plans to reduce the number of accounts per account manager and expand inside sales and digital channels for smaller clients.
Vorley framed the commercial strategy around a “1/4-20” pathway to move customers from initial transactional work to strategic, multi-year relationships:
- Establish (1x): initial, often commoditized assurance engagements such as pen tests
- Elevate (4x): broader consulting, readiness reviews, recurring retainers, and governance work
- Embed (20x): multi-year managed services, continuous testing, and long-term transformation programs
Ellis said top 100 clients currently take an average of 2.74 of NCC’s four capabilities, versus 1.5 across the full client base, and estimated that lifting the average to 2 capabilities across the estate could add 34% revenue, or GBP 79 million, from existing clients. He also noted the top 20 clients account for 38% of revenue and average 3.2 capabilities per client.
Valuation discussion and margin aspirations
Ellis argued NCC is undervalued relative to peers, citing an implied valuation of the cyber business of approximately 0.53x FY2025 annual revenues based on the prior night’s close. He attributed historical valuation “drags” to factors including prior group complexity (including Escode), one-offs and impairments, multiple disposals, inconsistent revenue performance, a previously fragmented operating model, and an over-reliance on project-based pen testing. He said corrective actions have been delivered, including a shift toward recurring managed services revenue and an “unleveraged” balance sheet.
In response to an online question, Ellis said that for a mid-teens EBITDA profile, “gross margins should be beginning broadly with the 40” (percent range) and above, while reiterating he could not provide timing or formal guidance.
About NCC Group (LON:NCC)
NCC Group is a people-powered, tech-enabled global cyber security and software escrow business.
Driven by a collective purpose to create a more secure digital future, c. 2,000 colleagues across Europe, North America, and Asia Pacific harness their collective insight, intelligence, and innovation to deliver cyber resilience solutions for both public and private sector clients globally. With decades of experience and a rich heritage,
NCC Group is committed to developing sustainable solutions that continue to meet client’s current and future cyber security challenges.
