Back to catalogue
№ 086 36 filings · 2021-04-28 → 2026-03-24

CORERO NETWORK SECURITY PLC

CNS
Technology Market cap £55m Overall fit 380 /1000

Partial fit: genuine operating leverage potential and net-cash balance sheet, but only indirect AI exposure via cyber-attack volumes, modest growth, persistent guidance misses, and valuation that is fair (not cheap) for a sub-scale niche player.

Fair value range 10p–16p Mid case · £66m
Absolute upside +19.9% vs current market cap
Conviction 3/5 confidence in fair call
Supports the call
  • Clean single-segment disclosure with audited unqualified accounts
  • ARR ($23.9m) provides directly observable forward revenue anchor
  • Net-cash balance sheet limits downside tail risk
Limits the call
  • Wide reasonable EV/ARR range (2.5x-4.5x) for sub-scale cyber name
  • Unclear if FY25 EBITDA trough or new run-rate post SaaS mix shift
Methodology

EV/ARR multiple cross-checked with EV/revenue

In one line · bull case

Niche DDoS-protection specialist with high gross margins and accelerating ARR (+23%) transitioning to subscription, available at a fair-not-cheap price, with material operating leverage if H2-25/Q1-26 momentum sustains.

In one line · biggest risk

Sub-scale player whose subscription mix-shift keeps pulling revenue into out-years while opex hits today, risking continued EBITDA compression and cash burn in a market where Cloudflare/Akamai bundle DDoS into broader security suites.

Drivers
AI beneficiary 42 /100
Indirect cybersecurity beneficiary — AI-augmented DDoS attacks drive demand and they have CDIS AI-assisted service, but DDoS is a narrow niche of the AI security spend pie.
Operating leverage 70 /100
90% gross margins and largely fixed cost base mean ~80% incremental contribution; a 15% revenue beat would plausibly double EBITDA, but reverse leverage seen 2022-25 shows the downside too.
Earnings vs expectations 30 /100
Material July-2025 guidance cut (EBITDA from $3.95m to ~$0m) and 2022 Q4 warning; pattern of optimistic initial outlooks then resets.
Growth momentum 45 /100
FY25 revenue only +4% but H2 +18% and Q1 2026 'significantly exceeding' Q1 2025; ARR growth +23% genuinely accelerating.
Moat 35 /100
Some technical IP (SmartWall ONE, 400G platform), 98% retention, but competes directly against far larger Cloudflare/Akamai/NetScout-Arbor; switching costs moderate.
Earnings quality 50 /100
Capitalised dev expenditure $3.5m (~14% of revenue) flatters EBITDA vs cash; FX volatility from USD reporting / GBP HQ; adjusted-EBITDA metric strips share-based and one-off costs.
Management quality 40 /100
CEO (2024) and CFO (2024) both new; track record of profit warnings, but balance sheet stewardship sound (debt repaid 2023, equity raises modest).
Cyclicality 28 /100
Cybersecurity demand structurally defensive but sub-scale players exposed to enterprise budget cycles and discretionary timing.
Leverage 10 /100
Net cash $4m, undrawn £1.5m overdraft, no debt — fortress profile for the size.
Value-trap signals · 5
  • EBITDA declined every year 2021-2025 ($4.0m → $1.5m) despite revenue and ARR growth
  • Repeated profit warnings (Oct-22, Jul-25) vs original guidance
  • Capitalised R&D at ~14% of revenue flatters reported EBITDA vs cash performance
  • Multiple senior leadership changes (CEO 2024, CFO 2024) signal strategy still in flux
  • Cash declined from $11.2m peak (2021) to $4.0m (2025) despite no acquisitions

Corero Network Security plc (CNS.L) — Research Note

Executive summary

Corero is an AIM-listed cybersecurity specialist focused on on-premise and hybrid DDoS protection appliances and "DDoS-Protection-as-a-Service" (DDPaaS), sold mostly into US hosting/cloud/telco providers. Over the 2021–2025 window the headline trajectory is one of slow revenue growth ($20.1m → $25.5m), expanding ARR (FY25: $23.9m, +23% YoY) but declining profitability — peak EBITDA was $4.0m in 2021 and FY25 closed at $1.5m with a small loss before tax, after a meaningful July-2025 profit warning that cut FY25 EBITDA guidance from ~$3.95m consensus to a range of -$1.5m to $0m 2025-07-16 trading update. The single most important point for valuation today is whether the SaaS/DDPaaS mix shift (which mechanically suppresses near-term reported revenue & EBITDA) actually compounds into a materially higher-margin subscription business, or whether competitive pressure from Cloudflare/Akamai/Arbor caps it as a sub-scale niche player.

Fair value estimate

  • Fair value range: 10p – 16p per share (mid ~13p)
  • Implied market cap range: £52m – £80m (mid ~£66m)
  • Methodology: EV/ARR multiple, cross-checked with EV/revenue. Applied 2.5x–4.5x ARR to FY25 ARR of $23.9m (~£17.7m at 1.35), plus ~$4m net cash. Sub-scale cybersecurity SaaS peers (e.g. low-growth, sub-£100m mcap names) trade in a wide 2–6x EV/ARR range; CNS deserves a discount for limited scale, profit-warning track record and concentration but a premium for 98% retention and net-cash balance sheet.
  • Vs current £64m mcap (~12.5p): modestly within range; absolute upside ~3% to midpoint.
  • Absolute upside: ~+3% (downside ~-20% to low end, upside ~+25% to high end).

Sector context

Confirmed Technology / Software & cybersecurity. CNS sits at the small-cap, sub-scale end of cybersecurity — gross margins (90% in FY25) and 98% retention are in line with quality SaaS peers, but EBITDA margins (~6% in FY25, down from ~19% in 2021) and growth (4% revenue CAGR 2021–25) are well below comparable scaled cybersecurity peers. Listed comparables: NetScout Systems (NTCT) — closest direct DDoS competitor (Arbor), much larger; Cloudflare (NET) and Akamai (AKAM) — both larger DDoS players, the latter being a Corero alliance partner; on AIM, peers include Kape Technologies (now private) and Intercede (IGP). CNS's quality is in-line on margins, below typical on growth.

Investment thesis (3 bullets)

  • Subscription transition genuinely accelerating recurring revenue base — ARR up 23% to $23.9m in FY25, with subscription revenue category now $8.3m vs $5.9m prior year, supported by 98% retention and visible DDPaaS-led contract wins like the $6.8m three-year US cloud-provider renewal+expansion 2026-03-24 final results.
  • Strong H2 2025 reversal and Q1 2026 momentum — H2 2025 revenue grew 18%, beat reduced EBITDA guidance ($1.5m vs $0m guidance), and management called Q1 2026 "significantly exceeding Q1 2025" with a robust pipeline 2026-01-12 trading update; 2026-03-24 final results.
  • Debt-free balance sheet plus durable structural demand tailwind — net cash $4m, undrawn £1.5m overdraft, with industry data pointing to DDoS-protection TAM growing from $7.2bn (2025) to $15.9bn (2030) at 17% CAGR, fuelled by AI-augmented attacks, hacktivism and EU DORA / UK Cyber Resilience regulation 2026-03-24 final results.

Key risks (3 bullets)

  • Material guidance miss in 2025 vs consensus — Original FY25 consensus was ~$28.75m revenue and ~$3.95m EBITDA; July cut delivered ~$25.5m revenue and only $1.5m EBITDA, the latest in a pattern of optimistic outlooks followed by softer outcomes (also 2022) 2025-07-16 trading update.
  • Customer concentration and competitive squeeze — the single largest deal ($6.8m to a US cloud provider) is meaningful relative to ARR; CNS competes with vastly larger cloud-native DDoS providers (Cloudflare, Akamai, Arbor/NetScout) increasingly bundling DDoS into broader security offerings 2026-03-24 final results; 2025-04-01 final results.
  • Cash burn risk if subscription mix-shift continues to outpace cost-base flex — Group invested $3.5m capitalised dev expenditure in 2025 against $1.5m EBITDA, and cash fell from $5.3m to $4.0m despite positive H2 generation; an extended SaaS transition pulls revenue recognition into out-years while opex hits today 2026-03-24 final results.

Operating leverage

Corero has the structural ingredients for high operating leverage: 90% gross margins, ~$23m of largely fixed annual operating costs (R&D ~$3.5m capitalised plus expensed engineering, plus relatively fixed sales/marketing/admin), and a software/appliance product where incremental units carry near-zero variable cost beyond hardware appliance COGS. The recurring revenue base ($23.9m ARR with 98% retention) gives a fixed-cost-covering layer. Mathematically, if FY26 revenue grew 15% above current trajectory (to ~$29m vs implied ~$26m), and contribution margin on incremental revenue was ~80%, that ~$3m incremental revenue would drop ~$2.4m to EBITDA — i.e. doubling EBITDA from $1.5m to ~$4m. The 2021 result ($20.9m revenue, $4.0m EBITDA) shows the model can deliver ~19% EBITDA margins at scale. The frustration is that 2022–2025 demonstrate the reverse leverage when sales & marketing investment outruns revenue growth — opex up while revenue stalled. The operating leverage potential is genuine and high (60–75 band), but execution risk on translating ARR growth into EBITDA flow-through is the open question. 2026-03-24 final results; 2022-04-26 full year results

Value-trap signals

  • Profit warning history: H2 2022 guidance miss, July 2025 EBITDA cut to nearly break-even from $3.95m consensus.
  • Multi-year EBITDA decline despite revenue growth — peak EBITDA was 2021 ($4.0m) and has fallen every year since to $1.5m in 2025; ARR has grown 87% over the same period.
  • Capitalised R&D running at ~14% of revenue ($3.5m on $25.5m) flatters reported EBITDA vs cash performance.
  • Persistent management changes — CFO replaced 2024, CEO replaced 2024 (Chmilewsky → Herberger after Chairman briefly executive), suggesting strategy still in flux.
  • No dividend, sub-scale AIM listing — typical small-cap liquidity drag.

Earnings vs expectations

Period Prior guidance / consensus Delivered Outcome
FY 2021 n/a (maiden profit) Rev $20.9m, EBITDA $4.0m Beat — record year
FY 2022 Consensus implied ~$22m rev Rev $20.1m, EBITDA $2.6m Miss (Oct-22 warning)
FY 2023 In line at H1 Rev $22.3m, EBITDA $1.8m In line
FY 2024 Mkt: $25.35m rev, $2.45m EBITDA Rev $24.6m, EBITDA $2.5m Marginal miss revenue, meet EBITDA
FY 2025 Original: $28.75m rev, $3.95m EBITDA → Cut Jul-25 to $24–25.5m rev, -$1.5m to $0m EBITDA Rev $25.5m, EBITDA $1.5m Big miss vs original; beat lowered

Pattern: optimistic initial outlooks followed by mid-year guidance cuts, then in-line-to-modest beats vs the reset bar. Net: more misses than beats against original expectations.

Conviction

Conviction: 3 (moderate). Anchored by: (i) clean disclosure, simple single-segment business, audited unqualified accounts; (ii) ARR is a directly observable forward-revenue anchor; (iii) net-cash balance sheet limits downside scenarios. Limited by: (i) wide reasonable range of revenue multiples for a sub-scale, low-growth cybersecurity name; (ii) the question of whether 2025 EBITDA is a trough or a new run-rate is unresolved — 2026 outcomes will materially shift fair value.

Filings consulted · 40

Every document the LLM read for this note. Click any row to open the source.

  1. 2026-03-24Final Results2026-03-24_9487896_final-results.md1.00
  2. 2026-03-12Notice OF Results Amp Investor Presentation2026-03-12_9470362_notice-of-results-amp-investor-presentation.md0.70
  3. 2026-01-12Trading Update2026-01-12_9346315_trading-update.md0.85
  4. 2025-09-03Notice OF Results Amp Investor Presentation2025-09-03_9085646_notice-of-results-amp-investor-presentation.md0.59
  5. 2025-07-16Half Year Trading Update2025-07-16_8981218_half-year-trading-update.md0.77
  6. 2025-06-16Result OF Agm2025-06-16_8932199_result-of-agm.md0.26
  7. 2025-05-23Posting OF Annual Report Amp Notice OF Agm2025-05-23_8895844_posting-of-annual-report-amp-notice-of-agm.md0.62
  8. 2025-04-01Final Results2025-04-01_8806683_final-results.md0.65
  9. 2025-01-07Trading Update2025-01-07_8649583_trading-update.md0.55
  10. 2024-09-24Unaudited H1 2024 Interim Results2024-09-24_8434303_unaudited-h1-2024-interim-results.md0.58
  11. 2024-08-30Notice OF Results Amp Investor Presentation2024-08-30_8391305_notice-of-results-amp-investor-presentation.md0.46
  12. 2024-07-24Half Year Trading Update2024-07-24_8327064_half-year-trading-update.md0.58
  13. 2024-06-20Result OF Agm2024-06-20_8270427_result-of-agm.md0.20
  14. 2024-05-17Posting OF Annual Report Amp Notice OF Agm2024-05-17_8203280_posting-of-annual-report-amp-notice-of-agm.md0.43
  15. 2024-03-27Final Results2024-03-27_8108575_final-results.md0.45
  16. 2024-03-11Notice OF Results Amp Investor Presentation2024-03-11_8079767_notice-of-results-amp-investor-presentation.md0.32
  17. 2024-01-17Year End Trading Update2024-01-17_7992472_year-end-trading-update.md0.38
  18. 2023-09-21Interim Results2023-09-21_7768457_interim-results.md0.41
  19. 2023-09-05Notice OF Results Amp Investor Presentation2023-09-05_7735353_notice-of-results-amp-investor-presentation.md0.32
  20. 2023-07-13Half Year Trading Update2023-07-13_7629622_half-year-trading-update.md0.41
  21. 2023-06-20Result OF Agm2023-06-20_7584222_result-of-agm.md0.14
  22. 2023-05-09Annual Report And Accounts Posting Amp Notice OF Agm2023-05-09_7519014_annual-report-and-accounts-posting-amp-notice-of-agm.md0.24
  23. 2023-04-25Final Results2023-04-25_7496960_final-results.md0.25
  24. 2023-04-25Final Results2023-04-25_2937_final-results.md0.25
  25. 2023-03-30Notice OF Results Amp Investor Presentation2023-03-30_7378024_notice-of-results-amp-investor-presentation.md0.17
  26. 2023-01-17Trading Update2023-01-17_7439844_trading-update.md0.21
  27. 2022-10-25Trading Update2022-10-25_7156836_trading-update.md0.21
  28. 2022-09-13Unaudited H1 2022 Interim Results2022-09-13_7311900_unaudited-h1-2022-interim-results.md0.23
  29. 2022-09-01Notice OF Results Amp Investor Presentation2022-09-01_7163501_notice-of-results-amp-investor-presentation.md0.17
  30. 2022-07-26Trading Update2022-07-26_7136159_trading-update.md0.21
  31. 2022-06-09Result OF Agm2022-06-09_6875832_result-of-agm.md0.07
  32. 2022-04-29Annual Report And Accounts Posting Amp Notice OF Agm2022-04-29_7090026_annual-report-and-accounts-posting-amp-notice-of-agm.md0.24
  33. 2022-04-26Full Year Results2022-04-26_7041712_full-year-results.md0.25
  34. 2022-04-13Notice OF Results Amp Investor Presentation2022-04-13_6943977_notice-of-results-amp-investor-presentation.md0.17
  35. 2022-01-24Trading Update2022-01-24_6949245_trading-update.md0.21
  36. 2021-09-14Unaudited H1 2021 Interim Results2021-09-14_6825381_unaudited-h1-2021-interim-results.md0.23
  37. 2021-09-07Notice OF Results Amp Investor Presentation2021-09-07_6770221_notice-of-results-amp-investor-presentation.md0.17
  38. 2021-07-20Trading Update2021-07-20_6680303_trading-update.md0.21
  39. 2021-06-10Result OF Agm2021-06-10_6667141_result-of-agm.md0.07
  40. 2021-04-28Annual Report And Accounts Posting Amp Notice OF Agm2021-04-28_6628739_annual-report-and-accounts-posting-amp-notice-of-agm.md0.10

This research note was authored by a large language model after reading 36 regulatory filings published between 2021-04-28 and 2026-03-24. Each citation refers to a specific RNS announcement in the underlying data set. The note is an opinion, not advice. Do your own work before risking capital.