Annual Report 2022 Tesserent Limited and Controlled Entities ABN: 13 605 672 928
Annual Report 2022 Tesserent Ltd ABN 13 605 672 928 Appendix 4E Financial information for the financial year ended 30 June 2022 as required by ASX listing rule 4.3A. Reporting period: Financial year ended 30 June 2022 Results for announcement to the market (all comparisons to financial year ended 30 June 2021) $'000 Up/Down % Change Revenue from ordinary activities 112,977 Up 68% Loss after tax from ordinary activities (8,783) Up 94% Net Loss attributable to members (8,783) Up 94% Note 1 Under accounting standard AASB15 “Revenue fromContracts with Customer” , some of the Company’s product sales are deemed as Agency Sales. The standard requires these sale amounts to be netted down against cost of products, which results in a lower reported ‘Statutory’ revenue in the Company’s formal Financial Statements. The group’s Turnover (or Gross Revenue) for FY22 was $166m (a non-IFRS measure). This has no impact on Gross profit or Net profit. Note 2 Loss after tax from ordinary activities is presented in accordance with AASB 101 (para 87). It is noted that the reported statutory loss includes $1.2m of acquisition related expenses (incl. fair value expense on contingent consideration), $2.4m of share option expense, and $9.4m of non-cash costs associated with the debt refinancing during the financial year ended 30 June 2022. Dividends paid and proposed No dividend has been proposed to be paid or is payable for the financial year ended 30 June 2022, nor for the comparative period. About Tesserent About this report Tesserent is Australia’s #1 ASXlisted cybersecurity provider offering full service cybersecurity solutions to our clients, helping them achieve full end-to-end protection for their digital assets. Cyber 360 utilises a range of products from world-leading cybersecurity vendors, delivering a comprehensive solution to prevent, detect and mitigate potential cyber-attacks. This is delivered by more than 450 cybersecurity professionals across offices in Melbourne, Sydney, Brisbane, Canberra, Auckland, Wellington and Christchurch. This annual report covers the operations, activities and financial performance of Tesserent Limited and its controlled entities for the year ended 30 June 2022 (FY22). In this report, references to ‘Tesserent’, ‘the Company’ and ‘the Group’ refer to Tesserent Limited (13 605 672 928) and its controlled entities. All dollar figures are expressed in Australian dollars (AUD) unless otherwise stated. The financial statements contained within this Annual Report are prepared in accordance with Australian Accounting Standards and interpretations issued by the Australian Accounting Standards Board. There are references to IFRS and non-IFRS financial information in this report. Non-IFRS financial measures are used to enhance the comparability of information between reporting periods. Non-IFRS financial information should be considered in addition to, and is not intended to be a substitute for, IFRS financial information and measures. NonIFRS financial measures are not subject to audit or review.
1 Contents 2 Chairman and CEO’s Letter 4 Review of Operations 11 About Tesserent 12 Board of Directors 14 Executive Team 20 Corporate Governance Statement 34 Directors’ Report 51 Auditors Independence Declaration 52 Consolidated Statement of Profit or Loss and Other Comprehensive Loss 53 Consolidated Statement of Financial Position 55 Consolidated Statement of Changes in Equity 56 Consolidated Statement of Cash Flows 57 Notes to the Consolidated Financial Statements 97 Directors’ Declaration 98 Independent Auditor’s Report 103 Shareholder Information 106 Corporate Directory Our mission is to be the sovereign cybersecurity provider of choice for the protection of Australia and New Zealand’s Digital Assets 1 Contents
Turnover1 up 71% YOY $166m Normalised NPAT1 up 38% YOY $10.0m Normalised EBITDA1 up 94% YOY $18.6m Annual Report 2022 Tesserent Ltd 2 Chairman and CEO’s Letter Dear Fellow Shareholders, We are pleased to present the 2022 Annual Report for Tesserent Limited (ASX:TNT) (‘the Company’). During the year ended 30 June 2022, the Group reported total sales turnover of $166m (up 71% from FY21), and a normalised EBITDA1 result of $18.6m which represents significant further growth (+94%) on FY21 results. The Group achieved an underlying normalised net profit (NPAT) of $10.0m, excluding the impact of one-off costs incurred during the year, such as acquisition costs, share based payments and refinancing costs. Following the significant disruption and technological shifts brought about by COVID in 2020 and 2021, many organisations have been compelled to adapt their operating systems and IT security in order to protect supply chains and interconnected systems in the face of the increasingly sophisticated attacks. 1 Excludes one-off costs, such as acquisition costs, share-based costs and refinancing costs (see below for further analysis). Global threat actors continue to exploit vulnerabilities across endpoints and cloud environments, and ramp up innovation on how they use identities and stolen credentials to bypass enterprise and government defences. Targeted intrusions are expected to continue to increase, leveraging trends in technology and the broader threat landscape throughout 2022 – such as a likely increase in the use of ransomware from ransomware-as-a-service. Following three years of targeted strategic acquisitions and continuing integration of these businesses and their cybersecurity service offerings into our Cyber360 framework – Tesserent, as Australia’s #1 ASXlisted cybersecurity provider, is extremely well placed to provide its existing and new customers full service cyber security assessment and protection solutions. The FY22 financial year marked a continuation of the strong growth experienced in FY21 accompanied by an ongoing integration and consolidation of the Group’s operations, plus initiatives in the areas of marketing and finance to consolidate the branding of the business and improve profitability.
3 Geoff Lord Executive Chairman Kurt Hansen CEO and Managing Director Consistent with the earnings profile in FY21, the quarterly results for FY22 demonstrated strong seasonality and progressive improvement through the year – the second half of the year 72% of full year earnings (vs. 76% in FY21). The Group’s strong growth at the EBITDA level for FY22 was achieved both through the contribution from three acquisitions during the year, plus an underling organic growth of 25% in the existing business. During the year, the business completed the acquisitions and continues to integrate the three businesses into the Group – two in the Tesserent Federal Government advisory practice and one into the Tesserent enterprise/commercial division – complementing and expanding the Group’s existing cybersecurity offering. The re-organisation of the Group’s divisional structure and go-to-market strategy, which was announced in August 2021 is progressing well. This has improved the level of engagement and cross selling opportunities across the business. This re-organisation was also accompanied by a re-branding of the Group which has further reinforced the integration. On 23 June 2022, the Group announced a successful refinancing and upsizing of its debt facilities – with a new $59m Market Rate Loan provided by the Commonwealth Bank of Australia replacing previous facilities (of $35m). We expect FY23 to be another year of growth, with continued strong organic growth and focus on cross selling opportunities across market and between divisions. This may be supplemented with some strategic acquisitions, where they complement and add to the existing Cyber360 strategy. On behalf of the Board and Executive Team, we would like to thank and acknowledge the efforts of management and staff who have been committed to the execution and delivery of our business strategy. We would also like to thank our shareholders for their continued support as we expand on our position as Australia’s #1 ASXlisted cybersecurity firm.
Annual Report 2022 Tesserent Ltd 4 FY22 IN REVIEW Background Increasingly, organisations are coming under cyber- attack from sophisticated state-based actors, hacktivists and cyber-criminals. Threat actors continue to exploit vulnerabilities across endpoints and cloud environments, and ramp up innovation on how they use identities and stolen credentials to bypass legacy defences. Adversaries continue to adapt to security environments evolving with global market pressures and supply chain issues. Targeted intrusions are expected to continue to increase, leveraging trends in technology and the broader threat landscape throughout 2022 – such as a likely increase in the use of ransomware from ransomware-as-a-service. Increasingly reliance on mobile devices is enabling attackers to continue to diversify their exploitations to include mobile malware — either to make money or collect sensitive information. Cloud-related threats are particularly likely to become more prevalent and to evolve, given that targeted intrusion adversaries are expected to continue prioritizing targets that provide direct access to large consolidated stores of highvalue data. Cybersecurity market Following the significant disruption and technological shifts brought about by COVID in 2020 and 2021, organisations have been compelled to continue to adapt their operating systems and IT security in order to protect supply chains and interconnected systems in the face of the increasingly sophisticated attacks. Evaluation of the market landscape identifies that enterprise risk is focusing around three critical areas: – endpoint vulnerabilities and cloud workloads – identity and – data The cybersecurity market is expected to continue showing strong growth, driven by the increasing number of retail and financial transactions processed online and through e-commerce platforms, plus the increasing integration and interconnection of business and government controlled systems and infrastructure. Cloud computing, edge computing and public cloud security are the fastest developing market subsegments. The impact of COVID-19 has accelerated cyberattacks faced by many organisations due to the security vulnerability of remote work and virtualised IT environments. There is also an everincreasing awareness of data risks and threats among organisations with cybersecurity critical to the success of the digital transformation of operations. The Global cybersecurity market was valued at US$139.8 billion in 2021 and is forecast to grow at a 13.4% compound annual growth rate over 2022-2029. Global Industry Revenue (US$bn) Review of Operations FY16 FY17 FY18 FY19 FY18 FY19 FY20 FY21 FY22 FY23 FY24 FY25 30 34 40 47 51 61 74 97 103 121 143 169 30 56 63 69 71 78 86 94 110 30 120 129 Security Services Cyber Solution As Australia’s #1 ASX-listed cybersecurity provider, Tesserent has a broad Cybersecurity service offering through its Cyber360 framework and is extremely well placed to provide its existing and new customers full service cyber security assessment and protection solutions. Tesserent has a sovereign Aust/NZ workforce of over 450 skilled cybersecurity professionals. Combined with in-house software monitoring solutions and access to a range of products from world-leading cybersecurity vendors, Tesserent delivers a comprehensive solution to prevent, detect and mitigate cyber-attacks. Source: IBISWorld, Statista, Fortune Business Insights
5 With employees located across offices in Melbourne, Sydney, Brisbane, Canberra, Wellington, Auckland, and Christchurch, Tesserent continues to hold its place as Australia’s #1 ASX-listed cybersecurity provider. Tesserent now provides products and services to over 1,200 clients: GOVERNMENT – 53 Federal and State Departments and Agencies – 25 Local Councils FINANCIAL – 8 of the 12 Largest Banks in Aust/NZ – 6 Top Financial Services firms – 14 Foreign Banks CRITICAL INFRASTRUCTURE – 21 of the Top Energy firms in Aust/NZ, ENTERPRISE – Tesserent works with 51 of the S&P/ASX 100 – 50% of the Tier 1 Retail and logistics supply chain organisations Other market drivers Due to a rapidly evolving suite of technology platforms utilised by businesses and individuals and increased connectivity, the demand for IT security solutions is on the rise. Digital assets and data are becoming an increasingly important aspect of conducting business and as such, the need for security will continue to increase as cybercriminals become more advanced. With computer networks and systems becoming more complex, the need for security and monitoring services is increasing. Many businesses are selecting to outsource these services to specialist providers, with an increased focus on security software service offerings. There have been a number of highly publicised cyber security breaches over the past several years, highlighting the need for governments and businesses to proactively improve their digital security platforms.
Annual Report 2022 Tesserent Ltd 6 The shortage of the required human skill sets needed for organisations to employ a suitable level of cyber resilience continues to be a challenge globally and in Aust/NZ. Tesserent has positioned itself as a destination employer for cyber skilled staff and will also contribute to developing skills across this industry wide problem. FY22 FINANCIAL PERFORMANCE The adjacent table, sets out the key financial metrics for the Group for the current year and the prior year. Tesserent continued its expansion through FY22 with growth (versus FY21) in Turnover of 71% and growth in Operating EBITDA of 91%. As reported in the most recent quarterly report, the overall growth in Operating EBITDA of 91%, comprised 25% organic growth, plus contribution from newly acquired business (acquisition growth) of 66%. During the full year FY22, the Group reported total Turnover of $165.6m and statutory revenue of $113.0m. As previously discussed, Turnover includes revenue from consulting and advisory services, plus turnover from product sales. The turnover or ‘Gross revenue’ is equivalent to the value invoiced to customers and drives the receivables balance reported in the Group balance sheet. Under accounting standard AASB15 “Revenue from Contracts with Customer”, some of the Company’s product sales are required to be netted down against cost of products, which results in a lower reported ‘Statutory’ revenue in the Company’s formal Financial Statements (this has no impact on Gross profit or Net profit). Key observations from the FY22 results (per the adjacent table) – The Group’s underlying earnings showed significant growth with FY22 Operating EBITDA (before addition of AASB16 adjustments) growing 116% from the prior year (FY21). – The improved Operating EBITDA reflects improved operating leverage through the business, plus the impact of the business reorganisation whereby the new operating divisions of the business have reviewed and addressed pricing and margin recovery on certain contracts. – Interest expense is up 74% in FY22 as a result of the upsized facility of $35m for the full year (vs. partial year in FY21). As a result of the refinancing with CBA, which was completed on 23 June 2022, the cash interest cost of the refinanced $35m will be approximately $1.2m lower in FY23. The non-cash interest cost (amortisation of the warrants) will not be applicable in FY23. – Depreciation and amortisation costs have increased by 58% in FY22, driven primarily by the increase in required accounting treatment for amortisation of customer contracts associated with the acquisitions. During FY22, the depreciation and amortisation costs were spilt into; Depreciation of Property Plant and Equipment ($1.7m); Depreciation of AASB16 Right-of-use assets ($2.2m) and Amortisation of customer contracts associated with the acquisitions ($3.9m). – Share based payment and option expenses are down 46%, as the number of options issued in FY22 was lower that FY21 – when the Group’s ESOP plan was launched. – Acquisition costs were lower, down 76% as a result of fewer acquisitions in the current year vs. FY21. – There were a number of one-off costs associated with the refinancing and exit from the previous debt facility, which impacted profit in FY22 being; exit fee on the previous facility ($1.75m); write-off and amortisation of remaining unamortised costs on warrants attached to the previous facility ($7.5m). These costs will not reoccur in future periods. – In accordance with accounting standard AASB 128, the Group is required to assess the carrying value of its investments – taking into account any external market indicators. During FY22, there were external indicators that compelled a write-down of the TrustGrid and AttackBound minority investments, totalling $1.6m. There was also a write-down of the call option investments relating to TrustGrid and AttackBound of $2.5m. – The write-down of minority investment was partially offset by a market indicator supporting a write-up of the Daltrey investment held at fair value through profit or loss by $0.6m. Note that the carrying value impairments and write-up relate to the minority investments held by the Group. The business has also assessed the carrying value of all of the controlling acquisitions made by the Group in the core business (under the three CGU’s disclosed in the financial statements) and no impairment has been required (refer to Note 15 of the financial statements). Review of Operations continued
7 As noted in the TNT’s recent ASX quarterly performance announcement (on 28 July 2022), the earnings of the business are highly seasonal, with: – Turnover in H1/H2 of FY21 reported at 38% / 62% and H1/H2 of FY22 reported at 39% / 61% – Operating EBITDA in H1/H2 of FY21 reported at 23% / 77% and H1/H2 of FY22 reported at 28% / 72% as shown below. Normalised EBITDA and NPAT Details cash v. non-cash expenses 30-Jun-22 $’000 30-Jun-21 $’000 % change Turnover 165,567 96,685 +71% Statutory revenue 112,977 67,389 +68% Operating EBITDA (as reported in 4C quarterly reporting) 16,312 7,560 +116% add Impact of AASB16 lease adjustments 2,241 2,025 Normalised EBITDA 18,553 9,585 +94% Interest expense cash (3,361) (1,929) Depreciation and amortisation non-cash (7,841) (4,975) Tax credit non-cash 2,634 4,578 Normalised NPAT 9,985 7,259 +38% Less: One-off costs/non-recurring expenses – – Share based payment and option expenses non-cash (2,401) (4,462) Acquisition costs and fair value expense on contingent consideration cash (1,192) (4,934) Exit costs on refinancing cash (1,750) – Non-cash interest - amortisation of warrants and facility costs non-cash (9,398) (2,396) Loss on carrying value of innovation investments non-cash (4,027) – Statutory NPAT (8,783) (4,533) Sum of cash expenses below Normalised NPAT (2,492) (4,934) Sum of non-cash expenses below Normalised NPAT (15,827) (6,858) 0 10 20 30 40 50 60 15.1 21.4 21.0 39.2 28.2 34.7 41.5 58.6 FY21/FY22 Turnover - quarter on quarter ($m) Q1 FY21 Q2 FY21 Q3 FY21 Q4 FY21 Q1 FY22 Q2 FY22 Q3 FY22 Q4 FY22
Annual Report 2022 Tesserent Ltd 8 Cashflows The Group recorded a positive operating cash flow of $11.8m for the year, as a result of strong cash conversion and favourable movements in net working capital. Operating EBITDA to cash conversion was 72% for the full year FY22. We note that operating cashflow can fluctuate significantly over the year, driven by trading seasonality in the business coupled with large working capital and WIP movements which may move the outcome materially over quarter end reporting dates. Management monitors the working capital dynamics over the year to ensure that the group is optimising its cash position as the business grows organically. The new debt facilities with the CBA (see below) includes a revolving facility which provides the Company flexibility in managing its cash and debt position. FY22 ACQUISITIONS During the year, Tesserent completed controlling acquisitions of three separate businesses (Loop Secure, Claricent and Pearson) covering both public and private sector consulting services, managed services and specialised product expertise. Each of these acquisitions have exceeded their incoming FY22 revenue and earnings targets for the control period post acquisition and are well progressed on integration into the Group’s existing operations and Cyber360 model. INTEGRATION AND OPERATIONAL RE-ORGANISATION The financial year FY22, represented a year of both growth and consolidation for the Group, as the business continued its plans to pursue a brand and business unit integration strategy following the acquisition of nine separate businesses in the two preceding financial years, in order to build out the Group’s Cyber360 capabilities. The re-organisation of the business units acquired over the last two years has aligned them with the go-to-market channels and form the basis in which the Group’s CEO and Board manage and assess business performance. A new brand strategy was adopted to accompany and accentuate the change in the Group’s go-to-market approach. CLIENT ACQUISITION AND EXPANSION The integration and reorganisation of these business acquisitions continues to strengthen the Group’s trading performance and its commercial position in the market – enabling the Group to enhance its value proposition to existing and new clients and improve gross margins and net margins reported across the business. As a result, the group has during FY21/22 developed eight major service lines, with promising crossselling results to date, as follows: – 60 clients with 2 service lines – 30 clients with 3 services lines – 10 clients with 4 or more services lines – 120 new client “logos” were added in FY22 Review of Operations continued 0 1 2 3 4 5 6 7 8 0.4 1.3 1.7 4.1 2.0 2.6 3.9 7.8 FY21/FY22 Operating EBITDA – quarter on quarter ($m) Q1 FY21 Q2 FY21 Q3 FY21 Q4 FY21 Q1 FY22 Q2 FY22 Q3 FY22 Q4 FY22
Review of Operations continued Annual Report 2022 Tesserent Ltd 10 The growth opportunity presented now is to continue to market these service lines to more than 1,200 existing clients across commercial and government sectors, as well as using the offering to add net new clients. In September 2021 the Company refreshed its brand image and purpose with a new narrative. “Securing our digital future, together”. This narrative recognised that cybersecurity starts and ends with all of us. That we partner with our clients to create solutions that keeps their businesses and customers data safe. Collectively the more systems we secure the more secure our interconnected world becomes. This refreshed brand will be important as we continue to grow and develop our business to become known as the sovereign “go to business” for managing cyber risk. REFINANCING OF GROUP DEBT FACILITIES During the Q4 of FY22, Tesserent completed a refinancing and upsizing of its debt facilities – with a new $59m Market Rate Loan provided by the Commonwealth Bank of Australia replacing previous facilities (of $35m). As part of the refinancing, CBA is providing a Market Rate Loan of up to $20m to be used to fund cash consideration payments on existing and future acquisitions; plus ancillary facilities of $4m – to cover Bank Guarantees, FX and corporate cards for the Group. The implementation of the new financing arrangements will materially reduce the (cash) interest cost and eliminate the ongoing non-cash warrant expense on the previous debt facility and result in significant savings on drawn new debt facilities (based on current benchmark interest swap rates). FUTURE FOCUS A key focus of the Group is ensuring that each of our divisions has a strong management capability that is accountable for strategy development and execution, as well as day-to-day operational performance. The Board and Management Team continue to focus on creating shareholder value by building on Tesserent’s position as Australia’s #1 ASX-listed cybersecurity provider. Important goals for FY23 financial year include: – Fostering innovation across the Group and expanding proprietary intellectual property to drive high-margin product and service offerings. – Focusing on capturing further market share of clients in three key markets: Government (including Defence), Critical Infrastructure and Financial Services. – Driving growth through deeper and wider customer engagements and increasing our average number of services per customer. – Integrating acquisitions into “Capability Business Units” to maximise synergy efficiencies and drive organic revenue growth through cross-selling. – Building out high-value recurring annuity revenue streams via Managed Security Operations Centre (SOC) and Managed Detection and Response (MDR). – Investing in the Tesserent Academy strategy to deliver programs to help the industry shortage of cyber skills for Tesserent staff, our clients and industry wide. – Selectively evaluating acquisition opportunities that may expand on our Cyber 360 capabilities and market share, increasing shareholder value through incremental EPS growth.
Cyber Strategy & Consulting Identity & Access Management 24x7 Managed Detection Incident Response Network & Cloud Security Critical Controls Cyber Education Converged/ Physical Security Security Advisory (GRC) Tech. Assurance & Testing 11 Detect & Respond Protect Defend Software as a Service Private Cloud Public Cloud Our Clients
Academy Training Associates Innovation and IP development OUR STRATEGIC DIVISIONS Defend & Protect Federal Detect Cloud CYBER360 STRATEGY Annual Report 2022 Tesserent Ltd 12 About Tesserent THE GROUP TODAY Tesserent is Australia’s #1 ASX-listed cybersecurity provider offering full service cybersecurity Solutions to our clients, helping them achieve full end-to-end protection for their digital assets. Cyber 360 utilises a range of products from world-leading cybersecurity vendors, delivering a comprehensive solution to prevent, detect and mitigate potential cyber-attacks. This is delivered by more than 450 cybersecurity professionals across offices in Melbourne, Sydney, Brisbane, Canberra, Auckland, Wellington and Christchurch. Tesserent’s Cyber 360 offering provides products, services and strategic advice to more than 1,200 Enterprise, Government and Critical Infrastructure clients.
DEFEND PROTECT DETECT TECHNICAL ASSESSMENTS GOVERNANCE & POLICIES CONTROLS RISK IDENTIFICATION Assist clients to understand their risk profile, identify business critical assets and the appropriate level of protection required. Design and implementation of appropriate controls to safeguard assets, through the adoption of secure architectures and frameworks. Assess, align & uplift a client’s governance and risk management strategy to match their risk profile and/or regulatory requirements Conduct assessments & gap analysis against best practice and regulatory requirements to assist clients with measuring their current security posture. RISK MITIGATION Actively drive continuous security maturity in organisations and raise awareness of the current threat landscape. Assurance and Testing 01 02 03 04 Strategy and Advisory Data and Analytics Architecture and Engineering Critical Technology Controls 05 06 07 08 Incident Response Secure Cloud Migration Detect – Secure Digital Eye 13
Board of Directors Annual Report 2022 Tesserent Ltd 14 GEOFF LORD Executive Chairman Geoff is the Founder and CEO of the Belgravia Group, a privately held investment group which since being established in 1990 has grown to employ more than 10,000 people in businesses spanning sports and sports technologies, fitness, leisure, sports camps, clothing and more. In addition, Geoff is the former Founder and Chairman of UXC Limited, one of Australia’s largest IT services businesses. After being founded in 2002 as a $5m business, UXC grew under Geoff’s leadership to be acquired in 2016 by NYSE-listed Computer Sciences Corporation (now DXC Technology) in a deal valued at A$427.6m. Other board positions held by Geoff include Director Melbourne Business School, founding Director of SME finance business Judo Bank and Chairman of Salvest. He has also shown a significant passion for sports and clubs, having served as Chairman of Hawthorn Football Club and Melbourne Victory. Geoff is a Life Member of both clubs. Geoff’s formal qualifications include an MBA (Distinction) (Melbourne), BEc (Hons) (Monash), FIDA, ASIA. Geoff is the largest shareholder in Tesserent. KURT HANSEN Chief Executive Officer and Managing Director Kurt has over 30 years of IT industry experience driving sales and delivery transformation and impressive business growth across many IT and Cybersecurity organisations in Australia and New Zealand. Kurt was the CEO at Pure Security where, as part of the PS&C Group he integrated four Security businesses following their acquisition and listing onto the ASX. Previous roles include executive, senior management and operational positions at Check Point Software Technologies, F5 Networks, AirData, Symbol Technologies, Telstra Wholesale, Cisco Systems, and Ericsson. Prior to commencing his corporate career, Kurt joined the Australian Army as an electronic trainee, later becoming a commission officer and finishing his military career in Royal Australian Signal Corp with the rank of Captain. He holds a Diploma of Engineering from Swinburne Institute of Technology. See pages 34 to 35 for further information.
15 GREGORY BAXTER Non-Executive Director (NED) Board member since 2015. Greg is currently Chief Transformation Officer Hewlett Packard, leading HP’s IT, Cyber, Software, Data & AI, and Transformation Management organizations. Greg was previously Chief Digital Officer at MetLife and Global Head of Digital at Citibank, leading Citi’s digital transformation across businesses and geographies. Greg specialises in the development and delivery of digital strategy, corporate innovation and business transformation. He has held senior business, consulting and technology roles across Asia, Europe and North America, with a track record of high- impact business results. Greg has extensive board and advisory experience in technology, financial services and research institutions. He holds a BSc from Monash University and an MBA from the University of Melbourne and has been a guest lecturer on strategy at the University of Oxford, New York University, and Columbia University. MEGAN HAAS Non-Executive Director (NED) Megan’s core competencies are centered around cyber risk, governance, technology and operational processes developed over 30+ years both in Australia and internationally. Formerly a PwC Cyber Security & Forensic Services Partner, Megan has worked with organisations across international borders and industries including pharmaceutical, gaming, retail, manufacturing, government, media, financial services and communications. Megan has a BBUS Accountancy & Information Systems (RMIT), GAICD. Megan’s other Directorships include: Development Victoria (Chairperson), RMIT University (Council member) and Note Printing Australia (audit committee).
Executive Team Annual Report 2022 Tesserent Ltd 16 KURT HANSEN Chief Executive Officer Kurt has over 30 years of IT industry experience driving sales and delivery transformation and impressive business growth across many IT and cybersecurity organisations in Australia and New Zealand. Kurt was the CEO at Pure Security where, as part of the PS&C Group he integrated four security businesses following their acquisition and listing on the ASX. Previous roles include executive, senior management and operational positions at Check Point Software Technologies, F5 Networks, AirData, Symbol Technologies, Telstra Wholesale, Cisco Systems, and Ericsson. Prior to commencing his corporate career, Kurt joined the Australian Army as an electronic trainee, later becoming a commission officer and finishing his military career in Royal Australian Signal Corp with the rank of Captain. He holds a Diploma of Engineering from Swinburne Institute of Technology. JAMES JONES Group CFO James joined Tesserent after serving as CFO of the Australian FMCG business, Bellamy’s Organic Group which was formerly an ASX listed business (sold in a public to private transaction in 2019). In his role at Bellamy’s, James was responsible for leading the Finance team across multiple jurisdictions in the delivery of technical accounting, reporting, audit and tax requirements plus statutory reporting and board reporting for Bellamy’s Group. Prior to his role at Bellamy’s, James was a Director at Deloitte and then EY (in the United Kingdom) working in an advisory capacity on restructuring, distressed assets and M&A transactions. James has extensive experience in financial modelling and scenario analysis, plus providing advice on bid tactics, sale and purchase contract structuring and purchase price mechanics through execution of M&A deals. James has worked on the ground on both sell side and buy side mandates, as well as fund raisings and Stock Exchange listings on both ASX and LSE. James hold Bachelor of Commerce and Bachelor of Science degrees from the University of Melbourne and is a member of Chartered Accountants (CA ANZ). SAMANTHA RIDDLE Director – People & Culture Samantha has extensive commercial and human resources experience spanning 30 years both in Australia, and overseas. The last 18 years, she has held senior people leadership roles across the IT Sector. She is passionate about leading a Human Resources function that attracts, develops and retains high performing leaders and teams. With her depth of knowledge and experience across the IT sector and Human resources alike, she is able to bring alignment between business and people strategies. She is both passionate and committed to making a positive impact to the business, through maximising and developing peoples’ potential and capability. Samantha, holds a Bachelor’s degree in Commerce and Political Science, Honours Degree in Organisational Development and a Masters Of Business Administration.
17 CHRIS HAGIOS Managing Partner, Defend & Protect Chris was the founder and Managing Director of airloom. Chris has over 20 years of startup and high growth technology company experience leading consulting, product, software development, marketing and sales teams. He brings innovation and success in mobile, cloud and the cybersecurity industries with his unique business sense, technical acumen and vision for the future protecting enterprise data. Chris leads the Tesserent Defend BU and has oversight to develop and grow our Assurance, Advisory/GRC, Products & Technology and Data & Analytics segments, all of which are focussing on services and solutions designed to defend and protect our client’s digital assets. PAUL TAYLOR General Counsel and Company Secretary Paul has extensive experience across the financial services, e-commerce and legal industries and is a member of Tesserent’s Senior Leadership Team. Paul previously held leadership roles in the insurance and financial services sector with the Cover-More Group Limited and Insurance Australia Group Limited, and most recently acted as General Counsel & Company Secretary at Simonds Group Limited, an ASX listed business focused on residential building and construction. At Tesserent, Paul brings his strong partnership building approach & commercial acumen to drive profitable and pragmatic business transformations. Paul holds a Master of Laws, Bachelor of Commerce (Hons) and is a Member of the Australian Institute of Company Directors. Paul is qualified to practice law in Australia and New York, USA.
Executive Team Annual Report 2022 Tesserent Ltd 18 GEORGE KATAVIC Managing Partner, Federal George has more than 25 years of experience with consulting organisations in the Federal Government market. George founded BCT, a specialist in Defence and National Security consulting which later became part of UXC in 2006. From that time George was responsible for building UXC Consulting in the ACT, combining 6 disparate and small brands which evolved into the largest Australian owned Consulting organisation in the ACT. With over 200 staff including over 100 cybersecurity staff, UXC was largest cyber consulting organisation in the Federal Market. Prior to his current role with north, George was the Managing Partner of DXC Consulting in the ACT. He cofounded north in 2018 which has cemented itself as a leader in the cyber field in the ACT. DEEPAK SINGH Managing Partner, Detect Deepak is a seasoned Information Security professional with over 20 years of experience in the information security domain. He has held leadership roles in local and international information security organisations of various scale. He was instrumental in the growth and success of Secure Logic, which provided end to end information and cybersecurity solutions and services in various sectors. His customer focused view enables the right balance of security investment against business objectives, which is driven through his expertise in the field. Deepak leads the Tesserent Detect business unit which provides secure monitoring and detection services designed to protect our client sensitive assets and information against global cyber threats. continued CRAIG HUMPHREYS Managing Partner, Cloud Craig is an IT veteran having held leadership positions in both Australian and multi-national organisations over the past 25 years. He founded iQ3 in Sydney in 2010 with a strong vision to address the dynamic landscape of IT and the growing appetite for consuming IT as a Service. Building a team of professionals and establishing a significant position delivering Secure Cloud services to a large number of Government organisations, as well as Australian and multinational corporate clients, saw iQ3 ranked 28th in BRW’s fast 100 in 2015. Craig leads the Tesserent Cloud BU providing clients with highly secure services lines involving public cloud, private cloud/ IaaS and hybrid managed cloud offerings.
19 HAMISH SOPER Managing Partner, New Zealand With over 15 years’ experience transforming IT businesses, this role will see Hamish taking the Tesserent Defend and Detect & Cloud offerings to the NZ Market and assisting the Tesserent Lateral Security team to expand the existing Advisory/GRC and Assurance business. Previously, Hamish was Country Manager with Check Point Software Technologies where he built the business from $2M to $16M over a 10-year period. In 2017 he established the AppDynamics (a Cisco Company) business in New Zealand and then returned to Check Point in 2018 as ANZ Channel Director. Earlier roles include running the M2M (IoT) sector at Vodafone. PATRICK BUTLER CEO, Loop Secure Patrick has been at Loop Secure for more than 15 years, building up both the cybersecurity service and technology arms of the business. Patrick was formerly the General Manager of Sales & Marketing overseeing the national team from the Sydney office. Patrick was appointed CEO in 2016. During his time at Loop, Patrick has engaged with hundreds of clients, and understands the unique challenges posed to organisations in Australia by cybersecurity threat actors. In his role as both a shareholder and CEO of Loop, Patrick was able to understand the challenges that come with running a business securely. Patrick has extensive experience in presenting and training boards and executives on cybersecurity challenges and how to be prepared and resilient today and into the future. Patrick commenced in August 2021.
Annual Report 2022 Tesserent Ltd 20 Corporate Governance Statement The Board of Directors of Tesserent Limited (Board) is committed to ensuring that its Corporate Governance framework meets the requirements set out in the ASX Corporate Governance Council’s Principles and Recommendations (Fourth Edition) (Governance Principles). Strong corporate governance is critical to the delivery of value to our shareholders and acting with transparency and integrity in the conduct of our business. Consistent with prior years, the Board does not consider that all of the ASX Recommendations are applicable for the Company, and where Tesserent has not fully adhered with an ASX Recommendation, this has been discussed in the Corporate Governance Statement, together with the reasons why it has not been followed. As Tesserent’s activities develop in size, nature, and scope, the size of the Board and the implementation of additional corporate governance policies and structures will be reassessed. The Company’s corporate governance policies and practices are outlined below and are in the corporate governance information section of the Company’s website: www.tesserent.com. a. Code of Conduct – This policy sets out a statement of the shared values of the Company and how the Company conducts itself and its business. b. Board Charter – This policy sets out the principles for the operation of the Board and describes the functions of the Board and those functions delegated to management of the Company. c. Selection and Appointment of New Directors Policy – This policy ensures that the procedure when selecting and appointing new Directors is formal and transparent. d. Board and Senior Executive Evaluation Policy – This policy sets out the process relating to performance and evaluation of the Board, senior executives, and individual Directors. e. Appointment of External Auditor Policy – This policy summarises the conditions on which the Company will select an external auditor. f. Continuous Disclosure Policy – This policy sets out certain procedures and measures which are designed to ensure that the Company complies with its continuous disclosure obligations. g. Trading Policy – This policy is designed to maintain investor confidence in the integrity of the Company’s internal controls and procedures and to provide guidance on avoiding any breach of the insider trading laws. h. Anti-Bribery Policy – This policy sets out the practices which the Company follows to ensure compliance by the Company, its Directors, Senior Executives and employees with the anti-bribery or anti-corruption laws in the jurisdictions that the Company operates. i. Shareholder Communications Policy – This policy sets out practices which the Company will implement to ensure effective communication with its Shareholders. j. Diversity Policy – This policy sets out the Company’s objectives for achieving diversity amongst its Board, management and employees. k. Audit and Risk Management Committee Charter – This policy sets out the objectives and procedures for the Audit and Risk Management Committee when it is in operation. l. Nominations and Remuneration Committee Charter – This policy sets out the objectives and procedures for the Nominations and Remuneration Committee when it is in operation.
21 ADHERENCE WITH AND DEPARTURES FROM RECOMMENDATIONS The Company’s compliance with and departures from the Recommendations during the reporting period are set out on the following pages. RECOMMENDATION COMPANY’S CURRENT PRACTICE 1.1 A listed entity should have and disclose a board charter setting out: a. the respective roles and responsibilities of its board and management; and b. those matters expressly reserved to the board and those delegated to management. The respective roles and responsibilities of the Board and executives are defined in the Board Charter. The Board Charter outlines: – The roles of the Board, the Chairman, the Chief Executive Officer(s) (CEO(s)) and the Company Secretary. – The guidelines for Board composition, including the processes around Director appointments and Board nominations. – The general and specific responsibilities of the Board. – Responsibility for the operation and administration of the Group is delegated by the Board to the CEO(s) and the Senior Leadership Team (SLT). The Board ensures that the CEO and SLT are appropriately qualified and experienced to discharge their responsibilities. Some key functions reserved for the Board are: – Approval of the budget; – Approval of the strategic plan; – Approval of annual, half-yearly and quarterly financial reports; – Approving and monitoring the progress of major acquisition and divestments; – Ensuring the Company’s Code of Conduct and other policies are adhered to, to promote ethical and responsible decision making and compliance with applicable laws; – Ensuring any significant risks that arise are identified, assessed and appropriately managed and monitored; and – Reporting to shareholders. While the Board retains full responsibility for guiding and monitoring the Company, to assist in discharging its responsibilities, it makes use of sub‑committees. To this end the Board had in place an Audit & Risk Management Committee for FY22. A Nomination & Remuneration Committee was not in place in FY22, and these functions were managed by the Board. Reestablishment of the Nomination & Remuneration Committee in FY23 has been tabled for consideration by the Board. The Company complies with this Recommendation.
Annual Report 2022 Tesserent Ltd 22 continued RECOMMENDATION COMPANY’S CURRENT PRACTICE 1.2 A listed entity should: a. undertake appropriate checks before appointing a director or senior executive or putting someone forward for election as a director; and b. provide security holders with all material information in its possession relevant to a decision on whether or not to elect or re-elect a director. The procedure for the selection of new Directors is set out in the Selection and Appointment of New Directors Policy. Under this policy, Shareholders are required to be provided with all material information relevant to making an informed decision on whether or not to elect or re-elect a Director, including experience, qualifications, relevant memberships, and details of other material directorships held, or other interest, position or relationship that might influence on their ability to bear on issues before the Board and to act in the best interests of the Company as a whole rather than in the interests of an individual shareholder or other party. The notice of meeting also states whether the Board considers the Director to be independent, and the term of office currently served by the Director. The Company complies with this Recommendation. 1.3 A listed entity should have a written agreement with each director and senior executive setting out the terms of their appointment. The Company has entered into a written agreement with each Director and senior executive setting out the terms of their appointment, including role, responsibilities and remuneration. A director must advise the Board in relation to any new role that could impact upon the time commitment expected of the director or give rise to a conflict of interest. The Company complies with this Recommendation. 1.4 The company secretary of a listed entity should be accountable directly to the board, through the chair, on all matters to do with the proper functioning of the board. The Board Charter provides that the Company Secretary’s role is: – advising the Board and its committees on governance matters; – monitoring that board and committee policies and procedures are followed; – coordinating the timely completion and despatch of board and committee papers; – ensuring that the business at board and committee meetings is accurately captured in the minutes; and – helping to organise and facilitate the induction and professional development of Directors. As stated in the Board Charter, each director can communicate directly with the Company Secretary and vice versa. The Company Secretary is accountable directly to the Board, through the Chairman, on all matters to do with the proper functioning of the Board and its committees. The Company complies with this Recommendation. Corporate Governance Statement
23 RECOMMENDATION COMPANY’S CURRENT PRACTICE 1.5 A listed entity should: a. have and disclose a diversity policy; b. through its board or a committee of the board set measurable objectives for achieving gender diversity in the composition of its board, senior executives and workforce generally; and c. disclose in relation to each reporting period: i. the measurable objectives set for that period to achieve gender diversity; ii. the entity’s progress towards achieving those objectives; and iii. either: a. the respective proportions of men and women on the board, in senior executive positions and across the whole workforce (including how the entity has defined “senior executive” for these purposes); or b. if the entity is a “relevant employer” under the Workplace Gender Equality Act, the entity’s most recent “Gender Equality Indicators”, as defined in and published under that Act. The Company recognises that a diverse and talented workforce at all levels is a competitive advantage and that the Company’s success is the result of the quality and skills of its people. The Company has established and implemented a Diversity Policy which is overseen by the Board and may be viewed in full at: https://investors.tesserent.com/site/about/ corporate-governance. The Company’s Diversity Policy requires the Board to establish measurable objectives to assist the Company in achieving gender diversity. The Company did not set Measurable Objectives for achieving gender diversity for the 2022 financial year due the level of acquisition and integration activities required across the Group. Measurable Objectives for FY23 are in the process of being finalised and tabled for Board approval and adoption in Q2 FY23. The following activities were undertaken by the Company in FY22 in support of the Company’s broader diversity objectives: – Partnered with the not-for-profit organisation UNIQ YOU to encourage more high school aged young women to consider careers in Cybersecurity. This partnership with UNIQ YOU aims to address the gender imbalance in the industry as a key step toward meeting that demand. – Tesserent was an Executive sponsor for the AWSN – 2021 Australian Women in Security Awards. – Adopted a Parental Leave Policy to expand parental leave provisions above the current standard, statutory requirements for consideration (12 weeks paid primary carer and 2 weeks paid secondary carer. – Adopted a Domestic & Family Violence Leave Policy. – Adopted a Group Code of Conduct and Workplace Harassment, Discrimination and Bullying Policy. – Adopted a Flexible Working Arrangement framework across the Group. The Company is a ‘relevant employer’ under the Workplace Gender Equality Act and lodged its report on 26 July 2022. This report contains the most recent ‘Gender Equality Indicators’ and the public version of this report can be found in the Media section of the company’s website at: https://investors.tesserent. com/site/about/corporate-governance. As at 30 June 2022, there were 77 females employed representing 24% of total employees. The Tesserent board has a female Director, following the appointment of Megan Haas in January 2021. The Company partially complies with this Recommendation.