Remuneration Report Corporate Governance Sustainability Report Financial Statements Board of Directors' Report WithSecure 2022

Annual Report 2022

Contents

WithSecure 2022

WithSecure in Brief 03
Portfolio of products	04
Letter from the CEO	07

Board of Directors' report and financial statements

Board of Directors' report	10
Key figures	18
Calculation of key ratios	19
WithSecure consolidated financial statements	22
Statement of comprehensive income	22
Statement of financial position	23
Statement of cash flows	24
Statement of changes in equity	25
Notes to the Financial Statements	26
WithSecure Corporation financial statements	49
Income statement	49
Balance sheet	50
Cash flow statement	51
Notes to the parent company
Financial Statements . .	52
Auditor's Report	62

Sustainability Report

Introduction of W/Sustainability	68
Safer and greener digital world 72
A truly equitable workplace	80
Responsibly run business	86
Upright Project – estimating net impact	90
Carbon footprint	92
EU taxonomy	93
Sustainability governance in WithSecure 97

Corporate Governance

WithSecure's Corporate Governance Statement	99
Board of Directors	105
Global Leadership Team	108

Remuneration Report

WithSecure Remuneration Report	113

Information for shareholders

118 Information for shareholders
-------------------------------------	--

WithSecure 2022 Board of Directors' Report Financial Statements Sustainability Report Corporate Governance Remuneration Report go to previous view

WithSecure in Brief

We exist to build and sustain trust in digital society.

WithSecure 2022

/ In Brief

/ Portfolio / CEO's letter

Portfolio of products

Holistic fusion of instinctive technologies and expert services

Elements™

Endpoint protection Endpoint detection & response Collaboration protection Vulnerability management Partner success services

Managed Services™

Attack SurfaceManagement™ Managed Detection and Response Cloud Detection for Office 365 Log Management Cloud Security Posture Management Countercept™ Incident Response & Readiness

Technology foundation

Security and Risk Management Red and Purple Teaming Application Security Network Security Mobile Security Product Security Cloud Security

Consulting™

Cloud Protection™

1 software for protecting content in Salesforce

WithSecure 2022 / In Brief / Portfolio / CEO's letter Remuneration Report go to previous view Corporate Governance Sustainability Report Financial Statements Board of Directors' Report

Elements™

WithSecure™ Elements is the unified cloud-based, intelligent and highly automated cyber security platform designed to reduce risk, complexity, and inefficiency.

Elements platform is the foundation for co-security, offering customers an option to offload daily security operations to our trusted partners who are always backed by WithSecure and our 24/7 expert services.

WithSecure 2022

/ In Brief

/ Portfolio / CEO's letter

Turning first line insights into new services and software

"These qualities form a virtuous circle of value creation that enables us to deliver security outcomes that would otherwise be impossible to deliver, and ensures that all our products and services remain competitive."

Juhani Hintikka, President and CEO of WithSecure

WithSecure 2022

/ In Brief

/ Portfolio / CEO's letter

Remuneration Report go to previous view Corporate Governance Sustainability Report Financial Statements Board of Directors' Report

Letter from the CEO

2022 – year of turbulence, revenue growth and fresh starts

Year 2022 will remain in history as the tragic year of the war in Ukraine that the global community could not prevent. In addition to deep human suffering and destruction of infrastructure, the war has caused turbulence and many fundamental changes to cybersecurity landscape. With the war, some previously criminal activities are now considered acceptable, even supportable by their regimes. The war has also demonstrated that fights in the cyberspace are becoming a new frontier of modern wars. In WithSecure, we are proud to be part of the counter forces, maintaining security of the digital space and supporting stability of the society.

Winning security portfolio delivering growth

For WithSecure, 2022 was a year of growth. Our modular Elements portfolio, launched in 2021 for the first time, has grown in revenue every quarter of the year. We are both gaining new customers and up-selling new modules, especially Endpoint Detection and Response (EDR), to existing customers. We have also expanded the features of Elements to include content protection of more Microsoft Office applications, securing the users from malware and breaches coming from external content loads. WithSecure Countercept solution for Managed Detection and Response gained a significant number of new customers during the year. Many of our customers are operating in industries where cyber security is of utmost importance and standards are high, such as banking. Cloud Protection for Salesforce is a growing product, focusing on content protection of Salesforce users. In total, cloud revenue growth was 32% from the previous year comparable cloud revenue. In the fourth quarter, we observed some slowness in customers' decision-making impacting the growth rate, but I am confident that our good development will continue in 2023.

On-premise product revenue declined at an expected annual rate of approximately 10%. Many of our on-premise users are transferring to our cloud-based products, as part of their transfer to cloud-based computing environments.

WithSecure 2022 / In Brief / Portfolio / CEO's letter Remuneration Report go to previous view Corporate Governance Sustainability Report Financial Statements Board of Directors' Report Cyber security consulting went through a turbulent year, with high attrition continuing from late 2021 to the first half of 2022. We have successfully launched several measures to improve our employees' work comfort and commitment, which is reflected as improving retention. I am very pleased to see that we returned to growth path of our consulting revenue in the fourth quarter, even though the full-year growth remained slightly negative (–3.1% of comparable revenue). Our consultants, while battling with the toughest and newest cyber security threats, are also ensuring that we can integrate the knowledge of protection solutions to our products.

All these products create our winning security portfolio that we combine with co-security approach. It is built on first-hand knowledge that no one, or no one thing, can solve every cyber security problem alone. Co-security is a willingness to better protect ourselves by collaborating with colleagues, technology leaders, service partners, and the cyber security community.

WithSecure combines three qualities that rarely come together within the cyber security industry:

• a partnership approach that is attentive and personal
• deep research-based understanding of the threats our clients face
• collaboration across our own organization to maximize synergies.

These qualities form a virtuous circle of value creation that enables us to deliver security outcomes that would otherwise be impossible to deliver, and ensures that all our products and services remain competitive.

WithSecure Adjusted EBITDA 1) was EUR –23.2 million. Profitability was impacted by some increased investments in new product areas, as well as sales and marketing efforts including brand renewal related to the company demerger. Profitability improved in the second half of 2022, compared to the first half. We will continue aligning the organization and carefully monitoring our spend, to reach the medium-term target of reaching Adjusted EBITDA break-even by the end of 2023.

Year of fresh starts

Our first half was marked by preparations of the demerger of consumer business to F-Secure. The demerger took place on 30 June 2022 as planned, and on the following day we had the pleasure of ringing not just one but two

bells in Nasdaq Helsinki to celebrate the fresh start of two cyber security companies. We continue to provide support on the technical platform and some administrative services until F-Secure reaches full independence.

In March 2022, we completed an equity issue of EUR 77 million, ensuring a solid financial start for WithSecure after the demerger. Our growth strategy is fully supported by a strong equity-based balance sheet position, allowing timely and independent business decision-making.

In the fourth quarter, we announced a new organizational model to ensure an even better alignment of our teams to support our customers in the best possible way.

During 2022, we continued our work on transforming the company culture towards a growth mindset, strongly based on trust and WithSecure values. Our purpose is to create a place of work where colleagues can thrive both personally and professionally to drive business success and build a safe and sustainable digital society. As concrete activities we have launched two new incentive schemes to support our long-term growth targets, and to enable our employees to participate in the company success. We have also launched a values-based leadership development program and are strengthening the leadership principles through introducing OKR's (Objectives and Key Results) as part of our daily work.

In 2022 we re-assessed our ways of working on sustainability. With the fast-changing world and environmental crisis, also the software companies must do what they can to maximize their net impact on people, planet, and society, and to ensure transparency on such activities to their stakeholders. We are introducing our first comprehensive Sustainability report as part of the 2022 Annual report.

I would like to thank WithSecure's capable, resilient, and flexible personnel for their efforts in supporting our growth and multiple changes during the year. I am well aware that we have introduced a lot of changes in a short time and will need some more to transform WithSecure to a successful growth company. I am also grateful to our customers, partners, and investors for our joint journey through the changes. I am confidently looking forward to a great 2023 and to working together with all of you.

/ In Brief / Portfolio / CEO's letter Remuneration Report go to previous view Corporate Governance Sustainability Report Financial Statements Board of Directors' Report

WithSecure 2022

WithSecure

Board of Directors' report and financial statements

Board of Directors' report	10
Key figures	18
Calculation of key ratios	19
WithSecure consolidated financial statements	22
Statement of comprehensive income	22
Statement of financial position	23
Statement of cash flows	24
Statement of changes in equity	25
Notes to the Financial Statements	26
WithSecure Corporation financial statements	49
Income statement	49
Balance sheet	50
Cash flow statement	51
Notes to the parent company
Financial Statements . .	52
Auditor's Report	62

WithSecure 2022 Board of Directors' Report Financial Statements Sustainability Report Corporate Governance Remuneration Report go to previous view

Board of Directors' report 2022

Board of Directors' report

With the pandemic slowly receding in early 2022, the world faced new turmoil of the geopolitical landscape with the start of the war in Ukraine. Both crises have, in addition to a multitude of impacts on the society, had fundamental impacts on shaping the cyber security landscape. WithSecure is offering a portfolio of cyber security products and services, to participate in protecting the companies from the increasingly complicated cyber security risks.

On 30 June 2022, WithSecure completed the separation of its Consumer security business into an independent company F-Secure through a partial demerger, according to the plan first announced on 17 February 2022 by the Board of Directors. In this Annual Report, WithSecure is presenting consumer security business until its demerger as Discontinued operations under IFRS 5. Previous income statements are restated accordingly. Balance sheet before demerger and the related key figures are not restated, unless otherwise mentioned. For further information regarding the presentation of the demergerrelated financials, see Accounting principles for the consolidated financial statements and Note 11 (Discontinued operations).

WithSecure revenue for 2022 was EUR 134.7 million, representing a total growth of comparable revenue by 9.7% from previous year. The growth in 2022 was driven by the cloud-based security products, with a 33% growth of comparable revenue. On-premise revenue declined according to expectations. Cyber security consulting revenue of the fourth quarter of 2022 grew slightly, after a challenging year.

Market overview

Digital networks are becoming an essential component of society that must always work. Disruptions of the digital network can cause serious damage to society and well-being of its members.

The war in Ukraine caused some exceptional consequences to the cyber security landscape, such as highly visible governmental activities, as well as organized civilian response. New situations can lead to uncontrolled cyber security threats that can be difficult to predict. In the new era of greater uncertainty, adaptability and resilience of cyber security solutions become more relevant than ever.

While advanced cyber-attacks on visible targets are becoming more common and persistent, criminals are also targeting companies of all sizes along with consumers by taking advantage of vulnerabilities in popular software, both

traditional and new connected devices as well as online services. Apart from pure criminal activity, governments can use vulnerabilities and malware for surveillance purposes.

With the increasingly complex IT environments and new ways of working, such as bring-your-own-device, the attacks are evolving towards difficult-to-detect identity thefts, rather than malware deployment. Attacks against corporations can go undetected for months. It is estimated that these trends will continue to drive the increasing demand for Detection and response products and services. As part of improved cyber resilience, the work on Incident readiness is becoming more important than before.

As organizations are adopting cloud solutions, they seek managed security services and cloud-based delivery to help them maintain control of their cyber security. It is also becoming increasingly important that the selected cyber security solutions are working well together with other vendors' security solutions through API integrations, to ensure seamless best-in-class solutions for the entire IT environment.

More organizations (particularly in Europe) are taking a stricter position on data protection laws, meaning that globally delivered services are accepted less frequently. This will increase the need for proven services from established vendors, who can respect the data restrictions to a particular region, even to a particular country.

Financial performance and key figures

Revenue and ARR

The company's total comparable revenue grew by 9.7% to EUR 134.7 million from previous year (EUR 122.8 million). The adjustment for comparability includes EUR 7.2 million of consulting revenue, related to the divestments of the UK public sector consulting in December 2021, as well as the divestment of the subsidiary in South Africa in February 2022.

In 2022, WithSecure started to report its revenues split into three categories. Cloud revenue includes the Elements platform cloud-based products, Managed Detection and Response (MDR) and Cloud Protection for Salesforce (CPSF) revenue. On-premise revenue includes the Elements portfolio on-premise product (Endpoint protection). Consulting revenue includes the cyber security consulting services.

WithSecure 2022 Board of Directors' Report Remuneration Report go to previous view Corporate Governance Sustainability Report Financial Statements / Key figures / Calculation of key ratios

Cloud revenue

Cloud-based security products' comparable revenue grew by 33% to EUR 68.7 million (EUR 51.8 million). The adjustment of comparability includes EUR 0.9 million of cloud revenue related to a product that was discontinued at the end of 2021. The growth was driven by both new customer acquisition as well as expansion of existing customers to new products, especially Endpoint Detection and Response (EDR). Elements platform is also updated regularly with new features, to provide a comprehensive selection of cyber security products to the customers.

For cloud and on-premise products, WithSecure started reporting the Annual Recurring Revenue (ARR) on a regular basis, to reflect the latest status of recurring revenue sales. The ARR is calculated by multiplying monthly recurring revenue of last month of quarter by twelve. Monthly recurring revenue includes recognized revenue within the month excluding non-recurring revenues. In 2022, cloud ARR grew by 32% from previous year.

On-premise revenue

On-premise security products' revenue declined by 10% to EUR 27.2 million (EUR 30.0 million). This development is in line with our expectations when the customers are moving their data processing to cloud environments.

Cyber security consulting

Cyber security consulting comparable revenue declined by 3% to EUR 38.8 million (EUR 40.0 million). Cyber security consulting industry has experienced high demand, leading to a lack of qualified workforce and high attrition rates, especially at the end of 2021 and first half of 2022. WithSecure has been successful in improving recruitment and retention in the second half of 2022, which was proven by a small year-on-year growth of the last quarter consulting revenue. However, the sales performance for the full year will remain slightly below previous year's level.

Gross margin

WithSecure Gross margin for 2022 decreased to EUR 87.7 million (EUR 88.5 million) and was 65.1% (68.1%) of sales. Main reason for the decrease in gross margin is the recruitment of new consultants, requiring an onboarding period before becoming fully operative.

Operating expenses

Operating expenses, excluding items affecting comparability (IAC) as well as depreciation and amortization, increased to EUR 116.4 million (EUR 107.6 million). The increase is driven by Sales and marketing expense that increased by 16% from the previous year. This is mainly due to increased investments in new product areas in the first half of the year, as well as sales and marketing efforts including brand renewal related to company demerger. Research and development expense remained at previous year level, while administration expenses decreased by 20% from previous year.

Items affecting comparability (IAC) related to previous divestments were EUR –2.8 million. In addition, EUR –1.8 million of IAC was incurred as part of the demerger process.

Profitability

Estimated Comparable EBITDA (from Q3 2022 onwards same as Adjusted EBITDA) was EUR –23.2 million for 2022. Profitability improved in the second half of the year. Becoming profitable by the end of the year in line with the medium-term financial targets is a key priority for WithSecure in 2023.

Cash flow

Cash flow from operating activities before financial items and taxes was EUR –14.1 million (EUR 38.7 million). Cash flow for comparative period includes both continuing and discontinued operations. Negative operative cash flow was driven by operative result as well as significant demerger related costs.

Acquisitions and financial arrangements

WithSecure did not carry out acquisitions during 2022.

WithSecure raised new capital through a share issue on 23 March 2022 and made an early repayment of a bank loan of EUR 19.0 million on 30 June. The committed credit facility was also cancelled. At the end of the year WithSecure did not have external financing. Until repayment, the Group complied with the covenants of its financing agreement.

Changes in the group structure

In February 2022, WithSecure sold its shares of the South African subsidiary F-Secure Cyber Security (PTY) Limited through a local management buy-out (MBO).

In the demerger, shares in following subsidiaries were transferred to F-Secure: DF-Data Oy (Finland), F-Secure Inc (United States), F-Secure (UK) Ltd (UK), F-Secure eStore GmbH (Germany), F-Secure Pvt Ltd (India), F-Secure Iberia SL (Spain) and F-Secure do Brasil Tecnol. da Informãcao Ltda (Brazil).

In preparation for the demerger, the Group carried out asset transfers in various countries where Consumer security business was separated into

WithSecure 2022 Board of Directors' Report Remuneration Report go to previous view Corporate Governance Sustainability Report Financial Statements / Key figures / Calculation of key ratios

newly established companies. Shares in these companies were transferred to F-Secure in the demerger.

WithSecure's subsidiary in Hong Kong, F-Secure Limited, was liquidated in 2022.

Capital structure

WithSecure strengthened its financial position by raising EUR 76.8 million of new capital through a share issue on 23 March 2022. The Group's liquid assets of EUR 69.1 million consisted of cash and cash equivalents (EUR 55.1 million) and financial assets at amortized cost (EUR 14.0 million). Cash and cash equivalents include bank deposits with maturity of less than three months. Financial assets at amortized cost consist of corporate commercial papers with maturity of less than three months.

Research and development

WithSecure's research and development expenditure in 2022 was EUR 39.1 million (EUR 32.1 million), representing 29% (25%) of revenue. Capitalized development expenses were EUR 2.4 million (EUR 5.6 million). WithSecure is a cyber security technology company for which the ability to innovate is crucial.

WithSecure has consistently excelled in third party technology evaluations for providing the best protection, advanced detection & effective response capabilities and high customer satisfaction. During 2022, WithSecure achieved top marks in the scoring for Protection and Usability in AV-TEST Institute's continuous evaluation of Elements portfolio. This is a strong statement to the value of our solution that protects our customers effectively without sacrificing its precision. In addition, the Elements portfolio was again put through the MITRE Engenuity Enterprise evaluation, this time facing Sandworm and WizardSpider. Elements showed its efficacy in revealing most of the threat actors' TTPs (Tactics, Techniques and Procedures) efficiently.

In the cyber security research front, WithSecure discovered and tracked a new threat actor, codenamed DuckTails. In addition to contributing to the safety of the digital world by exposing this threat actor, extra business was generated in form of additional Incident Response engagements from companies that were subject to the breach. WithSecure research contributed to the safety of the COP27 summit in Egypt by analyzing the event's mobile application. The cyber security risks were published by the Politico newspaper on their website. WithSecure also published a wide report on AI-powered cyber attackers together with the Finnish Transport and Communications Agency Traficom. Results of our research are regularly shared through the WithSecure™ Labs website.

Building on the 2021 launch of WithSecure Elements, WithSecure continued its efforts to unify the underlying technology architecture to allow rapid creation of new capabilities. As an example, comprehensive protection for Microsoft 365 collaboration protection covering Teams, OneDrive, SharePoint and Exchange was unveiled during the year. Unification of portfolio, beyond increased speed of product, is also an enabler for WithSecure to introduce cross-product data intelligence functionality for full situational awareness. In 2022 WithSecure also introduced a unified API with first native connector to Azure Sentinel platform. Another key focus area in R&D during 2022 was sustainability, and we introduced several underlying technology innovations which resulted in much more energy efficient use of cloud computing. We also implemented technology for benchmarking energy efficiency of our agent software.

In order to support future-facing innovations, WithSecure also looked into Safeguarding Machine Learning as Horizon 3 area of innovation.

Safeguarding Machine Learning is at its infancy. With the accelerating evolution of Machine Learning and AI, organizations that rely on these models for their business processes are better served if they can trust that these models and the dataset that they have been trained against are untampered. For experiments such as Safeguarding Machine Learning, WithSecure engages directly with potential customers to co-create the solution based on their use cases.

Part of the development effort in 2022 was focused on demerging consumer security into F-Secure. WithSecure continues to provide support on the technical platform until F-Secure reaches full independence.

Non-financial information

In 2022, WithSecure re-assessed its ways of working on sustainability. A new sustainability program was created to host the initiatives around environmental, social and governance matters, and to ensure coherent and transparent reporting on them.

WithSecure's role of protecting the digital society and preventing damages and losses caused by cybercrime is its most important contribution to a more sustainable world. In addition to this important purpose, WithSecure wants to ensure that its activities are carried out in the best possible way regarding planet, people and society around us. It could mean sharing the knowledge and supporting the parties who cannot always defend themselves. The carbon footprint of a software and services company is not high, but every company must do their part in minimizing the environmental impacts of their activities and products. WithSecure employs highly skilled experts around the world and wants to support their wellbeing and growth opportunities. The company's internal operations must always follow highest ethical standards.

WithSecure 2022 Board of Directors' Report Remuneration Report go to previous view Corporate Governance Sustainability Report Financial Statements / Key figures / Calculation of key ratios

Leading guideline of W/Sustainability program will be Maximizing Net Impact – on the planet, people, and society. The objective of the sustainability program is to ensure that sustainability is embedded in all company decisions. Another objective is to ensure full transparency of sustainability activities to users of the company reports. WithSecure's intention is to closely follow European legislation on the sustainability reporting and to be well prepared for full compliance.

Based on our analysis of the EU Taxonomy Regulation (2020/852), and related guidance from the European Commission, WithSecure activities are not eligible with the current taxonomy. New activities, however, with new environmental targets in the future might be more relevant for WithSecure and trigger a need of re-assessing both eligibility and alignment.

WithSecure has quantified its carbon footprint of 2022, in accordance with the Greenhouse Gas (GHG) Protocol. The results will be used as a baseline to define further reduction targets during 2023.

The results of taxonomy analysis, carbon footprint and other sustainability work of WithSecure are described more in detail in the Sustainability Report 2022, published as part of the annual reporting of 2022.

Organization and management

Personnel

At the end of 2022, WithSecure had 1,295 employees. The reduction of 361 employees from the previous year-end (1,656 employees) is mainly explained by the demerger of 30 June 2022 where 366 employees transferred to F-Secure Group. The decrease is also affected by the divestment of the Group's South African subsidiary in February 2022.

Leadership team

On January 1, 2022, WithSecure (then F-Secure) changed its management structure and combined its Managed Detection and Response unit and Cyber Security Consulting unit under one Solutions unit, led by Tim Orchard as EVP, Solutions. Consequently, Edward Parsons (EVP, Cyber Security Consulting) ceased being a member of the Global Leadership Team.

On 30 June 2022, following the demerger of Consumer security business into a separate company F-Secure, Timo Laaksonen became the CEO of F-Secure and ceased being a member of the WithSecure Global Leadership Team.

and development teams were combined into one unified product organization, led by Antti Koskela. Chief Information Security Officer (CISO) became part of the leadership team, former CTO Christine Bejerasco assumed the role of CISO. Tim Orchard assumed the role of CTO. In addition, Cloud Protection for Salesforce became an independent unit, reporting directly to the President & CEO. All changes became applicable on 1 January 2023.

On 1 December 2022, Scott Reininga joined WithSecure as the new EVP, Solutions.

At the end of the year, the composition of the Leadership Team was the following:

Juhani Hintikka (President and CEO), Christine Bejerasco (CTO, became CISO on 1 January 2023), Charlotte Guillou (Chief People Officer), Tom Jansson (Chief Financial Officer), Juha Kivikoski (EVP, Business Security, became EVP, Customer Operations on 1 January 2023), Antti Koskela (CPO), Tim Orchard (EVP, Solutions until 30 November 2022, became CTO on 1 January 2023), Scott Reininga (EVP, Solutions), Tiina Sarhimaa (CLO) and Ari Vänttinen (CMO).

Shares, Shareholders' equity, Own shares

The total number of company shares is currently 174,598,739. The company's registered shareholders' equity is EUR 80,000. The company held 71,795 of its own shares at the end of the financial year.

The company holds its own shares to be used in the incentive compensation plans, for making acquisitions or implementing other arrangements related to the company's business, to improve the company's financial structure or to be otherwise assigned or cancelled.

In January–December, 67,096,454 (20,164,500) of WithSecure's shares were traded on the Helsinki Stock Exchange. The highest trading price was EUR 5.65 (5.53) and the lowest price was EUR 1.27 (3.66). The volume weighted average price of WithSecure's shares in 2022 was EUR 2.75 (4.39). The share's closing price on the last trading day of the year, 30 December 2022, was EUR 1.37 (4.97). Based on that closing price, the market value of the company's shares, excluding the treasury shares held by the company, was EUR 240 million (787 million). Large fluctuations are partly explained by the F-Secure demerger on 30 June 2022.

The company currently has share-based incentive plans covering management and key personnel of the Group, as well as a share savings plan available to all employees. Information on the programs is provided in the Note 18 of the Financial Statements, as well as the Remuneration Report 2022. As part of the

WithSecure 2022 Board of Directors' Report Remuneration Report go to previous view Corporate Governance Sustainability Report Financial Statements / Key figures / Calculation of key ratios

new Performance Matching Share Plan, WithSecure leadership team members have made personal investments of over EUR 1.7 million to acquire company shares.

Risks and uncertainties

WithSecure operations are subject to risks and uncertainties that can impact the company's sales, profitability, financial position, market share, reputation, share price or the achievement of its short- and long-term objectives. The matters described here should not be considered as an exhaustive list.

The objective of WithSecure risk management is to identify various risks that could have an impact on the business, and to implement appropriate measures to mitigate the risks. In assessing risks, WithSecure considers both the likelihood and the potential impact of each risk, as well as the resources required to manage and mitigate the risk. Ensuring business continuity in any situations of risks materializing is an essential part of the risk management. WithSecure risk management principles and process are described in the Corporate Governance Statement of 2022.

Risks related to cyber security market

Market consolidation

The cyber security market is scattered to many providers of software and services. Also, the large market participants are investing more in the development of embedded security and winning market share. Further consolidation to larger units is considered as a likely development. WithSecure must succeed in finding the right acquisition targets, as well as in integrating the acquired companies into its operations. As one of the smaller players in the market, the company must always keep itself relevant to the customers, by ensuring both up to date technology and good quality, timely services.

Geopolitical risks

WithSecure operates in different countries and is therefore exposed to the country risks of each location. Local regulation is exposing the company to risks, such as unfavorable tax matters or export controls. Changes in regulations or their application, applicable to current or new technologies or services, may adversely affect WithSecure's business operations.

Ukraine war

The war in Ukraine has significantly increased the uncertainty in the world and the risk of unexpected disruptions of the world economy and security stability. Any such events would also impact the WithSecure business. The war has

increased the awareness of the importance of cyber security, especially for companies, and it will continue impacting the corporate cyber security market.

For corporate responsibility reasons, WithSecure is not conducting business with any Russian or Belarussian parties, even in cases where it would be permitted by the export control regulations.

Environmental risks

As part of the sustainability materiality analysis, WithSecure has assessed the impact of the environmental risks, especially climate change, on its business. The company is a provider of software and services, and as such not significantly impacted by the environmental risks. Business continuity planning covers scenarios related to unavailability of resources due to natural disasters or other hazards.

Risks related to WithSecure operations and products

Attracting and retaining talent

Unavailability of skilled personnel may result in inability of providing consulting or other services to customers, which could have a direct impact on the company revenue. Competition for skilled personnel is increasing and there is structural undersupply of talent in the cyber security industry. WithSecure is continuously developing and adopting new ways of recruitment, building its own talent and knowledge pools, and investing in training and development of personnel.

Product risks

WithSecure operates in a highly competitive market. Cybercrime is growing fast and becoming more innovative and professional. Large vendors make significant investments in their development and marketing activities, while new vendors are emerging in the market, and the operating system manufacturers are increasing their focus on built-in security features. WithSecure must succeed in maintaining in-depth understanding of cyber security threat landscape, following the hacker techniques and technologies, as well as continuing to innovate in defensive technologies.

Cyber security incident

Cyber security attacks threaten the confidentiality, integrity, and availability of WithSecure products and services and their mitigation is considered as high priority in all parts of the company. WithSecure builds cyber resilience by continuously improving its capability to identify, protect, detect, and respond to relevant threats.

WithSecure 2022 Board of Directors' Report Remuneration Report go to previous view Corporate Governance Sustainability Report Financial Statements / Key figures / Calculation of key ratios

Intellectual property rights (IPR)

WithSecure protects its technologies and innovations through copyrights, patents, trademarks, and technology partnerships. While WithSecure uses all available protection mechanisms, the businesses are exposed to risks relating intellectual property claims, particularly in the US markets.

Financial risks

Inflation and interest rates

Rising inflation is increasing the risk for negative development of the cost structure. This is monitored very closely, and inflation will also most likely require mitigation actions to retain workforce in the company. Increasing interest rates could limit the possibilities of external funding in the future.

Liquidity risk

After the demerger of cash-positive consumer business, WithSecure must focus on accurate cash planning and prompt collections to ensure liquidity of all group companies and to avoid needs of short-term financing.

Currency fluctuations

Increasing volume of operations outside the Euro zone in different currencies exposes WithSecure to an increased risk related to currency fluctuations.

Annual General Meeting

Annual General Meeting (AGM) of WithSecure (then F-Secure) Corporation was held on 16 March 2022. The meeting confirmed the financial statements for the financial year 2021 and reviewed the remuneration policy and remuneration report for governing bodies. The members of the Board and the President and CEO were discharged from liability.

The AGM approved the proposal of the Board of Directors that no dividend will be paid for the financial year 2021 due to the contemplated separation of the company's consumer security business.

The AGM decided that the number of Board members shall be seven. The following current Board members were re-elected: Risto Siilasmaa, Keith Bannister, Pertti Ervi, Päivi Rekonen and Tuomas Syrjänen. Kirsi Sormunen was elected as a new member to the Board of Directors. Tony Smith, who belongs to the personnel of WithSecure (then F-Secure) Corporation, was elected as a new member of the Board of Directors. The Board elected Risto Siilasmaa as the Chair of the Board. Tuomas Syrjänen was nominated as the Chair of the Personnel Committee and Risto Siilasmaa and Päivi Rekonen as members of the Personnel Committee. Pertti Ervi was nominated as the Chair of the Audit Committee and Keith Bannister, Kirsi Sormunen and Tony Smith were nominated as members of the Audit Committee.

Audit firm PricewaterhouseCoopers Oy was re-elected as Auditor of the company. Mr. Janne Rajalahti, APA, acts as the Responsible Auditor.

The AGM authorized the Board of Directors to decide upon the repurchase of a maximum of 10,000,000 of the company's own shares in total in one or several tranches and with the company's unrestricted equity. The authorization is valid until the conclusion of the next Annual General Meeting, in any case until no later than 30 June 2023.

The AGM authorized the Board of Directors to decide on the issuance of a maximum of 31,759,748 shares in total through a share issue as well as by issuing options and other special rights entitling to shares pursuant to Chapter 10, Section 1 of the Limited Liability Companies Act in one or several tranches. The proposed maximum number of the shares corresponds to 20% of the Company's registered number of shares. The authorization is valid until the conclusion of the next Annual General Meeting, in any case until no later than 30 June 2023.

The AGM also decided to change the company's business name to WithSecure Corporation.

Full disclosure of the AGM resolutions, as well as the organizing meeting of the Board of Directors held on the same day, has been provided in the Stock Exchange release of 16 March 2022.

Extraordinary General Meeting

Extraordinary General Meeting (EGM) of WithSecure Corporation was held on 31 May 2022. The EGM resolved, among other things, to approve the demerger plan and the according partial demerger, in which all assets and liabilities relating to the company's consumer security business transfer without a liquidation procedure to F-Secure Corporation, which shall be established in connection with the registration of the completion of the demerger. The General Meeting resolved that the shareholders of WithSecure will receive as demerger consideration one (1) new share in F-Secure for each share they hold in WithSecure on the effective date. The effective date of the Demerger was 30 June 2022.

The EGM resolved, conditionally upon the completion of the demerger, to reduce WithSecure's share capital to EUR 80,000, and to dissolve WithSecure's share premium reserve.

The EGM resolved, conditionally upon the completion of the demerger, to authorize the Board of Directors of F-Secure to decide upon the repurchase WithSecure 2022 Board of Directors' Report Remuneration Report go to previous view Corporate Governance Sustainability Report Financial Statements / Key figures / Calculation of key ratios

of a maximum of 15,000,000 of F-Secure's own shares with F-Secure's own unrestricted equity. The authorization is proposed to be valid until the conclusion of the first Annual General Meeting of F-Secure following the effective date, in any case until no later than 30 June 2023.

The EGM resolved, conditionally upon the implementation of the demerger, to authorize the Board of Directors of F-Secure to decide on the issuance of a maximum of 15,000,000 shares in total through a share issue as well as by issuing options and other special rights entitling to shares. The authorization will be valid until the conclusion of the first Annual General Meeting of F-Secure following the Effective Date as set forth in the Demerger Plan, in any case until no later than 30 June 2023.

The EGM resolved, conditionally upon the completion of the demerger, that the number of members of the Board of Directors of F-Secure shall be six (6). Pertti Ervi, Thomas Jul, Madeleine Lassoued, Risto Siilasmaa, Petra Teräsaho and Calvin Gan, who belongs to the personnel of F-Secure, were elected as members of the Board of Directors of F-Secure.

The EGM resolved, conditionally upon the implementation of the demerger and in accordance with the Board of Directors' recommendation, to elect PricewaterhouseCoopers Oy as auditor of F-Secure. PricewaterhouseCoopers Oy has stated that Mr Janne Rajalahti, APA, will act as the Responsible Auditor.

In addition, the EGM amended WithSecure's Articles of Association.

Full disclosure of the EGM resolutions has been provided in the Stock Exchange release of 31 May 2022.

Change in the Board committee after the AGM

On 1 August 2022, Kirsi Sormunen was nominated as Chair of the Audit Committee, replacing Pertti Ervi in this role. Pertti Ervi, Keith Bannister and Tony Smith remain as members of the Audit Committee.

Outlook for 2023

Annual recurring revenue (ARR) for cloud products will grow by 28–34% from the end of 2022. At the end of 2022, cloud ARR was EUR 80.2 million.

Revenue from cloud products will grow by 28–34% from previous year. Previous year revenue from cloud products was EUR 68.7 million.

Total revenue of the group will grow by 12–20% from previous year. Previous year revenue was EUR 134.7 million.

Adjusted EBITDA will improve from previous year. Previous year's Adjusted EBITDA (Estimated comparable EBITDA for two first quarters) was EUR –23.2 million. Adjusted EBITDA of fourth quarter of 2023 will be positive.

Medium term financial targets (unchanged)

Medium term financial targets for WithSecure, announced on 17 February 2022:

Growth Target: To double revenue organically by the end of 2025 (from year 2021 comparable revenue of EUR 122.8 million)

Profitability Target: Adjusted EBITDA break-even by the end of 2023 and adjusted EBITDA margin of some 20% by 2025

Board of Directors' proposal for disposal of distributable funds

WithSecure's dividend policy is to pay approximately half of its profits as dividends. Subject to circumstances, the company may deviate from this policy. On 31 December 2022, WithSecure Corporation's distributable funds totaled EUR 143.3 million of which net result for the financial year was EUR –13.7 million. No material changes have taken place in the company's financial position after the balance sheet date.

WithSecure's Board of Directors proposes that no dividend will be paid for 2022 due to the loss-making result of the year. Company will focus on funding its growth and developing the business.

Net loss for the year is retained in the shareholders' equity.

WithSecure 2022 Board of Directors' Report Remuneration Report go to previous view Corporate Governance Sustainability Report Financial Statements / Key figures / Calculation of key ratios

Events after period-end

On 9 February 2023, WithSecure announced that it will start change negotiations to improve its profitability and competitiveness. The negotiations could result in the reduction of approximately 120 positions globally, of which at most 34 are expected to be in Finland. Global personnel of WithSecure is approximately 1,300. Through the planned changes, as well as other cost saving measures, the company estimates it can reach annual cost savings of approximately EUR 14 million. Negotiations are expected to be completed by end of March 2023.

Helsinki, 8 February 2023

WithSecure Corporation

Board of Directors

Risto Siilasmaa, Chair

Pertti Ervi

Päivi Rekonen

Tuomas Syrjänen

Keith Bannister

Kirsi Sormunen

Tony Smith

President and CEO

Juhani Hintikka

WithSecure 2022 Board of Directors' Report Remuneration Report go to previous view Corporate Governance Sustainability Report Financial Statements / Key figures / Calculation of key ratios

Key figures

row 12 pt

WithSecure has applied new IFRS16 standard from January 1, 2019 onwards with modified approach and comparatives are not restated.

Economic indicators	IFRS 2022	IFRS 2021	IFRS 2020	IFRS 2019	IFRS 2018
Revenue (MEUR) 1)	134.7	130.0	220.2	217.3	190.7
Revenue growth %	3.6%	n/a	1.3%	14.0%	12.0%
EBIT (MEUR) 1)	–42.6	–30.1	19.7	7.2	4.5
% of revenue	–31.6%	–23.1%	8.9%	3.3%	2.4%
Result before taxes 1)	–44.2	–30.4	16.5	4.2	1.7
% of revenue	–32.8%	–23.4%	7.5%	2.0%	0.9%
ROE (%)	–32.5%	14.3%	16.2%	4.7%	1.2%
ROI (%)	–30.5%	15.6%	18.5%	4.5%	7.9%
Equity ratio (%)	79.0%	59.5%	52.5%	49.0%	42.7%
Investments (MEUR) 2)	4.8	6.6	14.3	12.8	99.8
% of revenue	3.6%	5.1%	6.5%	5.9%	52.3%
R&D costs (MEUR)	39.1	32.1	41.9	39.6	35.7
% of revenue	29.1%	24.7%	19.0%	18.2%	18.7%
Capitalized development (MEUR)	2.4	5.6	5.5	6.2	4.7
Gearing %	–39.9%	–25.8%	–14.1%	20.8%	13.9%
Wages and salaries (MEUR) 1)	93.8	87.3	103.7	104.4	84.9
Personnel on average	1,438	1,678	1,691	1,701	1,364
Personnel on Dec 31	1,295	1,656	1,678	1,696	1,666

1) For years 2022 and 2021, the figures have been restated to reflect continuing operations only according to IFRS 5.

2) From 2021 onwards, the figure is presented without investments to leased assets.

Key ratios	IFRS 2022	IFRS 2021	IFRS 2020	IFRS 2019	IFRS 2018
Earnings per share (EUR), combined operations	2.51	0.07	0.08	0.02	0.01
Earnings per share (EUR), continuing operations	–0.22	–0.15
Earnings per share (EUR), discontinued operations	2.74	0.22
Earnings per share (EUR), diluted, combined operations	2.51	0.07	0.08	0.02	0.01
Earnings per share (EUR), diluted, continuing operations	–0.22	–0.15
Earnings per share (EUR), diluted, discontinued operations	2.74	0.22
Shareholders' equity per share	0.80	0.60	0.52	0.48	0.42
Dividend per share 3)	0.00	0.00	0.04	0.00	0.00
Dividend per earnings (%)	0.0%	0.0%	50.0%	0.0%	0.0%
Effective dividends (%)	0.0%	0.0%	1.0%	0.0%	0.0%
P/E ratio	–6.2	62.0	47.1	142.7	431.4
Share price, lowest (EUR)	1.27	3.66	2.04	2.19	2.18
Share price, highest (EUR)	5.65	5.53	4.14	3.40	4.24
Share price, average (EUR)	2.75	4.39	3.10	2.68	3.03
Share price Dec 31	1.37	4.97	3.84	3.05	2.32
Market capitalization (MEUR)	239.6	786.4	606.7	483.5	367.6
Trading volume (millions)	67.1	20.2	22.8	26.5	33.7
Trading volume (%)	38.4%	12.7%	14.3%	16.7%	21.2%

3) Board proposal

Adjusted number of shares	IFRS 2022	IFRS 2021	IFRS 2020	IFRS 2019	IFRS 2018
average during the period	171,295,721	158,354,073	158,082,324	157,719,368	157,224,137
average during the period, diluted	171,295,721	158,354,073	158,082,324	157,719,368	157,224,137
Dec 31	174,598,739	158,798,739	158,798,739	158,798,739	158,798,739
Dec 31, diluted	174,598,739	158,798,739	158,798,739	158,798,739	158,798,739

WithSecure 2022 Board of Directors' Report Remuneration Report go to previous view Corporate Governance Sustainability Report Financial Statements / Key figures / Calculation of key ratios

Calculation of key ratios

	Total equity
Equity ratio, %	Total assets – deferred revenue	× 100
	Result before taxes + financial expenses
ROI, %	Total assets – non-interest bearing liabilities (average)	× 100
	Result for the period
ROE, %	Total equity (average)	× 100
	Interest bearing liabilities – cash and cash equivalents and liquid financial assets
Gearing, %	Total equity	× 100
	Profit attributable to equity holders of the company
Earnings per share, EUR	Weighted average number of outstanding shares
Shareholders' equity	Equity attributable to equity holders of the company
per share, EUR	Number of outstanding shares at the end of period
P/E ratio	Closing price of the share, end of period
	Earnings per share
Dividend per earnings, %	Dividend per share
	Earnings per share	× 100
	Dividend per share
Effective dividends, %	Closing price of the share, end of period	× 100
Operating expenses	Sales and marketing, research and development and administration costs
EBITDA	EBIT + depreciation, amortization and impairment

WithSecure 2022 Board of Directors' Report Remuneration Report go to previous view Corporate Governance Sustainability Report Financial Statements / Key figures / Calculation of key ratios

Reconciliation of alternative performance measures

	Consolidated	Restated Consolidated		Consolidated	Restated Consolidated
EUR 1,000	2022	2021	EUR 1,000	2022	2021
Estimated comparable EBITDA	–23.2	–11.3	Adjusted EBIT	–36.8	–26.8
Adjustments to adjusted EBITDA			Adjustments to EBIT
Research and development	–2.6	–4.4	Divestments	–1.5	0.5
Facilities held by WithSecure	–0.9	–1.6	Demerger	–1.8
Adjusted EBITDA	–26.7	–17.2	PPA amortization	–2.5	–2.8
Adjustments to EBITDA			Impairment	0.0	–1.0
Divestments	–1.5	0.5	Income for costs under TSA	8.7
Demerger	–1.8		Costs of services under TSA	–8.7
Income for costs under TSA	8.7		EBIT	–42.6	–30.1
Costs of services under TSA	–8.7
EBITDA	–29.9	–16.7
Depreciation, amortization and impairment losses	–12.6	–13.4
EBIT	–42.6	–30.1

Classification of adjusted costs in operating expenses

Operating expenses	–142.6	8.7	1.8	2.8	–129.3	10.1	2.5	–116.7
Administration	–20.3	3.3	1.8	2.8	–12.5	0.7	2.5	–9.2
Research and development	–39.1	5.4			–33.7	5.3		–28.4
Sales and marketing	–83.1				–83.1	4.0		–79.1
	Operating Expenses 2022	Costs under TSA	Demerger	Divestments	Expenses for adjusted EBIT	Depreciation	PPA amortization	Operating Expenses for Adjusted EBITDA 2022

	Operating Expenses 2021	Expenses for adjusted EBIT	Depreciation	Impairment	PPA amortization	Operating Expenses for Adjusted EBITDA 2021
Sales and marketing	–73.3	–73.3	5.3			–68.0
Research and development	–32.1	–32.1	3.6			–28.5
Administration	–15.7	–15.7	0.8	1.0	2.8	–11.1
Operating expenses	–121.0	–121.0	9.7	1.0	2.8	–107.6

Classification of adjusted income in other operating income

	Other operating income 2022	Income for costs under TSA	Divestments	Other income for adjusted EBITDA 2022
Other operating income	12.3	–8.7	–1.3	2.3
	Other operating income 2021	Divestments	Other income for adjusted EBITDA 2021
Other operating income	2.5	–0.5	1.9

WithSecure 2022 Board of Directors' Report Remuneration Report go to previous view Corporate Governance Sustainability Report Financial Statements / Key figures / Calculation of key ratios

Shares and shareholders

Shares and share ownership distribution, 31 Dec 2022

Shares	Number of shareholders	% of shareholders	Total shares	% of shares
1–100	9,577	29.34%	443,293	0.25%
101–1,000	17,556	53.78%	6,699,234	3.84%
1,001–50,000	5,410	16.57%	22,222,989	12.73%
50,001–100,000	46	0.14%	3,282,149	1.88%
100,001–	55	0.17%	141,951,074	81.30%
Total	32,644	100.00%	174,598,739	100.00%

Shareholders by category, 31 Dec 2022	Total shares	% of shares
Corporations	8,477,502	4.86%
Financial and insurance institutions	34,279,336	19.63%
General government	18,416,510	10.55%
Non-profit organizations	1,302,238	0.75%
Households	90,284,644	51.71%
Other countries and international organizations	538,449	0.31%
Nominee registered	21,300,060	12.20%
Total	174,598,739	100.00%

Largest shareholders and administrative register

Owner	Shares	% of shares	% of votes
Risto Siilasmaa	60,017,365	34.37%	34.39%
Skandinaviska Enskilda Banken AB	14,822,914	8.49%	8.49%
Nordea Nordic Small Cap Fund	11,557,976	6.62%	6.62%
Mandatum Life Insurance Company	8,419,317	4.82%	4.82%
Ilmarinen Mutual Pension Insurance Company	6,020,000	3.45%	3.45%
Varma Mutual Pension Insurance Company	3,970,660	2.27%	2.28%
The State Pension Fund	3,900,000	2.23%	2.23%
Citibank Europe Plc	3,689,027	2.11%	2.11%
Elo Mutual Pension Insurance Company	3,028,047	1.73%	1.74%
Nordea Finnish Stars Fund	2,554,157	1.46%	1.46%
Euroclear Bank Sa/Nv	1,985,496	1.14%	1.14%

Administrative register	Shares	% of shares	% of votes
Skandinaviska Enskilda Banken AB	14,822,914	8.49%	8.49%
Citibank Europe Plc	3,689,027	2.11%	2.11%
Euroclear Bank Sa/Nv	1,985,496	1.14%	1.14%
Other registers	802,623	0.46%	0.46%
Other shareholders	53,759,362	30.79%	30.80%
Total	174,526,944	99.96%	100.00%
Own shares WithSecure Corporation	71,795	0.04%
Total	174,598,739	100.00%

Ownership of management

Board of Directors	Shares	% of shares
Risto Siilasmaa	60,017,365	34.37%
Pertti Ervi	84,741	0.05%
Tuomas Syrjänen	29,218	0.02%
Päivi Rekonen	26,543	0.02%
Keith Bannister	12,272	0.01%
Kirsi Sormunen	3,533	0.00%
Tony Smith	1,002	0.00%
Total	60,174,674	34.46%

Global Leadership team	Shares	% of shares
Juhani Hintikka	612,670	0.35%
Juha Kivikoski	90,954	0.05%
Scott Reininga	73,621	0.04%
Christine Bejerasco	70,485	0.04%
Antti Koskela	63,767	0.04%
Charlotte Guillou	61,267	0.04%
Tom Jansson	61,267	0.04%
Ari Vänttinen	61,267	0.04%
Tiina Sarhimaa	57,551	0.03%
Tim Orchard	6,288	0.00%
Total	1,159,137	0.66%

Ownership of management

Members of the Board and Leadership team owned a total of 61,333,811 shares on December 31, 2022. This represents 35.1 percent of the Company's shares and 35.1 percent of votes.

WithSecure 2022 Board of Directors' Report Remuneration Report go to previous view Corporate Governance Sustainability Report Financial Statements / Key figures / Calculation of key ratios

Statement of comprehensive income January 1–December 31, 2022

The income statement is presented for continuing operations only according to IFRS 5 as Consumer security business is treated as discontinued operations.

EUR 1,000	Note	Consolidated, IFRS 2022	Restated Consolidated, IFRS 2021	EUR 1,000	Note	Consolidated, IFRS 2022	Restated Consolidated, IFRS 2021
REVENUE	(2)	134,700	130,015	Result of the financial year is attributable
Cost of revenue		–46,972	–41,472	to:
				Equity holders of the parent,
GROSS MARGIN		87,728	88,543	continuing operations		–38,210	–25,472
Other operating income	(3)	12,325	2,466	Equity holders of the parent,
Sales and marketing	(4, 5, 6)	–83,118	–73,299	discontinued operations		468,526	38,157
Research and development	(4, 5, 6)	–39,143	–32,094	Equity holders of the parent,
Administration	(4, 5, 6)	–20,344	–15,691	combined operations		430,316	12,686

EBIT		–42,552	–30,075	Comprehensive income for the year is attributable to:
Financial income	(8)	1,149	1,198
Financial expenses	(8)	–2,768	–1,543	Equity holders of the parent, continuing operations		–39,276	–21,557
				Equity holders of the parent,
PROFIT (LOSS) BEFORE TAXES		–44,171	–30,421	discontinued operations		467,592	38,232
Income tax	(9)	5,961	4,950	Equity holders of the parent,
				combined operations		428,316	16,676
Result for the financial year,
continuing operations		–38,210	–25,472	Earnings per share:	(10)
Result for the financial year, discontinued				Basic and diluted, continuing
operations RESULT FOR THE FINANCIAL YEAR,	(11)	468,526	38,157	operations		–0.22	–0.15
GROUP TOTAL		430,316	12,686	Basic and diluted, discontinued
				operations		2.74	0.22
Other comprehensive income				Basic and diluted, combined operations		2.51	0.07
Exchange difference on translation of
foreign operations, continuing operations		–1,066	3,915
Exchange difference on translation
of foreign operations, discontinued
operations		–934	75
Comprehensive income for the year,
continuing operations		–39,276	–21,557
Comprehensive income for the year,
discontinued operations		467,592	38,232
COMPREHENSIVE INCOME FOR THE
YEAR, GROUP		428,316	16,676

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Remuneration Report go to previous view Corporate Governance Sustainability Report

Statement of financial position December 31, 2022

EUR 1,000	Note	Consolidated, IFRS 2022	Consolidated, IFRS 2021

ASSETS
NON-CURRENT ASSETS
Tangible assets	(4, 13)	10,749	12,712
Intangible assets	(13)	23,519	33,034
Goodwill	(12)	82,998	85,143
Deferred tax assets	(21)	6,767	4,124
Interest bearing receivables,
non-current	(15, 20)	7,865
Other receivables	(15)	1,271	1,860
Total non-current assets		133,169	136,874

CURRENT ASSETS
Inventories	(14)		51
Interest bearing receivables, current	(15, 20)	2,220
Accrued income	(16)	5,497	4,714
Trade and other receivables	(15, 16)	34,875	49,856
Income tax receivables	(16)	932	1,740
Financial assets at amortized cost	(15)	13,977
Financial assets at FVTPL	(15)	26	61
Cash and cash equivalents	(15, 20)	55,129	52,940
Total current assets		112,658	109,361

TOTAL ASSETS		245,827	246,235

EUR 1,000	Note	Consolidated, IFRS 2022	Consolidated, IFRS 2021

SHAREHOLDERS' EQUITY AND LIABILITIES
SHAREHOLDERS' EQUITY	(17)
Share capital		80	1,551
Share premium			165
Treasury shares		–155	–849
Translation differences		–2,124	–124
Reserve for invested unrestricted equity		83,638	6,789
Retained earnings		58,649	87,831
Equity attributable to equity holders of the parent		140,089	95,363
NON-CURRENT LIABILITIES
Interest bearing liabilities, non‑current	(4, 19, 20)	8,369	17,577
Deferred tax liabilities	(21)	1,623	1,880
Other non-current liabilities	(22)	22,470	26,335
Total non-current liabilities		32,462	45,792
CURRENT LIABILITIES
Interest bearing liabilities, current	(4, 19, 20)	4,839	10,824
Trade and other payables	(20, 22)	19,868	29,990
Income tax liabilities	(22)	2,126	4,182
Other current liabilities	(22)	46,446	60,084

TOTAL SHAREHOLDERS' EQUITY AND
LIABILITIES	245,827	246,235

Total current liabilities 73,279 105,080

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Statement of cash flows January 1–December 31, 2022

Cash flow statement includes both continuing and discontinued operations until demerger on 30 June 2022.

EUR 1,000	Consolidated, IFRS 2022	Consolidated, IFRS 2021

Cash flow from operations
Result for the financial year	430,316	12,703
Adjustments
Depreciation and amortization	13,025	15,066
Non-cash adjustments related to demerger	–451,431
Loss from divestments	2,755
Change in fair value of deferred consideration from divestments	–1,084
Profit / loss on sale of fixed assets	–52	142
Financial income and expenses	1,418	278
Income taxes	144	4,726
Other adjustments	1,933	2,504
Cash flow from operations before change in working capital	–2,977	35,420
Change in net working capital
Current receivables, increase (–), decrease (+)	–8,944	–4,138
Inventories, increase (–), decrease (+)	6	23
Non-interest bearing debt, increase (+), decrease (–)	–2,233	7,371

Cash flow from operations before financial items and taxes	–14,148	38,675
Interest expenses paid	–225	–451
Interest income received	233	11
Other financial income and expenses	–2,474	–843
Income taxes paid	–3,630	–6,652
Cash flow from operations	–20,244	30,741

EUR 1,000	Consolidated, IFRS 2022	Consolidated, IFRS 2021

Cash flow from investments
Investments in intangible and tangible assets	–4,770	–6,569
Proceeds from sale of intangible and tangible assets	0	433
Divestments of businesses, net of cash	–734
Investments in financial instruments 1)	–13,979
Cash flow from investments	–19,483	–6,135
Cash flow from financing activities
Increase in share capital	75,988
Repayments of interest-bearing liabilities	–19,000	–11,000
Repayments of lease liabilities	–5,989	–5,963
Dividends paid		–6,334
Cash flow from financing activities	50,999	–23,298
Change in cash	11,273	1,309
Cash and bank at the beginning of the period	52,940	51,380
Effects of exchange rate changes	–129	252
Demerger effect in cash 2)	–8,955
Cash and bank at period end 1)	55,129	52,940

1) Investments in financial assets include Group's investments in financial assets measured at amortized cost, such as corporate commercial papers. Investments in short term money market instruments with maturity less than three months are presented as Cash and cash equivalents.

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Remuneration Report go to previous view Corporate Governance Sustainability Report

2) Cash held by parent company at completion of the demerger was divided between WithSecure and F-Secure as determined in the demerger plan. F-Secure's share of the cash remaining at WithSecure on 30 June net of F-Secure's share of transaction costs was transferred in July. Demerger cash effect in second quarter arises from cash held by F-Secure's subsidiaries at the time of demerger.

Statement of changes in equity

Attributable to the equity holders of the parent

EUR 1,000 IFRS	Share capital	Share premium fund	Treasury shares	Translation differences	Unrestricted equity reserve	Retained earnings	Total equity

Equity December 31, 2020	1,551	165	–1,288	–4,116	6,464	79,554	82,330
Result of the financial year						12,703	12,703
Translation difference				3,992			3,992
Total comprehensive income for the year				3,992		12,703	16,695
Dividends						–6,334	–6,334
Cost of share based payments			439		325	1,913	2,678
Equity December 31, 2021	1,551	165	–849	–124	6,789	87,831	95,363
Result of the financial year, continuing operations						–38,210	–38,210
Result of the financial year, discontinued operations						468,526	468,526
Translation difference				–2,000			–2,000
Total comprehensive income for the year				–2,000		430,316	428,316
Share issue					75,988		75,988
Dividends						20	20
Reduction of share capital and share premium reserve	–1,471	–165				1,636
Cost of share based payments			694		861	1,854	3,410
Assets transferred in the demerger at fair value						–463,020	–463,020
Equity December 31, 2022	80		–155	–2,124	83,638	58,649	140,089

More information in note 17. Shareholders' equity

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Notes to the Financial Statements

ACCOUNTING PRINCIPLES FOR THE CONSOLIDATED FINANCIAL STATEMENTS

Basic information

WithSecure provides cyber security products and services globally for businesses.

The parent company of the Group is WithSecure Corporation incorporated in Finland and domiciled in Helsinki. The parent company's name change was registered on 16 March 2022. Parent company was previously known as F-Secure Corporation. Company's registered address is Tammasaarenkatu 7, 00180 Helsinki. A copy of consolidated financial statements can be downloaded on www.withsecure.com or can be received from the parent company's registered address.

These financial statements were authorized for issue by the Board of Directors on 8 February 2023. According to the Finnish Companies Act, the Annual General Meeting can confirm or reject the consolidated financial statements after publication. The Annual General Meeting can also decide to change the financial statements.

Accounting principles

The consolidated financial statements of WithSecure Corporation of 2022 have been prepared in accordance with International Financial Reporting Standards (IFRS), applying the IAS and IFRS standards as well as SIC and IFRIC interpretations that were in force and had been approved by the EU by 31 December 2022.

In accordance with the European Single Electronic Format (ESEF) reporting requirements, WithSecure has published the Board of Directors' report and the financial statements as an XHTML file. In line with the ESEF requirements, the primary statements of the consolidated financial statements have been labelled with XBRL tags, and the notes to the financial statements with XBRL block tags. XBRL tags are not audited.

Principles of consolidation

The consolidated financial statements incorporate the financial statements of WithSecure Corporation and entities controlled by WithSecure Corporation. Consolidation is done using the acquisition method and begins when control over the subsidiary is obtained. The consolidation stops when the control

ceases. The Group does not have any associated companies nor is there any non-controlling interest in the Group.

All intra-group transactions and balances, including unrealized profits arising from intra-group transactions, have been eliminated on consolidation. Where necessary, accounting policies of the subsidiaries have been adjusted to ensure consistency with the policies adopted by the Group.

Discontinued operations

WithSecure completed the separation of its Consumer security business into an independent company F-Secure through a partial demerger on 30 June 2022, according to the plan first announced on 17 February 2022 by the Board of Directors. In these financial statements, WithSecure is presenting consumer security business until its demerger as Discontinued operations under IFRS 5.

WithSecure has applied the requirements of IFRS5 Non-current Assets Held for Sale and Discontinued Operations in classifying, presenting and accounting for the demerger in financial reporting. Result from discontinued operations is reported separately from continuing operations' income and expenses in the consolidated income statement. Comparative periods have been restated accordingly. At the completion of the demerger on June 30, the assets and liabilities related to the discontinued operations were distributed to F-Secure. Balance sheet before demerger has not been restated.

On June 30, the demerger was accounted for as a disposal to owners in accordance with IFRIC 17 Distributions of non-cash assets to owners. A distribution gain was calculated based on the difference of the fair value of consumer security business and the book value of the distributed assets and liabilities in consolidated statement of financial position. The distribution gain was recorded in the discontinued operations' profit for the period. The fair value of the consumer security business (EUR 463.0 million) was determined by multiplying the average share price of F-Secure on the first trading day, July 1, (EUR 2,653) by the number of F-Secure shares given as demerger consideration (174,526,944). Book value of the distributed asset and liabilities was EUR 12.5 million resulting in distribution gain of EUR 450.5 million in second quarter.

Demerger related costs (EUR 3.9 million) were presented under discontinued operations. According to the demerger plan, WithSecure recharged majority of the demerger related costs from F-Secure. The recharge was recognized on the demerger date and reduced the total amount of demerger costs in discontinued

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Remuneration Report go to previous view Corporate Governance Sustainability Report

operations by EUR 3.8 million. In addition, cumulative translation difference of EUR 1.4 million related to discontinued operations was recognized as income at completion of the demerger in second quarter.

Discontinued operation's financial information is presented in note 11. Information includes discontinued operations' income statement, statement of financial position and cash flow. Statement of financial position represents assets and liabilities related to Consumer security business right before the demerger on 30 June. Income statement for discontinued operations include revenue and operating expenses which directly derived from Consumer security business and discontinued for continuing business after the demerger. Certain costs related to supporting F-Secure during transition period and costs of premises sub-leased to F-Secure after demerger are not included in Discontinued operations.

Transactions in foreign currency

The consolidated financial statements are presented in euros, which is WithSecure Corporation's functional currency. At each reporting date for the purpose of presenting consolidated financial statements the income statements of foreign Group companies are translated at the average exchange rates for the reporting period and the balance sheets are translated using the European Central Bank's exchange rates prevailing on the reporting date. Translation differences are recognized in shareholders' equity and the change in other comprehensive income.

Foreign currency transactions are translated using the exchange rates prevailing at the dates of the transactions. On the reporting date, assets and liabilities denominated in foreign currencies are translated using the European Central Bank's exchange rates prevailing at that date. Exchange rate gains and losses are recognized in financial items in the income statement.

New and amended IFRS Standards that are effective for 2022

During 2022 there were no changes in the Group's accounting principles.

COVID-19 impacts on financial reporting during 2022

During COVID-19 pandemic the Group has adopted new ways of working and delivering services. Impacts of the pandemic on WithSecure's operations and financial reporting are very limited in 2022.

Management judgment on significant accounting principles and use of estimates

The preparation of consolidated financial statements requires the use of estimates and assumptions as well as the use of judgment when applying accounting principles. These affect the contents of the financial statements, and it is possible that actual results may differ from estimates.

Estimates made in connection with the preparation of financial statements are based on management's best knowledge at the reporting date. Estimates build upon past experience as well as assumptions of the future development of the economic environment of the Group. Revisions in estimates and assumptions are recognized in the period they occur and in future periods if the revision affects both current and future periods.

Key sources where estimation uncertainty arises at the reporting date are:

• Impairment testing: Recoverable amount of goodwill from acquisitions is based on estimated future cash flows which are subject to management judgment. In addition to goodwill the intangible assets that are not yet ready for use (EUR 1.4 million) are tested annually for impairment. The recoverable amount of these assets is based on estimated future cash flows from sales and/or use of the asset.
• Deferred considerations from divestments: The sales price of the UK public sector consulting team divested in December 2021 as well as the sales price of the South African subsidiary divested in February 2022 include deferred considerations which are measured at discounted fair value on each reporting date. Management judgment is used to forecast the future performances of the divested businesses which are the basis for determining the deferred consideration.
• Deferred tax assets from tax losses: The Group has recognized deferred tax assets from tax losses. The amount of deferred tax assets is based on management estimation about future profits and the recoverability of these tax losses. Majority of the deferred tax assets is booked from losses generated by the parent company (EUR 2.3 million) and by the UK subsidiary (EUR 2.9 million).
• Expected credit losses: Provision for expected credit losses in Group's balance sheet is EUR 1.6 million. Management uses judgment in defining the expected credit losses taking into account also the potential impacts of COVID-19 pandemic and other changes in economic environment.
• Share-based payments: The Group's share-based incentives programs are mainly tied to market-based conditions. Management uses external valuations in determining the fair value of the shares granted under these incentive programs. The method for the valuation is Monte Carlo Simulation.
• After demerger, existing share-based incentive programs were converted into separate plans for WithSecure and F-Secure. In the conversion, the

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

share-based payments under the existing programs were converted into new WithSecure shares based on methods approved by the Board of Directors. IFRS 2 guidance on accounting for modifications has been applied to determine the fair value of the plans after the modification. Management has used external valuations in determining the fair value. The method for the valuations is Monte Carlo Simulation.

Revenue recognition

Revenue for continuing operations is derived from corporate business. Corporate security business revenue includes cyber security products, managed services, and cyber security consulting. In 2022 WithSecure started to classify revenue in three categories: Cloud-based security products, On-premise security products and Cyber security consulting. Cloud revenue includes the Elements platform cloud-based products, Managed Detection and Response (MDR) and Cloud Protection for Salesforce (CPSF) revenue. On-premise revenue includes the Elements portfolio on-premise product (Endpoint protection). Consulting revenue includes the cyber security consulting services.

Cloud-based security products are sold as Security-as-a-Service. On-premise security products are sold by granting the customer access to use the intellectual property during the license period. WithSecure delivers the product and provides continuous automated updates against new threats. The software and the accompanied services are highly interdependent and therefore treated as one performance obligation for which revenue is recognized over time on a straight-line basis for the license period. Cyber security consulting services are recognized as revenue based on the delivery of the work.

Until demerger, consumer security business revenue came through operator and direct consumer channels, and the main products included F-Secure SAFE, F-Secure FREEDOME, F-Secure SENSE, F-Secure KEY and F-Secure ID PROTECTION. Consumer security products were treated as Security as a Service and revenue was recognized over time on a straight-line basis for the contract period. When there was a hardware component to the solution (F-Secure SENSE), the hardware was considered as a distinct performance obligation and revenue for hardware was recognized separately at point in time of delivery. Revenue from Consumer security business is presented as discontinued operations.

Presentation of receivables and liabilities from contracts with customers

Receivables from contracts with customers are presented in the balance sheet as Accrued income. Liabilities from contracts with customers are presented

in the balance sheet as Deferred revenue and included in Total non-current liabilities or Total current liabilities depending on the duration of the liability.

Pensions

All of WithSecure Group's pension arrangements are defined contribution plans in accordance with local statutory requirements. Contributions to defined contribution plans are recognized in the income statement in the period to which the contributions relate.

Leases

Group as lessee

Leases which meet with IFRS 16 requirements are booked to balance sheet as right-of-use asset with corresponding lease liability. Right-of-use assets and lease liabilities are initially valued at the present value of the remaining lease payments. Incremental borrowing rate is applied in discounting the remaining payments. WithSecure's incremental borrowing rate varies between 2.45% and 9.15% depending on the geographical location of the leased asset, lease period and guarantees.

WithSecure's right-of-use assets comprise of rented office premises and leased cars. Short-term contracts (remaining contract period 12 months or less) and low value assets are excluded from leases and lease expense is recognized on a straight-line basis as permitted by IFRS 16.

Lease contracts for the Group's office premises are typically made for fixed periods of 3 to 6 years and they may contain extension options. Each office lease contract is negotiated individually, and the contracts may contain wide range of different terms and conditions. Some of Group's office premises are leased with on-going contracts where the ending date is not defined. The management assesses the probable duration for these contracts case-by-case and the lease liability is calculated accordingly. Changes to the estimates are accounted for at each reporting date. Estimated duration for on-going contracts vary between 3 to 5 years and the total liability from on-going contracts is EUR 3.0 million.

In measuring the present value of the liabilities arising from leases any servicerelated fees are excluded from the lease payment. The Group's lease contracts do not contain residual value guarantees or purchase options.

Group as lessor

After the demerger, Group acts as a lessor in sub-lease agreements signed with F-Secure. The sub-lease arrangements have been accounted for as finance leases. According to IFRS 16, the Group has derecognized the right-of-use

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Remuneration Report go to previous view Corporate Governance Sustainability Report

assets related to the sub-lease arrangements and recognized a receivable for the net investment in the lease. Net investment in the lease is calculated as the net present value of the future payments under the sub-lease. The Group does not have operating lease arrangements.

Income taxes

The income tax expense in income statement represents the sum of current taxes and deferred taxes. Current taxes are calculated on the taxable income for all Group companies in accordance with the local tax rules. Deferred taxes, resulting from temporary differences between the financial statement and the income tax basis of assets and liabilities, use the enacted tax rates in effect in the years in which the differences are expected to reverse. Deferred tax assets are recognized to the extent that it is probable that future taxable profit will be available. Deferred tax liabilities are recognized for all temporary differences.

Deferred tax assets and liabilities are offset when there is a legally enforceable right to set off current tax assets against current tax liabilities and when they relate to the same taxation authority and the Group intends to settle the assets and liabilities on a net basis.

Business combinations

Acquisition method is used for accounting the acquisitions of businesses. The consideration transferred in a business combination is measured at fair value, which is calculated as the sum of the acquisition-date fair values of assets transferred by the Group and liabilities incurred by the Group to the former owners of the acquiree. Contingent considerations related to business combinations are measured at fair value at acquisition date and included as part of the consideration transferred. Costs related to the acquisition are recognized in profit and loss statement.

The identifiable assets acquired, and the liabilities assumed are recognized at fair value at the acquisition date except for deferred tax assets or liabilities which are measured in accordance with IAS 12 Income taxes. Goodwill is measured as the excess of the transferred consideration over the net amount of the acquired identifiable assets and assumed liabilities.

Changes in fair value of the contingent consideration that do not arise within one year from the acquisition from facts and circumstances that existed at the acquisition date are recognized in profit or loss.

Goodwill

Goodwill is initially recognized and measured in business combinations as set out above. Goodwill is not amortized but is instead tested for impairment at least annually and whenever there is an indication that it may be impaired. For the purpose of impairment testing goodwill has been allocated to cash generating units expected to benefit from the synergies of the combination. If the recoverable amount of the cash generating unit is less than the carrying amount of the unit, the impairment loss is allocated first to reduce the carrying amount of any goodwill allocated to the unit and then to the other assets of the unit. If an impairment loss for goodwill is recognized it will not be reversed in the subsequent periods. Goodwill is recorded at historical cost less accumulated impairment losses.

Intangible assets

Research and development expenditure

Research expenditure is recognized as an expense at the time it is incurred. Development expenditure on new products or product versions with significant new features are recognized as intangible assets when they fulfill the requirements set out in IAS 38. Amortization is recorded on a straight-line basis over the estimated useful life, which is 3–8 years for these assets.

Intangible assets acquired in business combinations

Intangible assets acquired in business combinations and recognized separately from goodwill are initially recognized at fair value on the acquisition date. Subsequent to initial recognition these assets are reported at initial value less accumulated amortization and accumulated impairment losses.

Intangible assets acquired in business combinations include technology, trademarks and customer relationships, which all have a finite useful life. Initial valuation for technology and trademarks is done based on Relief from royalty method and for customer relationships based on Excess earnings method. The estimated useful lives for intangible assets acquired in business combinations are:

Technology	10 years
Trademark	2 years
Customer relationships	6–10 years

Other intangible assets

Other intangible assets include intangible rights and software licenses, all with a finite useful life. Other intangible assets are recorded at historical cost less accumulated amortization and possible impairment. Amortization is recorded on a straight-line basis over the estimated useful life of an asset. The estimated useful lives of other intangible assets are as follows:

Intangible rights	3–8 years
Other intangible assets	5–10 years

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Tangible assets

Tangible assets are recorded at historical cost less accumulated depreciation and possible impairment. Depreciation is recorded on a straight-line basis over the estimated useful life of an asset. The estimated useful lives of tangible assets are as follows:

Machinery and equipment 3–8 years Other tangible assets 5–10 years

Other tangible assets include renovation costs of rented office space.

Gains or losses on disposal of tangible assets are shown in other operating income or expense.

Impairment of assets

At each reporting date, the Group assesses whether there is any indication that an asset may be impaired. Where an indicator of impairment exists, the Group makes a formal estimate of recoverable amount. The recoverable amount of goodwill and intangible assets that are not ready for use are estimated annually for regardless of whether any indication of impairment exists.

Where the carrying amount of an asset exceeds its recoverable amount the asset is considered impaired and the carrying amount is reduced to its recoverable amount. The recoverable amount is the fair value of an asset less costs of disposal or value in use, whichever is higher. An impairment loss is recorded in the income statement.

A previously recognized impairment loss is reversed only if there has been a change in the estimates used to determine the asset's recoverable amount since the last impairment loss was recognized. The maximum reversal of an impairment loss amounts to no more than the carrying amount of the asset if no impairment loss had been recognized, net of depreciation. Impairment losses relating to goodwill cannot be reversed in future periods.

Inventories

After the demerger, the Group does not have inventories.

Financial instruments

Financial assets

Financial assets are originally valued at fair value. Trade receivables are originally valued with transaction price and later with amortized cost reduced by expected credit loss for trade receivable. Trade receivables and other receivables are written off from the balance sheet as the rights to associated cash flows end or become transferred to the counterpart. An expected credit

loss is recognized for trade receivables according to IFRS 9. The amount of expected credit loss is updated at each reporting date to reflect changes in credit risk since initial recognition of the respective financial instrument. The expected credit loss is estimated using a provision matrix where trade receivables are grouped based on historical credit loss experience and characteristics that depict the credit risk of receivables (e.g. geographical area and days past due).

Financial liabilities

WithSecure classifies loans from financial institutions, trade payables and other payables as other financial liabilities which are measured at amortized cost. Transaction costs, such as arrangement fees, are deferred over the maturity of the liability. On the reporting date the Group did not have loans from financial institutions. Contingent considerations arising from acquisitions are classified as financial liabilities measured at fair value and changes in fair value are accounted through profit and loss. Contingent considerations are measured at fair value at the end of each reporting period. Financial liabilities are classified as current unless WithSecure has unconditional right to postpone their repayment by at least 12 months from the end date of the reporting period.

Derivative financial instruments and hedging

The Group uses derivative financial instruments such as forward currency contracts to hedge its risks associated with foreign currency fluctuations. Derivatives are valued at fair value. The fair value of forward currency contracts is calculated based on current forward exchange rates at the reporting date for contracts with similar maturity profiles. The gains and losses arising from the change of fair value are booked through the income statement as the Group does apply hedge accounting.

Provisions

Provisions are recognized when the Group has a present obligation (legal or constructive) as a result of a past event, the outflow of resources is probable, and a reliable estimate of the amount of the obligation can be made. The amount recognized is a best estimate of the consideration required to settle the obligation at each reporting date. Risks and uncertainties are taken into account when making the estimate.

Treasury shares

Parent company has acquired treasury shares in 2008–2011. The purchase price of the shares has been deducted from equity.

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Share-based payment transactions

WithSecure provides incentives to employees in the form of equity-settled share-based instruments. Currently the Company has share-based programs.

WithSecure's share-based incentive programs are targeted to the Group's key personnel. The programs are equity-settled and valued at fair value at grant date. The expense is recognized evenly in the income statement over the vesting period with the counter-entry in retained earnings.

All current programs are based on market-based conditions, and the fair value is determined by utilizing commonly used valuation techniques. The cumulative expense recognized at grant date is based on the Group's estimate of the number of shares that will ultimately vest at the end of the vesting period. If a person leaves the company before vesting, the reward is forfeited. The Group updates its estimate of the ultimate number of shares at each reporting date. These changes in the estimate are recorded in the income statement.

Presentation of expenses

Classification of the functionally presented expenses has been made by presenting direct expenses in their respective functions and by allocating other expenses to operations on the basis of average headcount in each function.

Operating result

IAS 1 Presentation of Financial Statements standard does not define the concept of Earnings before interest and taxes (EBIT). The Group has defined it as follows: EBIT is the net amount, which consists of revenue and other operating income less cost of revenue, sales and marketing, research and development, and administration.

New standards and interpretations not yet effective

New or amended standards or interpretations are not expected to have an impact on the consolidated financial statements.

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

1. Segment information

The Group has one segment, data security. Segment reporting is consistent with the internal reporting submitted to the chief operating decision-maker. The Leadership Team has been appointed the chief operating decision-maker, responsible for allocating resources and assessing performance as well as making strategic decisions. For the geographical information revenue is presented based on the location of the customer and the long-term assets based on the location of the assets. The Consumer security business, transferred to F-Secure through partial demerger as of June 30, 2022, has been classified as discontinued operations and thus, excluded from the segment reporting for 2022. Comparative information for assets is presented on a historical basis for combined operations (i.e. not restated).

Geographical information

Geographical information about revenue is presented in note 2.

EUR 1,000	Consolidated 2022	Consolidated 2021
Long-term assets
Nordic countries	46,786	34,506
Europe excl. Nordics	78,165	67,785
North America	837	1,308
Rest of world	7,796	33,276
Total	133,584	136,874

2. Revenue

Principles of revenue recognition are stated in accounting principles to consolidated financial statements, section Revenue recognition. Disaggregation of revenue is presented for continuing operations only according to IFRS 5 as Consumer security business is treated as discontinued operations. For contract assets and liabilities, comparative information is presented on a historical basis for combined operations (i.e. not restated).

Disaggregation of revenue

EUR 1,000	Consolidated 2022	Restated Consolidated 2021
Sales channels
Revenue from external customers Cloud-based security products	68,711	52,743
On-premise security products	27,152	30,029
Cyber security consulting	38,837	47,242
Total	134,700	130,015

Geographical information

Revenue from external customers

Nordic countries	40,985	40,272
Europe excl. Nordics	60,383	55,150
North America	11,664	10,005
Rest of world	21,668	24,589
Total	134,700	130,015

Assets and liabilities from contracts with customers

Satisfied performance obligations from contracts with customers that have not yet been invoiced on the reporting date are presented in the balance sheet as Accrued income included in trade and other receivables. The balances relate to products and services which have been delivered to customers and recognized as revenue but not invoiced. Liabilities from contracts with customers are presented in the balance sheet as Deferred revenue and included in Total non-current liabilities or Total current liabilities depending on the duration of the liability. Prior year current deferred revenue is recognized as revenue in the current period. Remaining performance obligations from contracts with customers represent contracted revenue that has not yet been recognized. These balances are presented as Deferred revenue and relate to obligations to provide software subscription services or managed services in contracts with a duration of multiple years.

EUR 1,000	Consolidated 2022	Consolidated 2021
Accrued income	5,497	4,714
Deferred revenue, non-current	22,153	25,988
Deferred revenue, current	46,446	60,084

Increases in deferred revenue resulting from billing were EUR 45,722 thousand for continuing operations. Decreases in deferred revenue resulting from satisfying performance obligations were EUR 43,524 thousand for continuing operations.

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

3. Other operating income

EUR 1,000	Consolidated 2022	Restated Consolidated 2021
Service fees charged from F-Secure under TSA	8,994
Capital gains from sales of operations	1,272	540
Government grants	1,186	1,435
Gain from sublease arrangements	354
Other	520	491
Total	12,325	2,466

Capital gains from sales of operations includes revision of fair value of deferred consideration from divestment of UK public sector consulting team in December 2021. Government grants are recognized as income over those periods in which the corresponding expenses arise.

Other operating income is presented for continuing operations only according to IFRS 5 as Consumer security business is treated as discontinued operations.

4. Leases

		Restated
EUR 1,000	Consolidated 2022	Consolidated 2021
Decrease in Cost of Revenue	34	37
Decrease in operating expenses (lease expenses)	5,774	6,001
Increase in right-of-use asset depreciation	–5,243	–5,742
Increase in EBIT	568	219
Increase in financial expenses	–279	–270
Profit / Loss for the period	–303	52
Short-term leases booked as rent expense	529	157
Right of use assets and liabilities
Includes continuing and discontinued operations
Right of use assets
Buildings	7,455	8,130
Cars	737	1,111
Total	8,192	9,241
Lease liabilities
Buildings	8,924	8,279
Cars	688	1,122
Total	9,612	9,401
Repayments of lease liabilities	5,989	6,185

Right of use assets related changes are stated in disclosure 13. Non-current assets.

Right of use assets related interest payments are stated in disclosure 8. Financial income and expenses.

Maturity of lease liabilities is stated in disclosure 19. Interest-bearing liabilities.

Lease related income statement effect is presented for continuing operations only according to IFRS 5 as Consumer security business is treated as discontinued operations. For right of use assets and lease liabilities, comparative information is presented on a historical basis for combined operations (i.e. not restated).

Some office premises were subleased to F-Secure on the demerger date. Right of use assets related to these offices were derecognized on 30 June 2022. Depreciations of these assets prior to demerger were presented under continuing operations.

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Remuneration Report go to previous view Corporate Governance Sustainability Report

5. Depreciation, amortization, and impairment

	Consolidated	Restated Consolidated
EUR 1,000	2022	2021
Depreciation and amortization of non-current assets
Other intangible assets	–1,287	–1,349
Capitalized development	–4,792	–3,419
Intangible assets	–6,080	–4,769
Machinery and equipment	–960	–1,382
Right of use assets	–5,243	–5,742
Other tangible assets	–323	–538
Tangible assets	–6,526	–7,662
Impairment
Capitalized development		–1,016
Total impairment		–1,016
Total depreciation and amortization	–12,606	–13,441
Depreciation and amortization by function
Sales and marketing	–4,033	–4,775
Research and development	–5,412	–4,618
Administration	–3,161	–4,048
Total depreciation and amortization	–12,606	–13,441

Depreciation and impairment is presented for continuing operations only according to IFRS 5 as Consumer security business is treated as discontinued operations.

6. Personnel expenses

		Restated
EUR 1,000	Consolidated 2022	Consolidated 2021
Personnel expenses
Wages and salaries	–93,804	–87,345
Pension expenses – defined contribution plan	–10,547	–9,766
Share-based payments	–2,580	–2,322
Other social expenses	–7,867	–7,420
Total	–114,798	–106,854
Employee benefits of the management are stated in disclosure 24. Related party transactions. Share-based payments are stated in disclosure 18. Share-based payment transactions.

Average number of personnel	1,438	1,678
Personnel by function December 31
Consulting and delivery	377	439
Sales and marketing	368	476
Research and development	367	555
Administration	183	186

Personnel expenses are presented for continuing operations only according to IFRS 5 as Consumer security business is treated as discontinued operations.

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

7. Audit fees

EUR 1,000	Consolidated 2022	Consolidated 2021
Group auditor
Audit fees, PricewaterhouseCoopers	–169	–319
Other consulting, PricewaterhouseCoopers	–2,302	–347
Total	–2,471	–666

PricewaterhouseCoopers Oy has provided non-audit services to entities of WithSecure Group for total 2.3 million euros, which are mainly related to services provided during demerger process.

Other auditors
Audit fees	–79	–58
Total	–79	–58

The Finnish Patent and Registration Office Auditor Oversight has granted to PricewaterhouseCoopers Oy upon its request an exemption from the maximum amount of fees for non-audit services referred to in Chapter 5, section 4 of the Finnish Auditing Act (1141/2015).

8. Financial income and expenses

EUR 1,000	Consolidated 2022	Restated Consolidated 2021
Financial income
Interest income from financial assets	257	4
Exchange gains	886	1,186
Other financial income	6	7
Total	1,149	1,197
Financial expenses
Interest expense from loans and liabilities	–336	–426
Interest expense from lease liabilities	–279	–270
Exchange losses	–1,704	–494
Other financial expenses	–448	–353
Total	–2,768	–1,543

Financial income and expenses are presented for continuing operations only according to IFRS 5 as Consumer security business is treated as discontinued operations.

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Remuneration Report go to previous view Corporate Governance Sustainability Report

9. Income tax

EUR 1,000	Consolidated 2022	Restated Consolidated 2021
Current income tax for the year	2,515	5,319
Adjustments for current tax of prior periods	–20	108
Change in deferred tax	3,465	–477
Total	5,961	4,950

A reconciliation of income tax expense in the income statement and income tax calculated at the parent company's country of residence income tax rate (20%):

Result before taxes	–44,171	–30,421

Income tax at Finnish tax rate of 20%	8,834	6,096
Effect of overseas tax rates	97	–247
Non-deductible expenses/tax-exempt revenue	–2,087	–202
Unrecognised tax losses	–1,050	–716
Adjustments for prior period tax	–69	108
Other	235	–88
Total	5,961	4,950

10. Earnings per share

Basic earnings per share amounts are calculated by dividing net profit for the year attributable to ordinary equity holders of the parent by the weighted average number of ordinary shares outstanding during the year. Diluted earnings per share amounts are calculated by dividing the net profit attributable to ordinary shareholders by the weighted average number of ordinary shares outstanding during the year adjusted for the effects of dilutive options.

EUR 1,000	Consolidated 2022	Consolidated 2021
Net profit attributable to equity holders of the parent company
Continuing operations	–38,210	–25,472
Discontinued operations	468,526	38,157
Combined operations	430,316	12,686
Weighted average number of ordinary shares (1,000 )	171,296	158,354
Adjusted weighted average number of ordinary shares for diluted earning per share (1,000 )	171,296	158,354
Basic and diluted earnings per share (EUR/share), continuing operations	–0.22	–0.15
Basic and diluted earnings per share (EUR/share), discontinued operations	2.74	0.22
Basic and diluted earnings per share (EUR/share), combined operations	2.51	0.07

Earnings per share has been recalculated for comparative period using average weighted share amount after share issue in first quarter of 2022.

The weighted average number of shares takes into account the effect of change in treasury shares.

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

11. Discontinued operations

On 17 February 2022 WithSecure announced a plan to pursue towards the separation of the company's consumer security business (F-Secure) through a partial demerger. Demerger was completed on June 30, 2022. Following information includes impacts of discontinued operations on reported income statement and cash flow. Statement of financial position represents assets and liabilities related to Consumer security business right before the demerger on 30 June. Income statement for discontinued operations include revenue and operating expenses which directly derive from Consumer security business and will discontinue for continuing business after the demerger. Certain costs related to supporting F-Secure during transition period and costs of premises which will be sub-leased to F-Secure are not included in Discontinued operations.

Income statement for discontinued operations

EUR 1,000	Consolidated 2022	Consolidated 2021
Revenue	54,828	106,250
Cost of revenue	–4,360	–9,079
Gross margin	50,468	97,172
Other operating income	348	325
Sales and marketing	–14,637	–25,950
Research and development	–7,903	–14,521
Administration	–9,503	–9,316
EBIT	18,774	47,840
Financial net	201	68
Result before taxes	18,975	47,908
Income taxes	–5,402	–9,751
Profit after taxes of the operations transferred to F-Secure	13,574
Fair value gain recognised from valuation of discontinued operations' net assets	450,499
Demerger expenses	3,762
Taxes related to demerger expenses	–702
Translation difference	1,393
Result for the period	468,526	38,157

Statement of financial position for discontinued operations

EUR 1,000	Consolidated 30 June 2022
Assets
Tangible assets	900
Intangible assets	6,244
Deferred tax assets	102
Other long-term receivables	87
Total non-current assets	7,332
Inventories	44
Accrued income	2,090
Trade and other receivables	19,032
Cash and bank accounts	12,716
Total non-current assets	33,882
Total assets	41,214

EUR 1,000	Consolidated 30 June 2022
Liabilities
Deferred tax liability	314
Deferred revenue, non-current	3,310
Other non-current liabilities	75
Total non-current liabilities	3,699
Current interest bearing liabilities	56
Trade and other payables	4,912
Deferred revenue, current	17,303
Income tax liabilities	878
Total current liabilities	23,148
Total liabilities	26,847

Cash flows for discontinued operations

EUR 1,000	Consolidated 2022	Consolidated 2021
Net cash flow from operating activities	18,300	40,200
Net cash flow from investing activities	–600	–1,600
Net cash flow from financing activities	0	–200

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Remuneration Report go to previous view Corporate Governance Sustainability Report

12. Goodwill

For impairment testing goodwill is allocated to cash-generating units (CGUs). The carrying amount of goodwill EUR 82 998 thousand is allocated to two CGUs:

EUR 1,000	Consolidated 2022	Consolidated 2021
Consulting	54,779	55,963
MDR	28,219	29,181
	82,998	85,144

Goodwill is tested for impairment annually, or more frequently if there are indications that goodwill might be impaired. The recoverable amount for each CGU is determined based on a value in use calculation which uses cash flows for the period determined for the CGU. Cash flows are based on financial budgets and forecasts approved by the Board of Directors. Forecast period used in the calculations is five years. Discount rate for Consulting is 9.9% before taxes and for MDR 15.6% before taxes.

Cash flows beyond forecast period have been extrapolated using steady 2% per annum growth rate for both CGUs. Markets where CGUs operate are expected to grow significantly faster than the terminal growth rate used in impairment testing. Managed detection and response (MDR) market is expected to grow at 16.8% annually and Consulting at 12.5% annually by 2027.

Sensitivity analysis

The Group has prepared a sensitivity analysis of the impairment tests to changes in the key assumptions which are revenue, profitability and discount rate. The table below shows the required change in a single assumption that the recoverable amount would fall below the carrying amounts.

EUR 1,000	2022	2021
Variable
Revenue growth during forecast period
Consulting	1% decrease	2% decrease
MDR	11% decrease	9% decrease
Profitability (EBIT-%) during forecast period
Consulting	10% decrease	24% decrease
MDR	34% decrease	27% decrease
Discount rate (Post-tax WACC)
Consulting		2.7%-point increase 1.8%-point increase
MDR		6.4%-point increase 4.4%-point increase

Sensitivity analyses assume a change in only one key variable while all other variables in the forecasts remain unchanged. In WithSecure's analyses sensitivity is tested by assuming a similar change in the tested assumption throughout the forecast period. In reality, it is highly unlikely that such change in the cash flows would occur as the management has means to react in case there is a change to the expected business performance.

During 2022 sensitivity of Consulting goodwill has decreased due to changes in forecasted profitability and increase in WACC due to economic uncertainty. Management considers the headroom for Consulting goodwill to be adequate despite the increased sensitivity during the financial year.

Headroom for MDR remains high and the management believes that no reasonably possible change in any of the key variables would lead to the recoverable amount to fall below the carrying amount.

COVID-19 impacts on goodwill

During pandemic, management has continuously monitored indications of potential impairment of goodwill through frequent forecasting processes. Impacts of the pandemic on the Group's businesses have been low, and the management does not consider the pandemic to have significant impact on the valuation of goodwill. Forecasting processes implemented during the pandemic will be continued, and additional impairment testings will be carried out as usual if indications of impairment arise.

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Remuneration Report go to previous view Corporate Governance Sustainability Report

13. Non-current assets

	INTANGIBLE ASSETS				TANGIBLE ASSETS
EUR 1,000	Other intangible	Capitalized development	Goodwill	Advance payments & incomplete development	Total	Machinery & equipment	Right of use assets	Other tangible	Total
Acquisition cost Jan 1, 2021	20,098	46,520	81,944	7,499	156,061	15,759	22,051	3,597	41,407
Translation difference	399	1,214	3,199	0	4,813	206	320	111	637
Additions	50			5,866	5,916	658	6,111	33	6,802
Transfers		9,941		–9,941
Disposals	–1,021	–1,585			–2,606	–6,103	–1,977	–465	–8,545
Acquisition cost Dec 31, 2021	19,526	56,090	85,143	3,425	164,184	10,520	26,505	3,276	40,301
Translation difference	–193	–899	–2,146		–3,237	–160	–136	–33	–329
Additions				3,702	3,702	507	6,600	732	7,840
Transfers	800	1,982		–3,206	–424	7			7
Acquisitions and divestments	–305				–305	–704	–602	–455	–1,761
Demerger impact 1)		–10,009		–2,481	–12,490	–84	–567	–58	–709
Disposals	–5,350				–5,350	–382	–9,197	–492	–10,071
Acquisition cost Dec 31, 2022	14,478	47,164	82,997	1,441	146,080	9,703	22,603	2,971	35,277
Acc. depreciation Jan 1, 2021	–14,996	–25,104			–40,101	–12,924	–12,290	–2,129	–27,343
Translation difference	–228	–303			–531	–140	–202	–66	–407
Transfers						10			10
Depreciation for the period	–1,384	–4,761			–6,146	–1,402	–6,062	–548	–8,013
Depreciation of disposals	898	555			1,453	6,030	1,285	163	7,478
Acc. depreciation Dec 31, 2021	–15,710	–29,614			–45,324	–8,425	–17,269	–2,580	–28,275
Translation difference	124	315			439	158	274	26	458
Transfers
Acquisitions and divestments	234				234	595	365	310	1,270
Demerger impact 1)		5,731			5,731	10	315		325
Depreciation for the period	–1,268	–4,626			–5,894	–1,101	–5,289	–324	–6,713
Depreciation of disposals	5,350				5,350	724	7,113	436	8,273
Acc. depreciation Dec 31, 2022	–11,269	–28,194			–39,463	–8,039	–14,491	–2,130	–24,663
Book value as at Dec 31, 2021	3,817	26,476	85,143	3,425	118,858	2,095	9,236	697	12,026
Book value as at Dec 31, 2022	3,209	18,970	82,997	1,441	106,617	1,664	8,111	841	10,615

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Remuneration Report go to previous view Corporate Governance Sustainability Report

At the end of 2022 book value of right of use assets consists of buildings EUR 7.5 million (8.1m) and cars EUR 0.7 million (1.1m).

1) Demerger effect in second quarter includes all WithSecure's Consumer business related tangible and intangible assets which were transferred to F-Secure on June 30, 2022.

14. Inventories

EUR 1,000	Consolidated 2022	Consolidated 2021
Inventories		51

Inventories were related to discontinued operations.

15. Financial assets

EUR 1,000	Consolidated 2022	Consolidated 2021
Cash and cash equivalents	55,129	52,940
Interest bearing receivables	10,085
Trade receivables	26,354	38,310
Loan receivables	40	–1
Financial assets at amortized cost	13,977
Financial assets at FVTPL	26	61
Total	105,613	91,310

On 31 December EUR 31.0 million of Group cash assets were invested in short term deposits for maturity of maximum 3 months. These deposits are included in the balance for Cash and cash equivalents, and their fair value is equivalent to their carrying value.

Interest bearing receivables include receivables related to premises subleased to F-Secure and receivables related to asset transfers in Group subsidiaries in relation to demerger.

Trade receivables

Aging of trade receivables
Not fallen due	20,697	32,847
1–90 days past due	5,630	5,887
Over 90 days past due	1,599	1,603
Less provision for expected credit losses	–1,571	–2,063
Total	26,354	38,274

Movements in the provision for expected credit losses

Book value as at Jan 1	2,063	2,510
Change for the year	–299	153
Receivables written off during the year	–192	–601
Book value as at Dec 31	1,571	2,063

Expected credit losses under IFRS 9 continue to have minor increase due to risk caused by COVID-19 pandemic.

Financial assets at FVTPL

EUR 1,000	Consolidated 2022	Consolidated 2021
Fair value as at Jan 1	61	61
Decreases	35
Fair value as at Dec 31	26	61
Shares – unlisted	26	26
Funds		34
Fair value as at Dec 31	26	61

16. Other receivables

EUR 1,000	Consolidated 2022	Consolidated 2021
Non-current receivables
Other receivables	1,271	1,860
Total	1,271	1,860
Current receivables
Other receivables	217	531
Prepaid expenses	8,067	10,197
Accrued income	5,497	4,714
Accrued income tax	1,355	2,558
Total	15,137	18,001

	Material items included in prepaid expenses
--	---------------------------------------------	--	--

Prepaid royalty	2,072	2,991
Grant receivables	769	860
Other prepaid expenses	5,226	6,346
Total	8,067	10,197

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

17. Shareholders' Equity

Issued and fully paid

EUR 1,000 Dec 31, 2020	Number of shares	Share capital	Share premium fundUnrestricted equity reserve		Treasury shares
	158,191,631	1,551	165	6,464	–1,288
Share based payments	195,750			325	439
Dec 31, 2021	158,387,381	1,551	165	6,789	–848
Share issue	15,800,000			75,988
Demerger impact		–1,471	–165
Share based payments	339,563			861	694
Dec 31, 2022	174,526,944	80		83,638	–155

On 23 March 2022, WithSecure issued 15,800,000 new shares in an accelerated book-built offering deviating from the shareholders' pre-emptive subscription rights. Based on resolution of the Extraordinary General Meeting, WithSecure Corporation reduced its share capital by EUR 1,471,311.18 to EUR 80,000 in relation to the demerger. Liability for the assets transferring in the demerger at fair value was recognized after resolution of the Extraordinary General Meeting. Impact of the liability recognition is offsetting the impact of distribution gain through income statement in Company's equity.

The number of shares was 174,598,739 (including own shares 71,795) at the end of 2022. A share has no nominal value.

Share premium fund

Based on resolution of the Extraordinary General Meeting, WithSecure Corporation dissolved the share premium fund in relation to the demerger.

Unrestricted equity reserve

On March 20, 2007, the shareholders' meeting decided to decrease the share premium fund. The decreased amount of 33,582 thousand euro was transferred to unrestricted equity reserve. On March 26, 2008, the shareholders' meeting decided that the total amount of the subscription prices paid for new shares issued after the date of the meeting, based on stock options under the F-Secure Stock Option Plan 2005, be recorded in Companys' unrestricted equity reserve. Capital raised in the share issue on 23 March 2022 was booked in unrestricted equity reserve according to the resolution of the Extraordinary General Meeting.

Translation differences

The translation difference is used to record exchange difference arising from the translation of the financial statements of foreign subsidiaries.

Dividends proposed and paid

Proposed for approval at AGM for financial year 2022 is that no dividend will be paid.

For financial year 2021 company decided to not pay any dividend.

Final dividend for financial year 2020 was 0.04 euro per share, paid during 2021 (6,334,277.96 euro in total).

Treasury shares

Treasury shares contains the purchase value of own shares owned by the Group. The cost of acquisition is reported as a deduction in shareholders' equity. The shares have been acquired through public trading on NASDAQ OMX Helsinki. The parent company has not acquired treasury shares during the period. During the financial year parent company's treasury shares have been used for board remuneration according to Annual General Meeting's decision, for incentive programs and for deferred payment of the 2017 acquisition.

The total number of acquired treasury shares was 71,795 at the end of 2022. This represents 0.04% of the Company's voting power on December 31, 2022.

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

18. Share-based payment transactions

During the period Group has had share-based incentive plans covering management and the key personnel of the Group and a share savings plan available to all employees as described below. The programs have been established as part of incentive and retention system within WithSecure. The programs offer the participants a possibility to receive WithSecure shares as an incentive reward if the financial targets set for the earning period have been achieved. No reward can be given to a participating employee whose employment has terminated before the end of the lock-up period.

Share-based incentive program 2020–2022

The share-based incentive program 2020–2022 was established in February 2020. The program's duration is five years and it comprises three earning periods: 2020–2022 with the grant date in April 2020, 2021–2023 with the grant date in April 2021, and 2022–2024 with the grant date in March 2022. Each earning period lasts for three years. The program ends on December 31, 2024. The value of the WithSecure share at grant date for the program were EUR 2.18 for the 2020–2022 earning period, EUR 3.42 for the 2021–2023 earning period and EUR 5.12 for the 2022–2024 earning period. The rewards will be equitysettled. The original maximum total of shares to be given as reward were as follows: 3,400,000 shares on the basis of earning period 2020–2022, 2,600,000 shares on the basis of earning period 2021–2023 and 2,200,000 shares on the basis of earning period 2022–2024. The vesting of the rewards for all periods was conditional to the participant remaining in the service of WithSecure. In addition, the 2020–2022 earning perriod had a performance condition based on WithSecure's relative total shareholder return of WithSecure's share and earning periods 2021–2023 and 2022–2024 have a performance condition based on the absolute shareholder return of WithSecure's share. The Board has approved the metrics, targets and participants on annual basis for each earning period.

After the demerger, share-based incentive program 2020–2022 was converted into new WithSecure shares by updating total amount of shares to be granted and the performance criteria. The Board has approved the new metrics, targets and amount of shares. IFRS2 modification accounting was applied in the conversion. In the modification, the fair value of the original reward and the fair value of the new reward was calculated to modification date August 12, 2022. Incremental expense from the modification is booked as cost for the remaining earning period. The converted maximum total of shares to be given as reward are as follows: 9,100,000 shares on the basis of earning period 2020–2022, 6,900,000 shares on the basis of earning period 2021–2023 and 5,900,000 shares on the basis of 2022–2024 earning period.

The expenses arising from the Share-based incentive program 2020–2022 in financial statements for 2022 are EUR 1,448 thousand including reversed expense from forfeiture of F-Secure participants.

Restricted share plan

A Restricted share plan was established in February 2020. The program's duration is five years. The restricted share plan complements the incentive programs and comprises of four earning periods: 2020–2021 with grant date in October 2020, 2021–2022 with grant date in August 2021, 2021–2023 with grant date in January 2021 and 2022–2024 with grant dates in March 2022, June 2022 and September 2022. The original maximum total shares to be given is as follows: 300,000 shares on the basis of the earning period 2020–2021, 500,000 shares on the basis of the earning period 2021–2022, 500,000 shares on the basis of earning period 2021–2023 and 500,000 shares on the basis of earning period 2022–2024. The vesting of the rewards for all periods is conditional on the participant remaining in service of WithSecure. The Board has approved the participants for each earning period.

After the demerger, Restricted share plan was converted into new WithSecure shares by updating total amount of shares to be granted. The Board has approved the new amount of shares. IFRS2 modification accounting was applied in the conversion. In the modification, the fair value of the original reward and the fair value of the new reward was calculated to modification date August 12, 2022. Incremental expense from the modification is booked as cost for the remaining earning period. The converted maximum total shares to be given is 1,400,000 shared for each earning period 2021–2022, 2021–2023 and 2022–2024.

The expenses arising from the Restricted share plan in financial statements for 2022 are EUR 1,113 thousand including reversed expense from forfeiture of F-Secure participants.

Performance Matching Share Plan

Performance Matching Share Plan was established in September 2022. The program consists of one 4-year performance period which started on September 1, 2022 and ends on November 30, 2026. In the plan, participants were given an opportunity to invest in WithSecure shares and earn WithSecure shares through a matching reward. The Board has approved participations in the plan. The company will match the participants' own investment based on WithSecure's market capitalization value. The maximum matching is 5 times the number of invested shares. In addition, the participants will receive a guaranteed matching of 0.5 times the initial investment, given that their employment continues without termination at the time of the payment.

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Remuneration Report go to previous view Corporate Governance Sustainability Report

Performance Matching Share Plan replaced Share-based incentive program's earning period 2022–2024 for participants. According to IFRS2 modification accounting has been applied. In the modification, the fair value of the original reward and the fair value of the new reward was calculated to the modification date September 9, 2022. Expense from the original reward is booked as cost for the original earning period and the incremental expense from the modification is booked as cost for the performance period of the new reward.

The expenses arising from the Performance Matching Share Plan in financial statements for 2022 are EUR 656 thousand.

Employee Share Savings Plan

Employee share savings plan was established in August 2022. The plan consists of a 12-month savings period that is followed by a 2-year restriction period. In the plan, participants are given an opportunity to invest in WithSecure shares through monthly savings and earn WithSecure shares through a matching reward. After the restriction period, the participants will receive one guaranteed matching share for every two shares saved within the plan given that their employment continues without termination at the time of the reward payment.

The expenses arising from the Employee Share Savings Plan in financial statements for 2022 are EUR 2 thousand.

Impacts of share-based payment transactions on financial statements

EUR 1,000	Consolidated 2022	Consolidated 2021
Booked as expense during the period	2,836	2,672
Booked in retained earnings during the period	1,473	2,558
Balance sheet liability at the end of the period		1,148

19. Interest-bearing liabilities

Interest-bearing liabilities

EUR 1,000	Consolidated 2021	Consolidated 2020
Unsecured liabilities at amortized cost
Bank loans		19,000
Other loans	3,596
Lease liabilities	9,612	9,401
Total	13,208	28,401
Total interest-bearing liabilities	13,208	28,401
Amount due for settlement within 12 months	4,839	10,824
Amount due for settlement after 12 months	8,369	17,577
Borrowings by currency	EUR	EUR
Bank loans		19,000
		19,000

On 30 June, WithSecure made an early repayment of EUR 19.0 million to the bank loan. The committed revolving credit facility was also cancelled.

The bank loans carried variable interest rates. The weighted average interest rates paid during the year were as follows:

Bank loans	1.5%	1.5%

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Other financial liabilities

Contractual maturities of financial liabilities	Less than 1 year	1 to 2 years	2 to 3 years	3 to 4 years		Total contractual cash flows	Carrying amount
Lease liabilities	5,065	3,957	489	204	160	9,876	9,612
Other loans			3,697			3,697	3,596
Total financial liabilities	5,065	3,957	4,186	204	160	13,572	13,208

Other loans are liabilities related to asset transfers in Group subsidiaries in relation to demerger.

Lease liabilities consists mainly of buildings (EUR 8.9 million). Cars are totalling to EUR 0.7 million and the maturity for them is mainly less than 2 years.

20. Financial assets and liabilities

Classes and categories of financial assets and liabilities and their fair values

Fair value hierarchy levels 1 to 3 are based on the degree to which the fair value is observable:

Level 1: Fair values of financial instruments are based on quoted prices in active markets for identical assets and liabilities

Level 2: Financial instruments are not subject to trading in active and liquid markets. The fair values of financial instruments can be determined based on quoted market prices and deduced valuation.

Level 3: Measurement of financial instruments is not based on verifiable market information, and information on other circumstances affecting the value of the instruments is not available or verifiable.

		Carrying value				Fair value
		Financial assets		Financial liabilities		Hierarchy level
EUR 1,000	Note	FVTPL	Amortized cost	Amortized cost	Total	1	2	3	Total
Cash and cash equivalents	(15)		55,129		55,129
Financial assets at amortized cost	(15)		13,977		13,977	13,977			13,977
Financial assets at FVTPL	(15)	26			26		26		26
Interest bearing receivables	(15)		10,085		10,085
Trade receivables	(15)		26,354		26,354
Other loans	(19)			3,596	3,596			3,596	3,596
Trade and other payables	(22)			4,409	4,409

General

The goal of risk management is to identify risks that may hinder the Group from achieving its business objectives. The responsibility for the Group's risk management lies with the CEO, the management and ultimately with the Board of Directors. The risks related to the Group's financial instruments are mainly related to credit risks, currency risk and interest rate risk. Group's investments in financial assets at amortized cost are also subject to market risk.

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Remuneration Report go to previous view Corporate Governance Sustainability Report

Credit risk

The Group trades only with recognized, creditworthy third parties. Receivable balances are monitored and collected on an ongoing basis. The maximum exposure to credit risk at the reporting date is the carrying value of trade receivables. There are no significant concentrations of credit risk within the Group. See note 15. Financial assets.

Liquidity risk

Liquidity risk arises if the Group's existing liquidity reserves, net cash flows and available additional financing are not sufficient to cover commitments falling due within next 12 months. Group manages it's liquidity risk by centralizing the management of cash and liquid assets and thereby optimizing the use of liquid funds for operational and refinancing needs. Group Treasury is responsible for monitoring cash balances and cash forecasts to keep liquidity risk at manageable level. The Group has not identified any significant concentrations of liquidity risks in sources of available financing.

The Group improved its cash position with a directed share issue in March 2022 where EUR 76.8 million new capital was raised. In the demerger, Group's cash was divided between F-Secure and WithSecure based on principles set out in the demerger plan. Capital raised in the share issue was not subject to division in demerger.

Cash and bank balance was at solid level throughout 2022, and at the end of the reporting period the Group held EUR 24.1 million in it's bank accounts and EUR 31.0 million in short trem deposits with maturity of less than three months. In total, Group's cash and cash equivalents were EUR 55.1 million (EUR 52.9 million euro in 2021).

In June 2022 the Group made an early repayment to its bank loans. In the repayment, the remaining bank loan of EUR 19 million was fully paid. The Revolving Credit Facility (RCF) was also cancelled. COVID-19 pandemic is no longer considered to be a significant risk to Group's liquidity. The management and the Board of Directors monitors Group's liquidity through a regular cash forecast on a monthly basis.

Market risk

The Group invests liquidity in excess of operative requirement according to Investment Policy approved by the Board of Directors. Assets available for investing are determined based on cash and liquidity forecasts. The objective is to generate stable positive returns and at minimum ensure that the invested nominal amounts can be redeemed. Market risk arising from investments is managed by defining neutral allocation per asset class complemented by

minimum and maximum limits. The Board of Directors approves allowed counterparties and issuers for the Group's investments

Foreign currency risk

The Group operates globally and is exposed to a currency risk arising from exchange rate fluctuations against its reporting currency euro. Transaction risk is related to foreign currency transactions in sales and expenses. Translation risk arises from the Group's net investments outside euro zone.

Transaction risk

Majority of sales is invoiced in Euros. Other main currencies for invoicing are GBP, USD and JPY. Currency risk arising from sales invoicing is notably diminished by operational expenses arising in same currencies as the sales invoicing. In order to minimize the impact of the fluctuation of the exchange rates, the Group can use forward currency contracts to eliminate the currency exposure of the estimated cash flow of these currencies. At the end of the reporting period the Group did not have any open currency forward contracts.

Sales in different currencies Comparative data includes continuing and	Consolidated 2022	Consolidated 2021
discontinued operations	%	%
EUR	51	60
GBP	19	13
USD	11	11
JPY	11	8
SEK	3	4
Other currencies	6	5
	100	100

The carrying Euro amounts of the Group's financial assets and liabilities at the reporting date are as follows:

Comparative data includes continuing and discontinued operations

Financial	Consolidated	Consolidated
assets	2022	%	2021	%
EUR	68,066	65	53,993	58
JPY	13,815	13	8,208	9
GBP	9,742	9	8,381	9
USD	5,768	5	10,068	11
Other currencies	7,994	8	13,048	13
	105,386	100	93,698	100

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Remuneration Report go to previous view Corporate Governance Sustainability Report

Financial	Consolidated		Consolidated
liabilities	2021	%	2020	%
EUR	9,156	52	29,975	87
USD	4,689	27	2,516	7
GBP	2,589	15	1,102	3
Other currencies	1,184	6	970	3
	17,618	100	34,563	100

The table below demonstrates how sensitive the Group's profit before taxes is to foreign exchange rate fluctuations when all other variables are held constant. The open exposure against USD, GBP and JPY arising from Group treasury, trade receivables and trade payables have an impact on Group's profit before taxes. The sensitivity calculation is based on a change of 10% in the Euro exchange rate against the functional currencies the Group operates in.

EUR million	Consolidated 2022	Consolidated 2021
USD	+0.3/–0.3	+/– 0.3
GBP	+0.5/–0.4	+/– 0.2
JPY	+0.4/– 0.3	+/– 0.3

Translation risk

Translation risk arises from the Group's net investments in foreign currencies. Most significant translation risks arise from goodwill generated in MWR InfoSecurity acquisition. Main currencies in goodwill are GBP and EUR. In the divestment of the South African subsidiary, ZAR based goodwill was reallocated to GBP and EUR. Translation differences also arise from translating Group companies' balance sheets into euros using exchange rates prevailing on the reporting date. Internal loans are granted mainly in subsidiaries' home currencies. According to current policy WithSecure does not hedge equity investments made in its subsidiaries.

The table below demonstrates how sensitive the Group's equity is to foreign exchange rate fluctuations when all other variables are held constant. The sensitivity calculation is based on a change of 10% in the Euro exchange rate against the main functional currencies exposing the Group to translation risk.

EUR million	Consolidated 2022	Consolidated 2021
GBP	+7.9/–6.5	+7.2/–5.9
ZAR		+3.2/–2.6
DKK	+0.9/–0.7	+0.9/–0.7

Interest rate risk

The Group repaid its bank loans in June 2022 which reduced exposure to interest rate risk. Interest rate risk is limited to interest bearing liabilities in subsidiaries from asset transfers related to the demerger (EUR 3.6 million).

Capital management

The Group's shareholders' equity is managed as capital. The objective of the Group's capital management is to maintain an efficient capital structure that ensures the functioning of business operations and promotes shareholder value. After June 2022 the group has not had external financing. Capital structure is reviewed regularly as a part of financial performance monitoring. The capital structure can be adjusted among other things by distribution of dividends, share repurchase or capital repayment. The dividend policy of WithSecure is to pay approximately half of its annual profit as dividend. Subject to circumstances, the Company may deviate from its policy

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

21. Deferred tax

EUR 1,000	Consolidated 2022	Consolidated 2021
Deferred tax assets relate to following:
Fixed assets	1,019	278
Accruals and provisions	5,625	4,808
Tax losses carried forward	4,762	3,282
Total	11,406	8,368
Offset against deferred tax liabilities	–4,639	–4,243
Net deferred tax assets	6,767	4,124
Change in deferred tax assets:
Recognized in profit or loss	2,643	–477
Deferred tax liabilities relate to the following:
Fixed assets	2,738	2,639
Accruals and provisions	2,799	2,799
Total	6,262	6,123
Offset against deferred tax assets	–4,639	–4,243
Net deferred tax liabilities	1,623	1,880
Change in deferred tax liabilities:
Recognized in profit or loss	–257	80

On December 31, 2022 the Group had EUR 41.5 million losses carried forward that are available to be offset against future taxable profits in the companies in which the losses have been generated. Deferred tax asset has been recognized for losses in total of EUR 23.8 million.

22. Other liabilities

EUR 1,000	Consolidated 2022	Consolidated 2021
Non-current liabilities
Deferred tax liability	1,623	1,880
Deferred revenue	22,153	25,988
Other non-current liability	317	347
Total	24,093	28,215
Current liabilities
Deferred revenue	46,446	60,084
Trade payables	4,409	5,975
Other liabilities	5,547	6,766
Accrued expenses	9,912	17,249
Income tax liabilities	2,126	4,182
Total	68,440	94,256
Material amounts shown under accrued expenses
Accrued personnel expenses	5,661	10,411
Other accrued expenses	4,251	6,838
Total	9,912	17,249

23. Contingent liabilities

EUR 1,000	Consolidated 2022	Consolidated 2021
Guarantees for other group companies
Other liabilities
Others	110	110

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

24. Related party disclosures

The Group's related parties include Parent Company and subsidiaries, as well as members of the Board, CEO and members of the Leadership Team.

Compensation of key management personnel of the Group

EUR 1,000	Consolidated 2022	Consolidated 2021
Wages and other short-term employee benefits	2,952	2,609
Share-based payments	236	136
Total	3,188	2,745

Wages and other short-term employee benefits incl. share-based payments

EUR 1,000	Consolidated 2022	Consolidated 2021
CEO	556	375
Leadership Team	2,633	2,369
Members of the Boards of Directors	314	316
	3,502	3,060

Board of Directors 2022 and Managing Director

EUR 1,000	Wages	Fees
Juhani Hintikka, Managing Director	556
Risto Siilasmaa, Chairman of the Board		80
Pertti Ervi		45
Päivi Rekonen		41
Tuomas Syrjänen		48
Keith Bannister		41
Kirsi Sormunen		45
Tony Smith		13
Åsa Riisberg		1
Total	556	314

Share-based payments granted to the CEO are presented at the IFRS 2 expense of the share plans. The equity-settled part is measured at the fair value of the WithSecure Corporation share on the date it was granted and cash-settled part at the fair value of the share on the reporting date. The cost is recognized over the period in which the performance conditions are fullfilled (earning period).

The CEO's retirement age and the determination of his pension conform to the standard rules specified by Finland's Employee Pension Act (TYEL). The pension cost of the CEO during the period was 88 thousand euro (60 thousand euro in year 2021). The period of notice for the CEO is six (6) months both ways and CEO is entitled to severance payment equivalent of six (6) months' salary.

25. Subsidiaries

Group's operating subsidiaries were renamed during demerger and rebranding of the Group.

Name	Country of incorporation	Group (%)
Parent WithSecure Corporation, Helsinki	Finland
WithSecure A/S, Copenhagen	Denmark	100.00
WithSecure AB, Stockholm	Sweden	100.00
WithSecure B.V., Utrecht	The Netherlands	100.00
WithSecure BV, Heverlee-Leuven	Belgium	100.00
WithSecure Cyber Security Services Oy, Helsinki	Finland	100.00
WithSecure GmbH, Munich	Germany	100.00
WithSecure Inc., Camden	United States	100.00
WithSecure KK, Tokyo	Japan	100.00
WithSecure Limited, Basingstoke	United Kingdom	100.00
WithSecure Norge AS, Oslo	Norway	100.00
WithSecure Pte. Ltd., Singapore	Singapore	100.00
WithSecure SARL, Maisons-Laffitte	France	100.00
WithSecure Sdn Bhd, Kuala Lumpur	Malaysia	100.00
WithSecure SP. z.o.o., Poznan	Poland	100.00
WithSecure Srl, Milano	Italy	100.00
Bytegeist GmbH, Oldenburg	Germany	100.00
F-Secure Software (Shanghai) Co Ltd, Shanghai	China	100.00
F-Secure Digital Assurance Ltd, Basingstoke	United Kingdom	100.00
F-Secure Informatica S de RL de CV, Mexico City	Mexico	99.41
F-Secure Argentina S.R.L., Buenos Aires	Argentina	95.00

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Income statement January 1–December 31, 2022

EUR	Note	FAS 2022	FAS 2021
REVENUE	(1)	125,760,790.06	164,897,224.65
Cost of revenue	(4)	–23,773,994.14	–23,374,379.73
GROSS MARGIN		101,986,795.92	141,522,844.92
Other operating income	(2)	19,609,712.80	6,603,406.83
Sales and marketing	(3, 4)	–71,096,329.39	–73,529,325.59
Research and development	(3, 4)	–43,659,729.58	–43,566,748.03
Administration	(3, 4)	–19,472,202.17	–17,533,526.24
EBIT		–12,631,752.42	13,496,651.89
Financial income and expenses	(6)	–3,230,411.29	2,775,137.35
PROFIT (LOSS) BEFORE APPROPRIATIONS AND TAXES		–15,862,163.71	16,271,789.24
Appropriations	(7)		2,953,475.95
Income taxes	(8)	2,201,733.85	–3,510,977.31
RESULT FOR THE FINANCIAL YEAR		–13,660,429.86	15,714,287.88

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Balance sheet December 31, 2022

EUR		FAS 2022	FAS 2021
ASSETS
NON-CURRENT ASSETS
Intangible assets	(9)	12,521,854.93	19,507,822.36
Tangible assets	(9)	775,254.20	810,961.74
Investments in group companies	(10)	119,845,463.72	122,951,349.68
Long-term receivables	(13)	7,122,694.62	5,756,901.99
Total non-current assets		140,265,267.47	149,027,035.77
CURRENT ASSETS
Inventories	(12)		50,609.00
Trade and other receivables	(13)	42,677,663.30	54,461,495.45
Deferred tax assets	(11)	2,132,169.90
Short-term investments	(14)	14,003,150.78	26,156.08
Cash and cash equivalents	(15)	42,537,524.43	39,022,997.26
Total current assets		101,350,508.41	93,561,257.79

TOTAL ASSETS			241,615,775.88 242,588,293.56

EUR	FAS 2022	FAS 2021
SHAREHOLDERS' EQUITY AND LIABILITIES
SHAREHOLDERS' EQUITY (16, 17)
Share capital	80,000.00	1,551,311.18
Share premium		164,543.23
Treasury shares	–154,558.06	–848,824.36
Reserve for invested unrestricted equity	84,438,441.61	6,789,026.35
Retained earnings	83,329,719.27	76,870,857.81
Profit for the financial year	–13,660,429.86	15,714,287.88
Total shareholders' equity	154,033,172.96	100,241,202.09

APPROPRIATIONS
Depreciation reserve	90,614.56	90,614.56

CURRENT LIABILITIES (19)
Long-term liabilities (19)	23,290,809.17	42,422,844.86
Short-term liabilities (19)	64,201,179.19	99,833,632.05
Total liabilities	87,491,988.36	142,256,476.91

TOTAL SHAREHOLDERS' EQUITY AND
LIABILITIES	241,615,775.88 242,588,293.56

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Remuneration Report go to previous view Corporate Governance Sustainability Report

Cash flow statement January 1–December 31, 2022

EUR 1,000	FAS 2022	FAS 2021
Cash flow from operations
Result for the financial year	–13,660	15,714
Adjustments
Depreciation and amortization	4,654	4,228
Profit / loss on sale of fixed assets	0	106
Other adjustments	3,003	–2,504
Financial income and expenses	37	–2,775
Income taxes	–2,202	3,511
Cash flow from operations before change in
working capital	–8,167	18,280
Change in net working capital
Current receivables, increase (–), decrease (+)	–8,956	–5,059
Inventories, increase (–), decrease (+)	6	23
Non-interest bearing debt, increase (+),
decrease (–)	–2,447	15,422

Cash flow from operations before
financial items and taxes	–19,565	28,666

Interest expenses paid Interest income received	–218 865	–450 358
Other financial income and expenses	–2,274	–337
Income taxes paid	–3,149	–2,432

Cash flow from operations	–24,341	25,805

EUR 1,000	FAS 2022	FAS 2021

Cash flow from investments
Investments in intangible and tangible assets	–4,020	–6,030
Investments in subsidiary shares	–141
Proceeds from sale of intangible and tangible assets	0	10
Intercompany loans granted	–3,105	–440
Intercompany loans repaid		1,271
Dividends received	191	2,199
Investments in financial assets 1)	–13,977

Cash flow from investments	–21,051	–2,990

Cash flow from financing activities
Share issue	76,788
Decrease in interest-bearing liabilities	–19,000	–11,000
Intercompany loans repaid	–5,017	–1,651
Dividends paid		–6,334
Group contributions	3,000

Cash flow from financing activities	55,771	–18,985

Change in cash	10,378	3,830
Effect of exchange rate changes on cash	–55	108
Demerger effect in cash 2)	–6,808

Cash and bank at the beginning of the period	39,023	35,086

Cash and bank at period end 42,537 39,023

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Remuneration Report go to previous view Corporate Governance Sustainability Report

Notes to the parent company Financial Statements

Basic information

WithSecure provides cyber security products and services globally for businesses.

WithSecure Corporation (previously known as F-Secure Corporation) is the parent company of WithSecure Group, incorporated in Finland and domiciled in Helsinki. Company's registered address is Tammasaarenkatu 7, 00180 Helsinki. Copy of consolidated financial statements can be downloaded from www.withsecure.com or can be received from the Company's registered address.

Accounting principles

The financial statement of WithSecure Corporation has been prepared in accordance with Finnish Accounting Standards (FAS).

Demerger

WithSecure completed the separation of its Consumer security business into an independent company F-Secure through a partial demerger on 30 June 2022, according to the plan first announced on 17 February 2022 by the Board of Directors. In the demerger, assets and liabilities transferred to F-Secure were derecognized from the parent company's balance sheet at book values on 30 June 2022. The net amount of the assets and the liabilities was booked as deduction to Company's equity. Demerger impact on parent company's equity was EUR –9.7 million.

Foreign currency translation

Revenue recognition

Revenue is derived from corporate business. Corporate security business revenue includes cyber security products andmanaged services. In 2022 WithSecure started to classify revenue in three categories: Cloud-based security products, On-premise security products and Cyber security consulting. Cloud revenue includes the Elements platform cloud-based products, Managed Detection and Response (MDR) and Cloud Protection for Salesforce (CPSF) revenue. On-premise revenue includes the Elements portfolio on-premise product (Endpoint protection).

Presentation of receivables and liabilities from contracts with customers

Receivables from contracts with customers are presented in the balance sheet as Accrued income. Liabilities from contracts with customers are presented in the balance sheet as Deferred revenue and included in Total non-current liabilities or Total current liabilities depending on the duration of the liability.

Pensions

F-Secure's pension arrangements are defined contribution plans in accordance with local statutory requirements. Contributions to defined contribution plans are recognized in income statement in the period to which the contributions relate. The Company recognizes the disability commitment of TyEL pension plan when disability appears.

Leases

Leases where the lessor retains substantially all the risks and benefits of ownership of the asset are classified as operating leases. Operating lease

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

payments are recognized as an expense in the income statement on a straight-line basis over the lease term. The Company has only operating leases.

Income taxes

Current income taxes are calculated in accordance with the local tax and accounting rules. Deferred tax assets from losses carried forward are recognized to the extent that it is probable that future taxable profit will be available.

Tangible and intangible assets

Intangible assets include intangible rights and software licenses. Tangible and intangible assets are recorded at historical cost less accumulated depreciation, amortization, and possible impairment. Depreciation and amortization is recorded on a straight-line basis over the estimated useful life of an asset. The estimated useful lives of tangible and intangible assets are as follows:

Machinery and equipment	3–8 years
Capitalized development costs	3–8 years
Intangible rights	3–8 years
Intangible assets	5–10 years

Ordinary repairs and maintenance costs are charged to the income statement during the financial period in which they are incurred. The cost of major renovations is included in the assets' carrying amount when it is probable that the Company will derive future economic benefits in excess of the originally assessed standard or performance of the existing asset. Any gain or loss arising on derecognition of the asset (calculated as the difference between the net disposal proceeds and the carrying amount of the asset) is included in the income statement in the year the asset is derecognized.

Research and development expenditure

Research expenditure is recognized as an expense at the time it is incurred. Development expenditures are capitalized as intangible assets.

Inventories

The company has not had inventories after the demerger.

Financial assets and liabilities

Cash and cash equivalents in the balance sheet comprise cash at bank and in hand and other highly liquid short-term investments.

WithSecure classifies loans from financial institutions, trade payables and other payables as other financial liabilities which are measured at amortized cost. Financial liabilities are classified as current unless WithSecure has unconditional right to postpone their repayment by at least 12 months from the end date of the reporting period.

Treasury shares

The company has acquired treasury shares in 2008–2011. The purchase price of the shares has been deducted from equity.

Share-based payment transactions

WithSecure provides incentives to employees in the form of equity-settled share-based instruments. Currently the Company has share-based programs.

WithSecure's share-based incentive programs are targeted to the Group's management and key personnel. In addition, employee share savings plan was launched in 2022 for all employee. The programs are equity-settled, and recognized in theCompany'sequity on vesting date.

Presentation of expenses

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

1. Revenue

EUR 1,000	FAS 2022	FAS 2021
Geographical information
Nordic countries	43,037	57,011
Europe excl. Nordics	61,354	79,269
North America	9,178	13,943
Rest of the world	12,192	14,675
Total	125,761	164,897

Due to the partial demerger of Consumer security business on 30th of June 2022, the comparative information for 2021 is not comparable with 2022.

2. Other operating income

EUR 1,000	FAS 2022	FAS 2021
Service fees charged from F-Secure under TSA	8,708
Rental revenue	778	170
Government grants	1,452	1,705
Other	8,673	4,728
Total	19,610	6,603

Government grants are recognized as income over those periods in which the corresponding expenses arise.

Other category includes administrative and other fees charged from group companies.

3. Depreciation, amortization and impairment

EUR 1,000	FAS 2022	FAS 2021
Depreciation and amortization of non-current assets
Other intangible assets	–743	–1,087
Capitalized development	–3,626	–2,739
Intangible assets	–4,369	–3,826
Machinery and equipment	–285	–402
Tangible assets	–285	–402
Total depreciation and amortization	–4,654	–4,228
Depreciation and amortization by function
Sales and marketing	–191	–472
Research and development	–4,101	–3,356
Administration	–363	–400
Total depreciation and amortization	–4,654	–4,228

Due to the partial demerger of Consumer security business on 30th of June 2022, the comparative information for 2021 is not comparable with 2022.

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

4. Personnel expenses

EUR 1,000	FAS 2022	FAS 2021
Personnel expenses
Wages and salaries	–42,463	–44,905
Pension expenses	–7,317	–7,914
Other social expenses	–1,511	–1,753
Total	–51,291	–54,572

5. Audit fees

EUR 1,000	FAS 2022	FAS 2021
Audit fees, PricewaterhouseCoopers	–130	–150
Other consulting, PricewaterhouseCoopers	–2,302	–347
Total	–2,432	–497

6. Financial income and expenses

EUR 1,000	FAS 2022	FAS 2021
Interest income	865	358
Interest expense	–218	–450
Dividends	191	2,199
Exchange gains and losses	–617	853
Impairment of non-current investments	–3,194
Other financial expenses	–256	–185
Total	–3,230	2,775

Impairment of non-current investments relates to a dormant group company. It's shares have been written off during the financial year.

7. Appropriations

EUR 1,000	FAS 2022	FAS 2021
Change in depreciation reserve		–47
Group contribution		3 000
Total		2 953

8. Income taxes

EUR 1,000	FAS 2022	FAS 2021
Income tax for the year	89	–3,506
Adjustments for income tax of prior periods	–19	–5
Deferred tax	2,132
Total	2,202	–3,511

Result before appropriations and tax	–15,862	16,272

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Remuneration Report go to previous view Corporate Governance Sustainability Report

Due to the partial demerger of Consumer security business on 30th of June 2022, the comparative information for 2021 is not comparable with 2022.

Compensation of key management personnel
Wages and other short-term employee benefits	–2,588	–2,274
Wages and other short-term employee benefits
Managing Directors	556	–375
Members of the Board of Directors	314	–316

Wages and other short-term employee benefits of the Board of Directors and Managing Director: see group disclosure 24. Related party disclosures.

The Managing Director retirement age and the determination of his pension conform to the standard rules specified by Finland's Employee Pension Act (TYEL). The pension cost of the Managing Director over the period was 88 thousand euro (60 thousand euro in year 2021). The period of notice for the Managing Director is six (6) months both ways and Managing Director is entitled to severance payment equivalent of six (6) months' salary.

	FAS 2022	FAS 2021
Average number of personnel	573	674
Personnel by function Dec 31
Consulting and delivery	38	75
Sales and marketing	125	161
Research and development	250	371
Administration	79	82
Total	492	689

9. Non-current assets

	INTANGIBLE ASSETS					TANGIBLE ASSETS
	Other intangible	Capitalized development	Incomplete development	Advance payments	Total	Machinery & equipment	Other tangible	Total
Acquisition cost Jan 1, 2020	14,328	26,084	7,077	422	47,911	10,180	5	10,186
Additions	18		5,607	260	5,884	146		146
Transfers		9,941	–9,941
Disposals	–1,011				–1,011	–5,736		–5,736
Acquisition cost Dec 31, 2021	13,335	36,025	2,743	681	52,785	4,591	5	4,597
Additions	59		3,450	118	3,628	258		258
Transfers	800	2,406	–2,406	–800
Disposals	–5,350	–10,009	–2,346		–17,706	–39		–39
Acquisition cost Dec 31, 2022	8,844	28,422	1,441		38,706	4,810	5	4,816
Acc. depreciation Jan 1, 2020	–11,421	–18,927			–30,348	–9,118		–9,118
Depreciation for the period	–1,087	–2,739			–3,826	–402		–402
Acc. depreciation of disposals	897				897	5,735		5734,53
Acc. depreciation Dec 31, 2021	–11,611	–21,666			–33,277	–3,785		–3,785
Depreciation for the period	–743	–3,626			–4,369	–285		–285
Acc. depreciation of disposals	5,350	6,112			11,462	30		30
Acc. depreciation Dec 31, 2022	–7,005	–19,181			–26,185	–4,040		–4,040
Book value as at Dec 31, 2021	1,723	14,360	2,743	681	19,508	806	5	811
Book value as at Dec 31, 2022	1,839	9,242	1,441		12,522	770	5	775

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

10. Investments in group companies

EUR 1,000	Shares in group companies	Total
Book value as at Jan 1	122,951	122,951
Additions	141	141
Decreases	–3,247	–3,247
Book value as at Dec 31	119,845	119,845

Book value of F-Secure Digital Assurance Ltd's shares has been written off during the financial year.

		Share of
Name	Country of incorporation	ownership (%)
Parent WithSecure Corporation, Helsinki	Finland
WithSecure A/S, Copenhagen	Denmark	100
WithSecure AB, Stockholm	Sweden	100
WithSecure B.V., Utrecht	The Netherlands	100
WithSecure BV, Heverlee-Leuven	Belgium	100
WithSecure GmbH, Munich	Germany	100
WithSecure KK, Tokyo	Japan	100
WithSecure Limited, Basingstoke	United Kingdom	100
WithSecure SARL, Maisons-Laffitte	France	100
WithSecure Sdn. Bhd., Kuala Lumpur	Malaysia	100
WithSecure Sp. z o.o., Poznan	Poland	100
WithSecure Srl, Milan	Italy	100
F-Secure Argentina SRL, Buenos Aires	Argentina	95
F-Secure Digital Assurance Ltd, Basingstoke	United Kingdom	100
F-Secure Software (Shanghai) Co Ltd, Shanghai	China	100

11. Deferred tax

EUR 1,000	FAS 2022	FAS 2021
Deferred tax assets	2,132
Total	2,132

Parent company has recognized deferred tax asset from losses in financial year 2022.

12. Inventories

EUR 1,000	FAS 2022	FAS 2021
Other inventories		51

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

13. Receivables

EUR 1,000	FAS 2022	FAS 2021
Non-current receivables
Other receivables	72
Total	72
Receivables from group companies
Loan receivables	7,051	5,757
Total	7,051	5,757
Non-current receivables total	7,123	5,757
Current receivables
Trade receivables	11,681	22,299
Loan receivables	58
Other receivables	87	292
Prepaid expenses and accrued income	7,408	9,255
Total	19,235	31,846
Receivables from group companies
Trade receivables	11,864	7,115
Loan receivables	11,557	9,164
Other receivables	22	6,336
Total	23,443	22,615
Current receivables total	42,678	54,461
Material items included in prepaid expenses and accrued income
Prepaid royalty	2,072	2,991
Grant receivables	769	860
Other prepaid expenses	4,257	4,252
Accrued income	310	1,153
Total	7,408	9,255

14. Short-term investments

EUR 1,000	FAS 2022	FAS 2021
Fair value as at Jan 1	26	26
Fair value as at Dec 31	26	26
Shares – unlisted	26	26
Fair value as at Dec 31	26	26
Original purchase price as at Dec 31	26	26

15. Cash and short-term deposits

EUR 1,000	FAS 2022	FAS 2021
Cash at bank and in hand	42,538	39,023

Cash at bank includes also investments in short term deposits with maturity of less than 3 months (EUR 31.0 million)

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Remuneration Report go to previous view Corporate Governance Sustainability Report

16. Statement of changes in shareholders' equity

Parent Company FAS

				Unrestricted equity
EUR 1,000	Share capital	Share premium fund	Treasury shares	reserve	Retained earnings	Total equity
Equity Dec 31, 2020	1,551	165	–1,288	6,464	83,622	90,513
Result of the financial year					15,714	15,714
Dividend					–6,334	–6,334
Cost of share based payments					–416	–416
Other change			439	325		764
Equity Dec 31, 2021	1,551	165	–849	6,789	92,586	100,243
Result of the financial year					–13,660	–13,660
Cost of share based payments			694		–1,220	–526
Share issue				77,649		77,649
Reduction of share capital and
share premium reserve	–1,471	–165			1,636
Assets transferred in the demerger					–9,671	–9,671
Equity Dec 31, 2022	80		–155	84,439	69,670	154,033

17. Shareholders' equity

18. Share-based payment transactions

See group disclosure 18. Share-based payment transactions.

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Remuneration Report go to previous view Corporate Governance Sustainability Report

On 23 March 2022, WithSecure issued 15,800,000 new shares in an accelerated book-built offering deviating from the shareholders' pre-emptive subscription rights. Based on resolution of the Extraordinary General Meeting, WithSecure Corporation reduced its share capital by EUR 1,471,311.18 to EUR 80,000 and dissolved the share premium fund in relation to the demerger. The number of shares was 174,598,739 at the end of 2022.

See group disclosure 17. Shareholders' Equity.

Treasury shares

See group disclosure 17. Shareholders' Equity.

Distributable shareholders' equity on December 31, 2022

EUR 1,000
Unrestricted equity reserve	84,439
Retained earnings	83,175
Result of the financial year	–13,660
Less capitalized development expense	–10,682
Distributable shareholders' equity on December 31, 2022	143,271

19. Liabilities

EUR 1,000	FAS 2022	FAS 2021
Non-current liabilities
Deferred revenue	16,597	17,712
Interest bearing liabilities		13,000
Total	16,597	30,713
Liabilities to the group companies
Cashpool	6,694	11,711
Total	6,694	11,711
Total non-current liabilities	23,291	42,424
Current liabilities
Deferred revenue	28,010	42,385
Trade payables	3,868	5,865
Interest bearing liabilities		6,000
Other liabilities	1,983	1,790
Accrued expenses	12,562	22,978
Total	46,424	79,018
Liabilities to the group companies
Advance payments	2,802	4,654
Trade payables	14,795	14,159
Other liabilities		2,003
Total	17,597	20,816
Total current liabilities	64,021	99,834
Material amounts shown under accruals and deferred income
Accrued personnel expenses	9,206	13,586
Accrued expenses	3,356	5,977
Accrued tax		3,415
Total	12,562	22,978

20. Financial risk management objectives and policies

See Group disclosure 20. Financial assets and liabilities.

21. Operating lease commitments

The Group has entered into commercial leases on office space and on motor vehicles. Motor vehicle leases have an average life of three years and office space between two and five years with renewal terms included in the contracts.

Future minimum rentals payable under non-cancellable operating leases as at 31 December are as follows:

As lessee
EUR 1,000	FAS 2022	FAS 2021
Within one year	3,773	2,929
After one year but not more than five years	688	977
Total	4,461	3,906

22. Contingent liabilities

EUR 1,000	FAS 2022	FAS 2021
Guarantees for other group companies	110	110

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Signatures of the Board of Directors

Helsinki, February 8, 2023

Risto Siilasmaa Pertti Ervi Päivi Rekonen Chairman Kirsi Sormunen Tuomas Syrjänen Keith Bannister Tony Smith Juhani Hintikka

Managing director

Auditors' note

Our auditors' report has been issued today.

Helsinki, February 8, 2023

PricewaterhouseCoopers Oy Authorized Public Accountants

Janne Rajalahti Authorized Public Accountant

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Remuneration Report go to previous view Corporate Governance Sustainability Report

Auditor's Report

To the Annual General Meeting of WithSecure Oyj

Report on the Audit of the Financial Statements

Opinion

In our opinion

• the consolidated financial statements give a true and fair view of the group's financial position and financial performance and cash flows in accordance with International Financial Reporting Standards (IFRS) as adopted by the EU
• the financial statements give a true and fair view of the parent company's financial performance and financial position in accordance with the laws and regulations governing the preparation of the financial statements in Finland and comply with statutory requirements.

Our opinion is consistent with the additional report to the Audit Committee.

What we have audited

We have audited the financial statements of WithSecure Oyj (business identity code 0705579-2) for the year ended 31 December 2022. The financial statements comprise:

• statement of comprehensive income, statement of financial position, statement of cash flows, statement of changes in equity and notes, including a summary of significant accounting policies
• the parent company's income statement, balance sheet, cash flow statement and notes.

Basis for Opinion

We conducted our audit in accordance with good auditing practice in Finland. Our responsibilities under good auditing practice are further described in the Auditor's Responsibilities for the Audit of the Financial Statements section of our report.

We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion.

Independence

We are independent of the parent company and of the group companies in accordance with the ethical requirements that are applicable in Finland and are relevant to our audit, and we have fulfilled our other ethical responsibilities in accordance with these requirements.

To the best of our knowledge and belief, the non-audit services that we have provided to the parent company and to the group companies are in accordance with the applicable law and regulations in Finland and we have not provided non-audit services that are prohibited under Article 5(1) of Regulation (EU) No 537/2014. The non-audit services that we have provided are disclosed in note 7 to the Financial Statements.

Our Audit Approach

Overview

• Overall group materiality: €1 000 000, which represents 0.7% of consolidated revenue
• Audit scope: We have audited parent company and we have performed audit procedures related to the two most significant subsidiaries. In addition, we have performed analytical procedures to assess unusual movements across all entities.
• Valuation of goodwill
• Capitalization of R&D costs
• Partial demerger

As part of designing our audit, we determined materiality and assessed the risks of material misstatement in the financial statements. In particular, we considered where management made subjective judgements; for example, in respect of significant accounting estimates that involved making assumptions and considering future events that are inherently uncertain.

Materiality

The scope of our audit was influenced by our application of materiality. An audit is designed to obtain reasonable assurance whether the financial statements are free from material misstatement. Misstatements may arise due to fraud or error. They are considered material if individually or in aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements.

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Based on our professional judgement, we determined certain quantitative thresholds for materiality, including the overall group materiality for the consolidated financial statements as set out in the table below. These, together with qualitative considerations, helped us to determine the scope of our audit and the nature, timing and extent of our audit procedures and to evaluate the effect of misstatements on the financial statements as a whole.

Overall group materiality

€1,000,000 (previous year €1,100,000)

How we determined it

0.7% of consolidated revenue

Rationale for the materiality
benchmark applied

The groups profitability has been volatile during
the last years due to business combinations
related integration costs and amortization,
significant investments in product development
and go-to-market strategy. Therefore, we chose
revenue as the benchmark because, in our view, it
is the benchmark against which the performance
of the Group is commonly measured by users and
is a generally accepted benchmark. We chose
0.7% which is within the range of acceptable
quantitative materiality thresholds in auditing
standards.

How we tailored our group audit scope

We tailored the scope of our audit, taking into account the structure of the Group, the accounting processes and controls, and the industry in which the Group operates.

Group operates globally through several legal entities. Group's sales are mainly generated by the parent company and we have audited the parent company as part of our audit of the consolidated financial statements. In addition, we have performed audit procedures related to the two most significant subsidiaries. We have considered that the remaining subsidiaries don't present a reasonable risk of material misstatement for consolidated financial statements and thus our procedures have been limited to analytical procedures performed at Group level.

By performing the procedures above at legal entities, combined with additional procedures at the Group level, we have obtained sufficient and appropriate evidence regarding the financial information of the Group as a whole to provide a basis for our opinion on the consolidated financial statements.

Key Audit Matters

Key audit matters are those matters that, in our professional judgment, were of most significance in our audit of the financial statements of the current period. These matters were addressed in the context of our audit of the financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters.

As in all of our audits, we also addressed the risk of management override of internal controls, including among other matters consideration of whether there was evidence of bias that represented a risk of material misstatement due to fraud.

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Key audit matter in the audit of the group

Valuation of goodwill

Refer to accounting principles and note 12 for the consolidated financial statements.

Goodwill is one of the most significant balance sheet items and amounted €83.0 million at the balance sheet date. The determination and whether an impairment charge is required involves significant management judgement, including identifying on which cash generating unit level the goodwill is tested and estimating the future performance of the business and the discount rate applied to these future cash flows.

Due to materiality and judgment associated we have considered valuation of goodwill as key audit matter in the audit of the Group.

How our audit addressed the key audit matter

Our audit focused on assessing the appropriateness of management's judgment and estimates used in the goodwill impairment analysis through the following procedures:

We tested the methodology applied in the value in use calculation by comparing it to the requirements of IAS 36, Impairment of Assets, and we tested the mathematical accuracy of calculation;

We evaluated the process by which the future cash flow forecasts are drawn up, including comparing them to the latest Board approved targets and long-term plans

We tested the key underlying assumptions for the cash flow forecasts, including sales and profitability forecasts, discount rate used and the implied growth rates beyond the forecasted period

We compared the current year actual results included in the prior year impairment model to consider whether forecasts included assumptions that, with hindsight, had been optimistic

We tested whether the sensitivity analysis performed by the management around key assumptions of the cash flow forecast are appropriate by considering the likelihood of the movements of these key assumptions

Key audit matter in the audit of the group

Capitalization of R&D costs

Refer to accounting principles and note 13 for the consolidated financial statements.

Company's research and development activities consists of development of new products and product amendments.

Capitalization of R&D costs requires use of judgment as capitalization requires estimating technical and economical feasibility of the product developed. In addition, there is judgement involved in assessing recoverability of capitalized R&D costs as future cash flows generated by these intangible assets needs to be estimated.

Due to materiality and judgment associated with capitalization of R&D costs, we have considered capitalization of R&D as key audit matter in the audit of the Group.

How our audit addressed the key audit matter

We assessed appropriateness of the company's R&D capitalization policy. We evaluated the design and operating effectiveness of controls over R&D capitalization.

We assessed whether capitalization criteria for R&D projects are met. We tested a sample of costs capitalized during the year.

We evaluated the relevant assumptions used in the impairment testing of intangible assets, focusing on the reasonableness of the forecasted economic information.

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Key audit matter in the audit of the group

Partial demerger

Refer to accounting principles and note 11 for the consolidated financial statements.

In the partial demerger of WithSecure, the assets and liabilities of consumer security business were demerged from WithSecure Group using carrying values as of 30 June 2022. Until the effective date of demerger, consumer security business was reported as a discontinued operation in the consolidated financial statements.

In the consolidated financial statements of WithSecure. the partial demerger has been accounted for as a disposal to owners in accordance with IFRIC 17 Distribution of non-cash assets to owners. A distribution gain was calculated based on the difference of the fair value of consumer security business and the book value of the distributed assets and liabilities in consolidated statement of financial position. The distribution gain amounted to €450.5 million and is recognized in the result for the period for discontinued operations. The distribution gain did not have an impact on the Group equity.

Due to the significant impact on the statement of comprehensive income and the statement of financial position we have considered the accounting for the partial demerger as key audit matter in the audit of the Group.

How our audit addressed the key audit matter

We evaluated the appropriateness of the transferred assets and liabilities based on the demerger plan.

We tested the fair value determination of the transferred business.

We assessed the compliance of the accounting treatment of the partial demerger based on the demerger plan.

We have no key audit matters to report with respect to our audit of the parent company financial statements.

There are no significant risks of material misstatement referred to in Article 10(2c) of Regulation (EU) No 537/2014 with respect to the consolidated financial statements or the parent company financial statements.

Responsibilities of the Board of Directors and the Managing Director for the Financial Statements

The Board of Directors and the Managing Director are responsible for the preparation of consolidated financial statements that give a true and fair view in accordance with International Financial Reporting Standards (IFRS) as adopted by the EU, and of financial statements that give a true and fair view in accordance with the laws and regulations governing the preparation of financial statements in Finland and comply with statutory requirements. The Board of Directors and the Managing Director are also responsible for such internal control as they determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error.

In preparing the financial statements, the Board of Directors and the Managing Director are responsible for assessing the parent company's and the group's ability to continue as a going concern, disclosing, as applicable, matters relating to going concern and using the going concern basis of accounting. The financial statements are prepared using the going concern basis of accounting unless there is an intention to liquidate the parent company or the group or to

Auditor's Responsibilities for the Audit of the Financial Statements

Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor's report that includes our opinion. Reasonable assurance is a high level of assurance but is not a guarantee that an audit conducted in accordance with good auditing practice will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements.

As part of an audit in accordance with good auditing practice, we exercise professional judgment and maintain professional skepticism throughout the audit. We also:

• Identify and assess the risks of material misstatement of the financial statements, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control.

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

WithSecure 2022

Board of Directors' Report

Financial Statements

/ Statement of comprehensive income

/ Statement of financial position

/ Statement of cash flows

/ Statement of changes in equity

/ Notes to the Financial Statements

/ WithSecure Corporation financial statements

/ Auditor's Report

Remuneration Report go to previous view Corporate Governance Sustainability Report

• Obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the parent company's or the group's internal control.
• Evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by management.
• Conclude on the appropriateness of the Board of Directors' and the Managing Director's use of the going concern basis of accounting and based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the parent company's or the group's ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in our auditor's report to the related disclosures in the financial statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of our auditor's report. However, future events or conditions may cause the parent company or the group to cease to continue as a going concern.
• Evaluate the overall presentation, structure and content of the financial statements, including the disclosures, and whether the financial statements represent the underlying transactions and events so that the financial statements give a true and fair view.
• Obtain sufficient appropriate audit evidence regarding the financial information of the entities or business activities within the group to express an opinion on the consolidated financial statements. We are responsible for the direction, supervision and performance of the group audit. We remain solely responsible for our audit opinion.

We communicate with those charged with governance regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit.

We also provide those charged with governance with a statement that we have complied with relevant ethical requirements regarding independence, and to communicate with them all relationships and other matters that may reasonably be thought to bear on our independence, and where applicable, related safeguards.

From the matters communicated with those charged with governance, we determine those matters that were of most significance in the audit of the financial statements of the current period and are therefore the key audit

matters. We describe these matters in our auditor's report unless law or regulation precludes public disclosure about the matter or when, in extremely rare circumstances, we determine that a matter should not be communicated in our report because the adverse consequences of doing so would reasonably be expected to outweigh the public interest benefits of such communication.

Other Reporting Requirements

Appointment

We were first appointed as auditors by the annual general meeting on 7 April 2016. Our appointment represents a total period of uninterrupted engagement of seven years.

Other Information

The Board of Directors and the Managing Director are responsible for the other information. The other information comprises the report of the Board of Directors and the information included in the Annual Report, but does not include the financial statements and our auditor's report thereon.

Our opinion on the financial statements does not cover the other information.

In connection with our audit of the financial statements, our responsibility is to read the other information and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the audit, or otherwise appears to be materially misstated. With respect to the report of the Board of Directors, our responsibility also includes considering whether the report of the Board of Directors has been prepared in accordance with the applicable laws and regulations.

In our opinion

• the information in the report of the Board of Directors is consistent with the information in the financial statements
• the report of the Board of Directors has been prepared in accordance with the applicable laws and regulations.

If, based on the work we have performed, we conclude that there is a material misstatement of the other information, we are required to report that fact. We have nothing to report in this regard.

Helsinki 8 February 2023

PricewaterhouseCoopers Oy

Authorised Public Accountants

Janne Rajalahti Authorised Public Accountant (KHT)

WithSecure 2022 Board of Directors' Report Financial Statements Sustainability Report Corporate Governance Remuneration Report go to previous view

WithSecure

Sustainability Report

Introduction of W/Sustainability	68
Safer and greener digital world	72
A truly equitable workplace	80
Responsibly run business	86
Upright Project – estimating net impact	90
Carbon footprint	92
EU taxonomy	93
Sustainability governance in WithSecure	97

Sustainability Report 2022

Maximizing Net Impact – introduction to W/Sustainability

Introduction of W/Sustainability

For 35 years, WithSecure has existed to build and sustain trust in digital society. Companies are moving from ground to the cloud and embracing new ecosystem-driven digital platforms. Remote work is here to stay, and anything-as-aservice economy is on the rise. Businesses are intelligent and data-driven – and more vulnerable. This is where WithSecure steps in.

In 2022, we have re-assessed our ways of working on sustainability. What is the role of a cyber security software and services company in protecting the planet, people, and society? We carried out interviews with our customers, investors, and leaders, to understand the perception on areas where we can and should make a change. We conducted a survey, to give our employees a chance to express their opinions on what sustainability means for them. All feedback was analyzed through a materiality assessment framework. Our W/Sustainability program is built on the results of these important discussions.

Please note

In this and other reports, WithSecure™ refers to the brand name and trademark of WithSecure Corporation, whether registered or unregistered. WithSecure refers to the parent company WithSecure Corporation or its affiliates, or to the entire WithSecure group.

WithSecure strategy 2023–25

Sustainability is, together with the WithSecure values, forming the basis of our revised strategy of the coming years.

Foundation of trust

WithSecure purpose is to build and sustain trust in the digital society. Trust is based on our company values, Integrity, Excellence, Experimentation and Care. Each value has a set of key behaviors and leadership principles linked to them.

Integrity – "We do the right things and for the right reasons"

Integrity is crucial to cultivating trust. Integrity to us means that we do the right things and for the right reasons; that we are considering the impact of our work in "building and sustaining trust in our digital society", not just the profits we make. It means that we try our best to act in the best interests of our customers, colleagues, and partners; that we can rely on each other's support to make the hard but right decisions, stand by our commitments, and follow through with them. We are open and transparent with each other.

Excellence – "We are passionate about quality and impact"

Another part of being trustworthy to each other and to our customers is our commitment to delivering high quality work (together). It is about challenging ourselves and each other to create meaningful impact. For us, excellence is achieved through collaboration, good partnerships, continuous improvement, and customer-centricity. The impact we are especially passionate about is building and sustaining trust in the digital society.

Experimentation – " We drive for growth & continuous improvement"

Complementary to our commitment to excellence is experimentation: we are disciplined with our direction and quality, and agile and autonomous on our way there. We test our assumptions and seek evidence on how to move forward through action-orientation and experimentation. For us, experimentation is a process that helps us to strive for excellence and a mindset that allows us to accept failures as opportunities to learn and grow – we want to experiment & learn, and not get stuck in analysis over the fear of failure, and we want to cultivate curiosity, over having ready answers to everything.

Care – "We're in this together"

We care for our customers, partners, and clients through our commitment to their security. We care about how our words and actions impact our colleagues, our partners, and our society. Care is also central to our togetherness and belonging. We assume good intentions from each other; we are on the same team. We appreciate and respect each other; we care about each other's wellbeing, and it is important to us that our colleagues feel included, respected, and free to be who they are. We show up for our colleagues when life happens and help each other to succeed. It is this connection and sense of togetherness that makes us unique and our bonds strong.

69 WithSecure 2022 Board of Directors' Report Financial Statements Sustainability Report Remuneration Report go to previous view Corporate Governance / Introduction / Safer and greener digital world / Truly equitable workplace / Responsibly run business / Upright project / Carbon footprint / EU Taxonomy / Sustainability governance

Our view on sustainability:

Materiality assessment leading to W/Sustainability

We started our materiality assessment on sustainability by discussing with a large base of stakeholders: company leadership team, board members, customers and investors of what areas of sustainability they see as relevant for WithSecure. In addition, the employees were able to express their opinions through a survey. Approximately 17% of our employees participated and gave valuable feedback on the priority areas.

The results were assessed through a materiality matrix, where the significance of economic, environmental & social impacts of each topic was estimated. As a second dimension, the topic's influence on the stakeholder's assessment of decision-making was estimated. Topics with high relevance in both dimensions formed the basis of our new sustainability program W/Sustainability.

Our role of protecting the digital society and preventing damages and losses caused by cybercrime is our most important contribution to a more sustainable world. With this role, our activities will always generate a significant positive impact on society.

However, we do not want to stop there. We also want to ensure that our activities are carried out in the best possible way regarding planet, people and society around us. We want to share our knowledge and support parties who cannot always defend themselves. As a software and services company, our carbon footprint is not high, but we think we must do our part in minimizing the environmental impacts of products as well as our own activities. We employ highly skilled experts around the world and want to support their wellbeing and growth opportunities. Our internal operations must always follow highest ethical standards.

Leading guideline of W/Sustainability program will be Maximizing Net Impact – on the planet, people and society. The objective of the program is to ensure that sustainability is embedded in all our decisions. We also want to ensure full transparency of our activities to the users of our reporting.

W/Sustainability themes and topics

The W/Sustainability program is structured around three themes:

Safer and greener digital world

We keep our customers safe. Our ambition is to minimize the energy consumed by our products, without compromising the results and quality of our work. We are an active global citizen, providing our expertise to those who need it. Our customers' data is always in safe hands with us.

Truly equitable workplace

Driven by the novel and hardest cybersecurity challenges, our diverse workforce is there when it matters most. We make sure all our employees feel like they can bring their best and true self to work and enjoy the inspiring opportunities to learn and grow. We believe that by having our employees' wellbeing in the center of our business we can succeed.

Responsibly run business

We set the highest standards on how we operate every day. We conduct our business ethically, choose our partners responsibly, and strive to minimize the environmental footprint everywhere we can.

Each of these themes is structured around topics, presented in more detail in this report. We have mapped each of the themes to the relevant UN Sustainable Development Goals and present the most important metrics and objectives to understand the magnitude and impact of the theme. Our objective is to report in full compliance with the EU Corporate Sustainability Reporting Directive and the related standards when they become applicable.

The net impact of WithSecure activities has been quantified by Upright Project, an external firm, using a net impact quantification model that uses machinelearning-based technology, to process the knowledge contained in scientific articles, and resulting a net impact ratio that is comparable between companies. The results, supporting our Maximizing Net Impact approach, are presented in their own section of this report.

We have, for the first time, calculated the carbon footprint of WithSecure activities, to enable defining our path to zero emissions. The results are presented in their own section of this report.

We have conducted an analysis of our activities under the Taxonomy Regulation (2020/852) of the European Union. Results of the analysis are presented in their own section of this report.

The governance structure of W/Sustainability program and the related activities is described in its own section at the end of this report.

WithSecure 2022

Board of Directors' Report

Financial Statements

Sustainability Report

/ Safer and greener digital world

/ Truly equitable workplace

/ Responsibly run business

/ Upright project

/ Carbon footprint

/ EU Taxonomy

Remuneration Report go to previous view Corporate Governance / Introduction / Sustainability governance

Safer and greener digital world

	Topic	What good looks like	Target
Sustainable Development Goals	Co-securing outcomes	None of our customers has suffered from serious loss due to a cyber attack	Measurable target to be set in 2023
	W/You – giving back to society	We are an active global citizen, sharing our cyber security knowledge to those who need it and participating in local communities	1,000 days of work done by our employees on selected projects with partners
	Product lifecycle – all we need is less	We are actively reducing the carbon footprint caused by our products – both in the cloud and the customer endpoints	Measurable target to be set in 2023
	A secure security company	We are a Secure by design organization	No serious cyber security incident of WithSecure operation

WithSecure 2022 Board of Directors' Report

Financial Statements

Sustainability Report

/ Safer and greener digital world

/ Truly equitable workplace

/ Responsibly run business

/ Upright project

/ Carbon footprint

/ EU Taxonomy

Remuneration Report go to previous view Corporate Governance / Introduction / Sustainability governance

Co-securing outcomes

We envision a future where no one should experience a serious loss or be put out of business because of cyber-attack or crime. To walk the talk, we want to follow up and publish key metrics on how successful we have been with our customers and end users in protecting them from serious cyber-attacks.

Today, being digital is just a price of admission, but no longer a competitive advantage. Everything that can be automated and autonomously run will be. Algorithms will make more routine decisions than human beings do. Companies are moving from the ground to the cloud and embracing new ecosystem-driven digital platforms. Remote work is here to stay, and anything-as-a-service economy is on the rise.

The digital arms race has created a maze of complex, uncoordinated, and insecure systems. In 2022, approximately USD 175 bn was spent globally on cyber security and security teams will be busier than ever. But companies do not have nearly enough time, talent, or budget to stay secured. We need to rethink.

WithSecure's co-security approach is built on the first-hand knowledge that no one, or no one thing can solve every cyber security problem alone. Together, we are the solution. This commitment fuels us as we work to create a future where no one will experience a serious loss from a cyber-attack. In practice, co-security starts from the willingness to partner, expanding own knowledge, resources, and capabilities through collaboration across technology leaders, service partners, and the entire information security community.

While co-security describes how we are working, we deliver value through a focus on providing security outcomes. Outcome-based security rejects the traditional mentality, where cyber security is all about saying "no." It replaces negativity and fear with a fresh thinking that makes cyber security an asset, not liability. We collaborate with our partners and customers to produce security outcomes that are connected to business goals and deliver measurable results that improve their cyber resilience. We also want to bring security outcomes to the entire information security community by providing expertise, research, and innovation to solve today's challenges in a connected world.

Everything we do is about good partnership. That is why the proof of our worth starts and ends with what people say about working with us. We thrive when our co-securing outcomes approach manifests in concrete results.

Continuous high partner satisfaction: Net promoter score of

Partners agree that WithSecure is committed to build long-term partnerships:

4.5/5 points (2021: n.a.)

84% of our customers say that they haven't

experienced a serious loss due to a cyberattack while working with us (2021: n.a.)

Board of Directors' Report Financial Statements Sustainability Report Remuneration Report go to previous view Corporate Governance / Introduction / Safer and greener digital world / Truly equitable workplace / Responsibly run business / Upright project / Carbon footprint / EU Taxonomy / Sustainability governance

WithSecure 2022

To co-create a safer and more exciting future, WithSecure launched in 2022 its new Co-Security community program. We know that partnership is crucial to tackle the cyber security challenges business and society face together. That's why we're teaming up with some of the world's most inspiring minds to co-create a better future.

The WithSecure™ Co-Security Community exists to demonstrate how collaboration helps us unlocking fresh perspectives, share brilliant ideas, remove obstacles that hinder innovation and produce positive change through dialogue. WithSecure™ Co-Creators are athletes, artists, activists, entrepreneurs, thought leaders and innovators and known for elevating their entire field with inspirational results.

In 2022 we have worked amongst others with:

Matilda Castrén is the most successful Finnish female golf professional ever and a rising star on the LPGA Tour, the world's biggest golf tour. Matilda's unprecedented achievements have been made possible by a relentless dream, an unbreakable focus and her love for the game. Her belief, and that teamwork and long-term cooperation based on trust are invaluable, has been proven by her success.
Yuko Misonoi is an innovative wagashi confectioner creating unconventional delicacies using traditional techniques. Yuko's customers are known for coming back to her store because they want something that they can't find anywhere else, creating a shared mission that drives Yuko and her team to make wagashi with all their heart.
Santi Fox is a Finnish-American creative entrepreneur respected around the globe making content for artists, athletes, brands, media companies, and advertising agencies. His mission is to inspire, educate, and guide the next generation of creative dreamers to do new and extraordinary work.
Marcus John Henry Brown is a performance artist splitting his time between performance art, mentoring young creatives and creating exciting virtual event experiences. He has created a series of critically acclaimed performances that look at the relationships between and impact of technology, culture and commerce on society.

At our annual co-security unconference in June in Helsinki, we put co-creation in action and developed with the attendees "SPHERE22 Co-security Manifesto". During the two-day event, participants were invited to give comments, opinions, and feedback on what co-security is about. The result can be found at https://thesphere.org/manifesto.

Safer and greener digital world

W/You – giving back to society

Every employee at WithSecure plays a role in our commitment to build and sustain trust in a digital society. For more than 30 years, WithSecure has been committed to helping private and corporate foundations as well as individuals around the world who are the at the cutting edge of some of the most challenging societal questions of our time. We know we're not just securing networks, devices, or clouds – we're securing everything society does together. And we love working with those who share this commitment and want to provide our partners the resources what they need to safeguard the data and digital environment of already vulnerable populations.

In 2022, WithSecure has teamed up with different institutions and joined alliances to prevent counter attacks against vulnerable communities. The potential societal harm of cyber-attacks against critical services around the world puts people's lives at risk. By investigating confirmed and suspected compromises for those in need, we are fulfilling our role as responsible cyber security professionals.

Partnerships

To counter attacks against vulnerable communities WithSecure has teamed up with Switzerland-based CyberPeace Institute, an independent non-governmental organization whose mission is to protect the security, dignity, and equity of people in cyberspace.

Through the collaboration with CMI – Martti Ahtisaari Peace Foundation, WithSecure aims to develop awareness of the important role technology plays in peacemaking and helps providing security. Digital technologies are becoming increasingly important for making and maintaining peace. In this way digital tools can support in the creation of peace processes that lead to sustainable peace. And as NGOs, foundations or non-profits share the same cyber security concerns as businesses WithSecure has also facilitated a series of workshops with the goal of uplifting CMI's cyber security practices and governance maturity. This work covered all major elements that make up an effective cyber security management ranging from cyber risk management practices to elements like vendor management and technical capabilities. This work will continue with more in-depth implementations in 2023.

After Russia invaded Ukraine in February 2022, WithSecure launched a series of support activities to contribute to the relief efforts, including

Supporting our employees, especially those most directly affected by the crisis
Offering F-Secure Freedome VPN in Ukraine free of charge
Donating 100,000 € through Unicef, SOS Children's Village and Polish Humanitarian Action helping the families and children fleeing the country
Providing refugees in Poland with our old cleaned, unused laptops to be used for studies or work
Supporting our employees across our European locations in their volunteer activities with flexible time off
Advertizing our open positions in Poland and Finland for the refugees with relocation support

WithSecure 2022 Board of Directors' Report Financial Statements Sustainability Report Remuneration Report go to previous view Corporate Governance / Introduction / Safer and greener digital world / Truly equitable workplace / Responsibly run business / Upright project / Carbon footprint / EU Taxonomy / Sustainability governance WithSecure's partnership with Cloud Security Alliance aims to help define and raise awareness of best practices that will support a secure cloud computing environment. Working with the Cloud Security Alliance allows us to join forces with other security-minded providers of cloud services and collectively raise the bar for security on software-as-a-service, infrastructure-as-a-service, and platform-as-a-service offerings. It also offers the opportunity for joint research which amplifies our reach to educate users on the advantages and challenges in the cloud that they need to be aware of.

When charities, hospitals, and other institutions that our digital society depends on face cyber threats that jeopardize their work, our Mission Invisible Team is ready. Our experts step in to offer an unseen hand when it matters most. From security strategy to incident response, we aim to do our part to serve those who serve us all.

To make the future generation aware about cyber security challenges we are executing programs to educate children and their parents and teachers to help keep younger people safe online. Our experts are also lecturing at universities to raise the profile of cybersecurity as an attractive career and are running in-house cyber security academies to train the next cyber responders' elite.

Research work – WithSecure™ Labs

WithSecure has published 150+ advisories, on our WithSecure™ Labs website which receives 30,000 views per month. We regularly share around 25 articles and whitepapers each year to benefit the wider industry and present at prestigious security conferences worldwide. To improve the cyber-security industry, we make publicly available tools we have developed through our security research, many of which have been made publicly available on sites like GitHub at no charge. Many of these tools have since been adopted industry wide. We enable our clients to be socially responsible by protecting the IT that allows their employees to work more flexibly.

Home | WithSecure™ Labs

WithSecure 2022

Board of Directors' Report

Financial Statements

Sustainability Report

Remuneration Report go to previous view Corporate Governance / Introduction / Safer and greener digital world

/ Truly equitable workplace

/ Responsibly run business

/ Upright project

/ Carbon footprint

/ EU Taxonomy

/ Sustainability governance

Product lifecycle – all we need is less

With the progressing digitalization, energy efficiency of software is becoming an increasingly relevant aspect. Through the principles of "green coding", significant differences in the energy consumption of both cloud capacity and endpoint energy can be obtained. As part of our responsibility for an energy efficient world, we are following up and optimizing the energy consumption of our products, without compromising the protection results and keeping track on data processing practices. Almost in full, it takes place in cloud environments, while share of own or leased data centers is becoming negligible (for more, see Carbon footprint section of this report).

Optimizing cloud capacity

Processing data in a public cloud consumes energy and creates greenhouse gas emissions. While the cloud operators are working on making the data centers carbon-free, our objective as a significant public cloud user is to become more responsible in using the cloud capacity.

The cyber security products, by default, require massive amounts of processing power. The data sets that need to be collected, processed, enriched, and analyzed are only getting larger with the developing digitalization. At the same time, the cyberattacks are getting more complex. WithSecure has made significant efforts and investments in optimizing the cloud usage and reducing cloud hosting costs during 2022. This has enabled us to significantly reduce the cloud usage and the related carbon emissions during 2022.

In our work, the event counts and backend efficiency were identified as main drivers for cloud capacity usage. Event count reductions were implemented e.g., through automatic filtering of events by rate, limiting and deduplicating mostly on the edge. We also improved manual filtering, reducing the event counts before the heavy processing of data. To improve the backend efficiency, we have carefully reviewed the data retention periods, as well as the reserved

98% of data processed in cloud environments

35% reduction of carbon footprint from cloud usage from 2021 to 2022

instance utilization. Through architectural improvements, such as minimizing more expensive traffic and storage classes, further optimizations of energy consumption and cost were reached. As a result of these measures, the cost of 1M events dropped by approximately 26% in 2022.

Optimizing the use of availability zones

We are actively following the cloud service providers' attempts of moving to renewable energy sources in their data centers. Most of our data is currently processed in data centers located in Europe or the US, where usage of renewable energy sources is already very advanced. In cases where the data processing cannot be moved to a more energy-efficient location (for example due to data residency aspects), WithSecure expects its suppliers to progress in transforming their operations towards renewable energy.

Releasing greener software

In addition to reducing our own energy consumption, we want to optimize our end customers' energy efficiency. In 2022, WithSecure built capacity for measuring the endpoint energy consumption in a standardized environment,

WithSecure 2022 Board of Directors' Report

Financial Statements

Sustainability Report

/ Safer and greener digital world

/ Truly equitable workplace

/ Responsibly run business

/ Upright project

/ Carbon footprint

/ EU Taxonomy

Remuneration Report go to previous view Corporate Governance / Introduction / Sustainability governance

Safer and greener digital world

A secure security company

to enable comparisons between newer and older software releases. We will start regular measurements of the release versions, and comparisons to the 2022 baseline. We expect significant effects of scale with the approximately 6 million endpoints that we influence. The programmers will also be trained on "green coding" practices, to ensure collective learning and improvements of the products. Our target is to create measurable metrics for the endpoint energy usage during 2023.

Further, it will be crucial to have all the agents and deployed software to be automatically upgraded (through channel upgrades). This way WithSecure customers avoid long tail of machines using legacy versions of the software. Energy savings will be generated by no need to maintain backend systems running to support old versions but also pushing better energy-wise versions of agent software to protected devices.

We would also like to actively participate in promoting the energy efficiency standardization through the software industry. The company already started approaching government agency to encourage work on independent energy efficiency standards for software and computing.

Throughout the years, we have continuously worked to elevate our internal cybersecurity posture while helping our customers elevate theirs through the products and services we offer. This is externally evidenced by the acquisition of ISO 27001 certification and in getting the ISAE 3000 standard in 2022.

For 8 years, we have been committed to fixing vulnerabilities in our products that security researchers have identified. From 2015 to 2022, we have paid out approximately 200,000 euros in Bug Bounty payments for 247 vulnerabilities that have been discovered in our products. The aim of the Bug Bounty program is to encourage security researchers to report the issues to us so we could fix them before they are discovered and exploited by attackers.

As far back as the organization's memory and documentation goes, WithSecure (previously F-Secure), has not suffered any cybersecurity incident that has a material impact to the organization. In order to protect the organization even further, WithSecure has acquired cyber insurance since 2019.

The cyber risk consciousness of the organization also extends to the risk governance of the Board of Directors. The Chief Information Security Officer (CISO) presents cybersecurity risk updates to either the Audit Committee or the whole Board of Directors 3–4 times annually.

Even with the above achievements, we cannot rest. An organization can never achieve a state of being completely digitally secure. Attackers are continuously finding ways to get into the assets that an organization has, and these threat actors may find valuable. Cybersecurity is all about continuously raising the bar and one of the most sustainable ways of doing this is to build an organization that is secure by design. An organization that bakes cybersecurity into its processes, systems, and ways of working – where cybersecurity is not an add-on, but an integral foundation for the different processes of the organization. Our aim is to be a secure by design organization, and to demonstrate how others can be the same.

CISO's need strong support from the company leadership in a secure by design organization. Since security is part of the design, CISO's need to be part of the decision making as early as possible. This is a challenge when the CISO is under several organizational layers from the CEO. To give our internal cybersecurity a stronger voice in the organization, we elevated the CISO role to be a company leadership role. Starting 2023, the CISO becomes part of the global leadership team. And as a first order of business, representatives across the different units and functions have been identified to be part of a virtual team

that works directly with the CISO function to identify and help elevate cyber hygiene in their own respective areas.

Privacy as an integral part of Data Security

As part of our measures on security, privacy is a high priority to us. We ensure that our customers' personal data is protected and safe, while maximizing our protection capabilities and providing world class cyber security. To ensure our customers' security and privacy WithSecure applies strict security measures to protect the personal data in our solutions. We are continuously assessing our privacy processes, to ensure that our employees are aware of the importance of, and able to take the right decisions in privacy-related matters.

We seek to protect our customers' privacy, not to sell it. All WithSecure solutions are produced independent of governmental direction. We recognize that there is an imbalance between the defenders of fair practices and human rights, and online criminality and the offensive capabilities of nation state threat actors. To level the playing field, WithSecure refuses to introduce backdoors in our products and will detect malware no matter what the source is.

Privacy Principles

We know that our customers care how WithSecure collects, uses, and shares their personal data, and we work hard to earn and maintain our customers' trust. Across all our solutions, our approach to privacy begins with being respectful of our customers' data privacy, being transparent about our personal data processing activities, and maintaining strict security measures. We inform our customers of our privacy principles, practices, and processing activities in our privacy policies. Our regularly reviewed group-wide privacy strategy and personal data policy strengthens and further develops our privacy posture. All new WithSecure employees take mandatory privacy and cybersecurity trainings.

WithSecure privacy policies Privacy | WithSecure™

Privacy and cybersecurity oversight

WithSecure's Audit committee receives reports from management and reports to the Board at least annually on privacy and cybersecurity matters. This committee also reviews the measures implemented by WithSecure to identify and mitigate privacy and cybersecurity risks.

ISO27001 and ISAE3000 certifications for cyber security

Cyber insurance in place since 2019

We have never

suffered a material cyber incident

WithSecure 2022 Board of Directors' Report

Financial Statements

Sustainability Report

Remuneration Report go to previous view Corporate Governance / Introduction / Safer and greener digital world

/ Truly equitable workplace

/ Responsibly run business

/ Upright project

/ Carbon footprint

/ EU Taxonomy

/ Sustainability governance

A truly equitable workplace

Truly equitable workplace

	Topic	What good looks like	Target
Sustainable Development Goals	Living WIDE every day	Our employees are satisfied with their overall well-being	Measurable target to be set in 2023
		Our employees feel they can be themselves at work	Measurable target to be set in 2023
	Equal and inspiring opportunities to learn and grow	Right systems, processes, and partnerships are in place to create a workplace where people can thrive no matter of their background	> 70% of employees agree or strongly agree with: "I have good opportunities to learn and grow at WithSecure"

WithSecure 2022

Board of Directors' Report

Financial Statements

Sustainability Report

/ Safer and greener digital world

/ Truly equitable workplace

/ Responsibly run business

/ Upright project

/ Carbon footprint

/ EU Taxonomy

Remuneration Report go to previous view Corporate Governance / Introduction / Sustainability governance

A truly equitable workplace

Living WIDE every day

Our purpose is to build and sustain trust in a digital society. Every single human "out there" is part of the digital society, in one way or the other. Therefore, if we want to be successful, we must be as diverse as the society we wish to serve. We deliver outcome-based security, through our diverse workforce and by making sure all our employees feel like they can bring their best and true self to work.

Our commitment to Wellbeing, Inclusivity, Diversity and Equity (WIDE) is not because it is considered as the "right thing to do", nor is it a box ticking exercise. Our commitment allows us to benefit from wider perspectives, experiences, and skills. This in turn enhances our creativity and ability to innovate, enriches our approach to problem-solving, and expands our ability to experiment.

Our commitment is guided by our values of Integrity, Care, Excellence and Experimentation, and is built on our foundation of Trust.

Our objectives are:

1) We ensure our employees' wellbeing comes first
2) We create an inclusive culture built on trust
3) We value diversity in everything we do
4) We are committed to advancing equal access to opportunities taking into consideration individual needs

We are at the start of our WIDE journey; the program was introduced in late 2022, as part of our People & Culture strategy. In 2023, we will launch a WIDE Forum inviting employees to shape the WIDE agenda. We will also focus on learning more about the topic, raising awareness, listening to our employees and we aim to set more measurable goals and targets for Wellbeing and Diversity by the end of 2023. We will take our time to ensure we understand our current landscape both internally and externally and plan to partner up with external Inclusion Specialists to support us on our journey.

Financial Statements Sustainability Report

Board of Directors' Report

WithSecure 2022

/ Safer and greener digital world

/ Truly equitable workplace

/ Responsibly run business

/ Upright project

/ Carbon footprint

/ EU Taxonomy

Remuneration Report go to previous view Corporate Governance / Introduction / Sustainability governance

Our employees, %

Our WIDE Strategy
			With us
		Our purpose is to build and sustain trust in a digital society
		Most loved place to work in cyber security by having a truly inclusive culture
	Removing barriers		Creating opportunities	Winning hearts & minds
3 ways of working				Raising awareness and educating
with each pillar	Identifying any barriers impacting minority groups to access		Designing ways to increase diversity, inclusion, wellbeing and access to	employees to enable support and understanding of each other's
	opportunities		opportunities	experiences
	Wellbeing	Inclusion	Diversity	Equity
4 Strategic pillars	Ensuring everyone has the	Ensuring everyone can	Aiming to be as diverse as	Ensuring all employees
	support they need to take good care of their physical	bring their true self to work and feel heard & seen	the society we serve	have access to fair opportunities based on their
	health and safety as well as mental health			individual needs

We monitor our employee's wellbeing and opinions on WIDE topics by a pulse survey 3–4 times a year. Employees are asked about their satisfaction with their overall wellbeing and to monitor inclusivity, they are also asked their opinion of how they feel they can be themselves at work. According to the latest results (December 2022) 74% of our employees rate their wellbeing at work as good or extremely good. According to the same survey, 89% of them agree or strongly agree that that they can be themselves at work.

"During Pride month, there's a lot to be grateful for. Especially when one lives in a country which recognizes marriage equality and works in an organization that does not tolerate discrimination. Being able to get married and have a family with a range of benefits and support from both the government and WithSecure is something my younger self couldn't even imagine.

I have hopes that what is now true for selected countries and organizations will become a global norm one day. But for now, we continue to march and raise the flag to actively push for and celebrate equality."

Christine Bejerasco, CISO

WithSecure 2022

Board of Directors' Report

We have launched a 'WIDE Forum' and invited employees to come together and collectively work on this initiative. The purpose of the forum is to create a safe space for people to discuss issues, topics, ideas important for them, to help the company improve its diversity and to identify areas where the company can enhance employee wellbeing more and help line managers make all employees feel included. The Forum can also be used as sounding board for new ideas, products, and other business initiatives. The Forum will start its activities in January 2023.

We have identified a need for awareness raising in general and in addition to already existing training initiatives like Mental health training for line managers and our Values based leadership development programme which are open to all our people leaders, we plan to focus our efforts in supporting our leaders further in topics such as inclusive recruitment and assessment, cultural awareness, wellbeing, remote working and performance management.

1,295 employees

In 18 different countries

72 nationalities

74% of employees rate their wellbeing at work somewhat or extremely good

89%

of employees agree or strongly agree that they can be themselves at work

Financial Statements Sustainability Report Remuneration Report go to previous view Corporate Governance / Introduction / Safer and greener digital world / Truly equitable workplace / Responsibly run business / Upright project / Carbon footprint / EU Taxonomy / Sustainability governance

Equal and inspiring opportunities to learn and grow

WithSecure employs approximately 1,300 experts in cyber security product research and development, consulting, sales and marketing, and in other areas around the world. Our experts strive to stay a step ahead of the competition and, more importantly, the criminals. One of the moonshot goals in our strategy is to be the most beloved place to work in cyber security. The increasing complexity and challenges of the industry have led to a global shortage of competence, and the companies in the industry must find new ways of attracting and retaining talent.

As part of our daily operations, we are responsible for growing the next generation of cyber security professionals.

Internships and Associates

WithSecure's award-winning internship program is designed to find and develop the next generation of Security Consultants. After receiving the Princess Royal Training Award in 2018 in recognition of the quality of the internship program, WithSecure has continued to build on the program's strengths to ensure our interns develop abilities that would enable them to break into the industry.

Interns at WithSecure complete practical training courses in areas including application security, network security, reverse engineering, and cryptography to provide them with the core technical skills required by penetration testers around the globe. Upon completion of the training, interns work side by side with WithSecure's world renowned researchers to investigate a chosen area. Past research topics have included cloud security, the Windows kernel, machine learning applications to security, malware characteristics and detection, and global cyber security strategies.

In addition to the award-winning internship program, WithSecure has a Consulting Associate Scheme, designed to give entry-level consultants the best foundation for a rewarding and meaningful career in cyber security. With this training program we offer young talents with full-time roles as part of our consulting teams, assigned time for their self-development, and dedicated mentoring support.

In our main markets, we have hired approximately 50 new associates during 2022, who are currently on their way of becoming the future cyber security experts. They have the advantage of working with our frontline experts and dedicating time for their own research work to benefit the worldwide cyber security community.

Professional development

Our objective is that all our people feel they are fully supported in their professional development at WithSecure.

Growth mindset and experimentation culture are key themes that we specifically want to develop in 2023. Experimentation being one of our values means that we are fostering a culture of continuous development and improving and evolving through experimentation to deliver even better impacts on society, customers, and wellbeing of our employees.

We believe that feedback is a critical component in continuous development of our people and business. In 2022, feedback was integrated even more strongly into our core processes: talent development discussions, leadership development, and our everyday operations. We started training our line managers on how to give feedback, how to have meaningful development conversations with their teams, and how to speak about our values and expected behaviours and leadership principles with their teams.

In late 2022, we launched a tool and campaign for our employees to encourage them and give guidance on how to create meaningful Personal Development Plans. The aim of this is to support our people in identifying long- and short-term development goals, designing an action plan to address the identified development needs and to reach their goals, and providing them with a structure to have meaningful conversations with their line managers about personal growth and their career plans.

Providing our employees with inspiring learning and growth opportunities is in the core of personal development.

We aim to ensure that all employees can benefit from excellent on-the-job learning possibilities. In 2022, we published a new on-the-job learning guide. In this guide, we talk more about what learning on the job means in practice and we give some practical tools for enhancing learning on the job. We also have an in-house volunteer initiative to complement other mentoring programs and to remove silos, support the employees' personal growth and to have fun together.

WithSecure 2022 Board of Directors' Report Financial Statements Sustainability Report

/ Safer and greener digital world

/ Truly equitable workplace

/ Responsibly run business

/ Upright project

/ Carbon footprint

/ EU Taxonomy

Remuneration Report go to previous view Corporate Governance / Introduction / Sustainability governance

Leadership in fostering the values

Our leaders have a key role in fostering living by our values. In 2022, we launched a new values-based leadership development program called "Core – Values-based Leadership". The program focuses on our core – our values. It supports our leaders to live and lead by our values. It fosters the continuous leadership development and growth and strengthens the social networks and collaboration within the company.

Three cohorts of people leaders completed the program in 2022, and there are several cohorts already planned for 2023. Through this program we are heavily investing in building our leadership competencies.

22%

of line managers completed values-based leadership training during the first year of the program (2022)

60%

of employees completed a Personal Development Plan and defined development goals for themselves

714 € – average external training spend per

employee (per headcount)

69%

of employees agree or strongly agree with "I have good opportunities to learn and grow at WithSecure"

WithSecure 2022 Board of Directors' Report

Financial Statements

Sustainability Report

/ Safer and greener digital world

/ Truly equitable workplace

/ Responsibly run business

/ Upright project

/ Carbon footprint

/ EU Taxonomy

Remuneration Report go to previous view Corporate Governance / Introduction / Sustainability governance

Responsibly run business

We set the highest standards on how we operate every day. We conduct our business ethically, choose our partners responsibly, and strive to minimize the environmental footprint everywhere we can.

Responsibly run business

	the environmental footprint everywhere we can.

Responsibly run business
	Topic	What good looks like	Target
Sustainable Development	Doing the right thing	All employees, suppliers and contractors act according	> 95% of new employees have completed WithSecure
Goals		to the WithSecure Code of Conduct	Code of Conduct training
	Chasing zero – in, out and between offices
	Sustainable ways of working	We make our workplace as sustainable as we can	Green Office pledge is fully implemented in WithSecure offices by end of 2024
	Sustainable travel	Our employees know the choices they make on CO2 emissions when travelling on business	Reduction of CO2 emissions from business flights – measurable target to be set in 2023

WithSecure 2022 Board of Directors' Report

Financial Statements

Sustainability Report

/ Truly equitable workplace

/ Responsibly run business

/ Sustainability governance

Doing the right thing

WithSecure exists to build and sustain trust in the digital society. At WithSecure, we want to do what is right. Trust ensures we will succeed in our mission. Trust is earned when action matches words. Everyone working for WithSecure has a critical role in building and maintaining the trust in the eyes of each other and earning the trust of our customers.

Code of Conduct

We foster a culture that supports the highest standards of ethical conduct. The foundation of all activities is our Code of Conduct; it guides everything we do. Also, WithSecure suppliers and partners are expected to act responsibly and comply with the principles set in the Code of Conduct. WithSecure Code of Conduct covers the following areas:

• Building trust in society
• Responsible working with malware and offensive techniques
• Intellectual property rights and confidentiality
• Equality and diversity
• Protecting human rights
• Respecting the enviroment
• No bribery or corruption
• Preventing conflicts of lnterest
• Securities markets compliance
• Trade compliance
• Fair competition

WithSecure's Code of Conduct reflects the company's business culture for highest standards of ethical conduct, sets clear expectations on the business conduct and provides guidance for critical risk areas. It guides us on everything we do. All new employees complete the mandatory Code of Conduct training as part of their induction. Code of Conduct and the related training were updated during 2022 to reflect the new strategy and brand. Additionally, the training

was updated to better recognize the different roles at WithSecure and to place more emphasis on sustainability aspects as to raise awareness about the Whistleblowing Channel.

WithSecure has also various role-based compliance trainings, as well as guidelines and policies to support the decision-making in different situations.

Policies, public:	Policies, internal:
Code of Conduct	Insider Policy
Remuneration Policy	Corporate Procurement Policy
Disclosure Policy	Background Check Policy
Modern Slavery Statement	Anti-Bribery Policy
Whistleblowing Policy	Export Control Policy
	Competition Law Instructions

Anti-bribery / Gifts and hospitality

WithSecure has issued an Anti-Bribery Policy that applies to all employees. It defines the rules to be applied related to gifts, hospitality, travelling and accommodation, specific terms concerning governmental officials, as well as the process for escalation as needed. Ethical business practices are emphasized in contracts and the company engages in continuing dialogue with relevant stakeholders.

Everyone at WithSecure must apply the highest standards of ethical conduct.

• We do not make or accept any bribes or other improper payments.
• We never engage in fraudulent practices.
• We do not give or accept gifts or hospitality over the appropriate limits.
• We do not endorse or provide financial support to individual political parties.
• When conducting business with any governmental body, we carefully abide by all applicable regulations and ethical standards.

We do not tolerate any form of bribery, corruption or fraudulent practices by our partners or any parties acting on our behalf.

/ Upright project

/ Carbon footprint

/ EU Taxonomy

/ Sustainability governance

Whistleblowing

At WithSecure everyone has a professional responsibility to speak up, report any possible corrupt, illegal or other undesirable conduct and take required actions after such conduct is discovered.

To enable this, WithSecure provides an effective, objective, confidential and secure Whistleblowing Channel which allows both WithSecure employees and other stakeholders to express their concerns or suspicions openly and safely. WithSecure Whistleblowing Channel was launched to all stakeholders during 2022, following its internal launch at the end of 2021. The Whistleblowing Channel is available to all stakeholders 24/7. It is maintained by impartial and independent service provider to ensure objective and timely handling of reports.

Export control

At WithSecure we are relentlessly fighting against criminals and disruptive forces. Our products, solutions and consulting services are meant to protect human rights, individuals, entities, and the society by defending them from malicious actors. In line with this mission, we are equally committed to ensuring that malicious actors do not obtain any advantages by gaining access to or utilizing WithSecure's innovative cyber security technology and services. Our actions are three-fold:

• We control that WithSecure's technology and solutions are exported and classified according to the applicable export control regulations
• We do not deliver our technology or solutions to individuals, entities or governments that are targeted by relevant sanctions laws
• We require that our distributors and other partners adhere to the equivalent standards of compliance and ethics.

The war in Ukraine has significantly increased the uncertainty in the world and the risk of unexpected disruptions of the world economy. Any such events might also impact the WithSecure business. The war has increased the awareness of the importance of cyber security, especially for companies, and it will continue impacting the corporate cyber security market.

For corporate responsibility reasons, WithSecure is not conducting business with any Russian or Belarussian parties, even in cases where it would be permitted by the export control regulations.

Internal control and risk management

WithSecure's internal control and risk management processes support the management of sustainability and seek to ensure that risks related to the business operations of the company are properly identified, evaluated, monitored and reported in compliance with the applicable regulations.

Additional information on the company's internal control and risk management processes, is disclosed in the annual Corporate Governance Statement.

Code of conduct training completed by 95.61% (305/319) of new employees

Whistleblowing channel fully rolled out in 2022

WithSecure 2022 Board of Directors' Report

Financial Statements

Sustainability Report

/ Safer and greener digital world

/ Truly equitable workplace

/ Responsibly run business

/ Upright project

/ Carbon footprint

/ EU Taxonomy

Remuneration Report go to previous view Corporate Governance / Introduction / Sustainability governance

Chasing zero – in, out and between offices

We are a software and services company, and the environmental footprint of our operations is not very large. However, it is important for us to do our share in reducing the amount of waste and emissions produced by our operations.

Offices

WithSecure has offices in 18 cities around the world. Majority of the operations are concentrated in Helsinki (Finland), London (UK), Kuala Lumpur (Malaysia) and Poznan (Poland). WithSecure operates in leased premises, and therefore cannot always fully control the decisions taken by landlords on the energy efficiency of the buildings. We are following up with the landlords that all available measures are taken to optimize heating, cooling, lighting, and waste management at our office premises. We are establishing "Green office pledge" guidelines for our own activities in the offices and investigating possible changes in rental premises. In 2023–2024, our plan is to ensure that the guidelines are implemented in our offices that are not yet fully compliant.

We support green commuting of the employees through various measures. In three of our locations, we offer a bicycle benefit for the employees, to encourage cycling to work. In three locations, we provide commuting allowances to support use of public transportation.

Business travel

In 2022, the WithSecure travel policy was updated with considerations regarding sustainability. Our business, involving many multi-location teams, will always require some travelling, but our target is to travel only when needed, and utilize all methods of digital collaboration for other occasions. We also support the environmentally friendly ways of travelling and will set targets for reducing flight-related CO2 emissions.

18 office sites

18 countries

646 MWh of energy consumed by offices in 2022

1,084 tonnes of CO2 emissions from business flights in 2022

IN NOVEMBER 2022, the foundation stone of the last building of Wood City, the wooden quarter in Helsinki, was laid. The building will house the headquarters of the companies WithSecure and F-Secure. The building is one of the first projects in Finland to comply with EU taxonomy. The project aims to have a positive environmental impact, i.e., a large "carbon handprint". The new premises will be taken into use during 2024. The first floor, basement and elevator/ stairwell shafts of the office building will be made of concrete, and floors 2–7 will be made of wood. Engineered wood like CLT (cross-laminated timber) has a range of environmental benefits, including being much lighter than many building materials, so less heavy machinery and energy is needed during construction. Buildings can also be quicker to complete since there is no drying phase as there is with concrete. Wooden buildings also remove more carbon dioxide from the atmosphere than they emit; they can retain carbon that is absorbed from the atmosphere by trees for five to six decades. "Wood City is a true example of wood construction and office building skills, combining design and sustainable development. We are creating a lifecycle-wise city by building from renewable material that binds carbon dioxide and making the premises first-class energy efficient." says Saku Kosonen, unit director of construction company SRV's business premises in the Helsinki metropolitan area.

(Sources: SRV and BBC)

WithSecure 2022 Board of Directors' Report

Financial Statements

Sustainability Report

/ Safer and greener digital world

/ Truly equitable workplace

/ Responsibly run business

/ Upright project

/ Carbon footprint

/ EU Taxonomy

Remuneration Report go to previous view Corporate Governance / Introduction / Sustainability governance

Upright Project – estimating net impact

The net impact profile is a bird's eye view of the holistic net impact created by WithSecure's business. The analysis is based on WithSecure's core business, meaning the products and services offered, and it takes into consideration the entire value chain of those services – from the materials needed to produce the hardware required all the way to the customer industries WithSecure serves. The profile has been calculated and produced by the Upright Project's net

impact quantification model, which uses machine-learning-based technology to process the knowledge contained in millions of scientific articles.

WithSecure's net impact ratio of +42% is clearly positive, i.e., WithSecure creates more value compared to the resources it uses. WithSecure's main positive impacts are on society and knowledge and the biggest resources used are scarce human capital and environmental resources.

	IMPACT	NECATIVE	SCORE	POSITIVE
€	Society	-0.1 18	+5.4	+5.6
	Jobs		+1.4	+1.4 n
	Taxes		+2.3	+2.3 T
	Societal infrastructure		+0.3	+0.3
	Societal stability	-0.1 @	+1.4	+1.5
	Equality & human rights	-0.0 I	+0.0	4 +0.0
0	Knowledge	-3.4	-0.5	+2.9
	Knowledge infrastructure		+1.7	+1.7
	Creating knowledge		+0.9	+0.9 1
	Distributing knowledge	-0.0	+0.3	+0.3
	Scarce human capital	-3.4	-3.4
0	Health	-0.4	+0.5	+0.9
	Physical diseases	-0.2 =	-0.1	0 +0.1
	Mental diseases	-0.1 !	-0.0	1 +0.0
	Nutrition	-0.0	+0.0	+0.0
	Relationships	-0.1 @	+0.1	= +0.2
	Meaning & joy	-0.0 1	+0.6	+0.6
4	Environment	-1.6	-1.5	+0.0
	GHG emissions	-0.7 0-	-0.7	1 +0.0
	Non-GHG emissions	-0.2 ■	-0.1	+0.0
	Scarce natural resources	-0.3 =	-0.3	+0.0
	Biodiversity	-0.1 @	-0.1	+0.0
			-0.3	+0.0

Remuneration Report go to previous view Corporate Governance / Introduction

Board of Directors' Report

WithSecure 2022

Financial Statements Sustainability Report

/ Safer and greener digital world

/ Upright project / Carbon footprint / EU Taxonomy

/ Truly equitable workplace / Responsibly run business

/ Sustainability governance

Society

Like all companies, WithSecure has a positive impact on society by creating jobs and paying taxes and thus contributing to the joint resources of society. The taxes impact consists of corporate taxes and value-added taxes.

WithSecure's positive impact on societal infrastructure mainly stems from downstream, i.e., the customers. By producing cybersecurity software for example energy and finance sectors, which are considered the basic infrastructure needed by our modern society to function, WithSecure contributes to protecting and enabling this infrastructure.

The positive impact on societal stability is one of WithSecure's major impacts. All WithSecure's products and services inherently have a very positive impact on societal stability, since they are targeted towards preventing and fighting cybercrime and attacks, which destabilize society.

Knowledge

Knowledge infrastructure is the infrastructure that enables the effective and safe creation, distribution, and maintenance of knowledge, information, and data. WithSecure's products are an essential component for this kind of infrastructure leading to a very positive impact.

WithSecure's positive knowledge creation happens mainly through consultative products and services, like for example external asset mapping or penetration tests, where potential cybersecurity threats and vulnerabilities are analyzed, and new knowledge is created.

The positive impact on distributing knowledge mainly stems from cybersecurity training, where knowledge is communicated to larger audiences. Some small impacts are also inherited through downstream industries such as information and communications.

This impact measures the opportunity cost of scarcely available human resources. The assessment includes the level and scarcity of the required education needed to produce the products and services offered.

WithSecure employs highly educated coders and cybersecurity specialists who are scarcely available leading to a prominent impact. This is WithSecure's main resource used. This is very typical for software companies and this resource is used to create all the positive impacts.

Health

Safety creates long-term feelings of happiness and well-being. WithSecure directly impacts this by protecting cyber safety in various industries with all its products.

The small positive and negative impacts are inherited through downstream industries, mainly the arts, entertainment, and recreation industry and the information and communications industry, which include activities that promote a sedentary lifestyle that has adverse health effects. On the other hand, many of these industries also enable means of communication and improved health.

The environmental impacts of WithSecure are modest. Upright's model considers all parts of the value chain, so in addition to internal impacts also upstream (e.g., production of hardware used) and downstream (industries served).

Environment

WithSecure's main source of greenhouse gas (GHG) emissions is the electricity used to run the software. Small portions of the GHG emissions also stem from downstream, from industries such as manufacturing and energy. Also, small impacts are inherited from upstream through the emissions emitted when the hardware needed is manufactured.

This impact measures the consumption of rare natural resources. The rare earth elements required for electrical components and consequently required for the hardware used by WithSecure are the main cause of this impact.

Impact stems mainly from the electronic waste created by the hardware needed to maintain WithSecures systems, i.e., hardware used internally but also hardware needed by services WithSecure uses, such as cloud computing.

WithSecure 2022 Board of Directors' Report Financial Statements Sustainability Report

/ Safer and greener digital world

/ Truly equitable workplace

/ Responsibly run business

/ Upright project

/ Carbon footprint

/ EU Taxonomy

Remuneration Report go to previous view Corporate Governance / Introduction / Sustainability governance

Carbon footprint

We have, for the first time, calculated our carbon footprint in 2022.

We partnered up with external sustainability consultants to ensure the most comprehensive and accurate estimation of our carbon footprint. We followed the Greenhouse Gas (GHG) Protocol, which is the most widely used guideline for greenhouse gas accounting in the world. By calculating a baseline for the year 2022, WithSecure is now equipped with concrete knowledge to focus on chasing zero emissions. We aim to set a timeline for reduction targets in 2023.

WithSecure's total 2022 emissions amounted to 4,960 tons of CO2 equivalent (CO2e). This number is an equivalent of 1,078 typical petrol passenger cars' emissions per year.

We did not identify any emissions in Scope 1 (from owned offices, vehicles, and fugitive emissions).

Similarly, since we lease our office buildings in each of our global locations, we did not identify Scope 2 emissions for WithSecure.

According to a typical nature of software and service companies, the bulk of our emissions were identified as Scope 3 indirect emissions. We were able to identify five main categories in which WithSecure produced emissions in 2022 as presented in the attached graph.

CO2 emissions (tonnes), % in 2022

Category 1 – Goods and services

The biggest emission category for WithSecure was the purchasing of goods and services, amounting to 62% of our total emissions in 2022. Emissions from purchased goods and services (excluding cloud data processing) were calculated with GHG Protocol's spend-based method, where we collected the economic value of goods and services purchased and applied a relevant secondary emission factor (sourced from EXIOBASE v3). The cloud data processing is reported separately, using carbon footprint data received from the data center service providers. We also separate the emissions from PR and marketing, as this is one of the largest single identifiable groups within the goods and services category, amounting to 29% of our total emissions.

Category 5 – Waste emissions

Waste emissions (0.4%) were calculated using the GHG Protocol's average-data method, where average annual waste produced per capita was determined and the amount of waste by estimated treatment method was calculated. The applicable emission factor (sourced from DEFRA) was then utilized for each waste amount by treatment type. The waste treatment methods considered were landfill, combustion, and open-loop recycling.

Category 6 – Business travel (flights)

The second biggest emission category was business travel, which amounted to 22% of the total emissions for WithSecure in 2022. The business travel category represents only flights booked during the year 2022. Due to data limitations, other elements of business travel (for instance hotels and restaurant expenses) were included in category 1. The emissions from flights were calculated using the GHG Protocol's distance-based method, where the flight distance was determined and the appropriate emission factor (here from DEFRA and EPA) was used. The data for flight distances was sourced from internal travel data and third-party data provided by travel agencies.

Category 7 – Employee commuting

Employee commuting (11%) was calculated using the GHG Protocol's distance-based method, where distance per each travel method (air, train, bus, cycling and walking) was determined and the relevant emission factor for the method (sourced from DEFRA) was applied. Calculations accounted for the estimated split of travel method per country, average distance to work and estimated office days per week. Employee benefits, such as bicycle, car or public transportation benefits were included in the calculations and used to inform estimates of travel mode per country.

EU taxonomy

Category 8 – Upstream leased assets

We captured our emissions associated with electricity consumption (5%) in Scope 3 category 8. We report our electricity emissions using the locationbased method from the GHG Protocol. This method attributes electricity consumption by location and by the appropriate emission factor that represents the carbon intensity of the electricity supply in that location. In locations where electricity consumption data was not available, we used the average consumption of our offices per square meter to estimate the consumption. Furthermore, in situations where WithSecure shares office space with external parties, the office electricity consumption corresponds with WithSecure's proportion of each office.

The emission calculations were carried out with a team consisting of our internal subject matter experts and external sustainability consultants. To get an accurate an estimation of our greenhouse emissions as possible, we first familiarized ourselves with the GHG protocol and identified the relevant scopes and categories for WithSecure. After this exercise, we identified methods of gathering data wherever applicable, and worked together with the consultants to turn the raw data into comparable emissions. This was the first iteration of the carbon footprint calculation for WithSecure. Now that we have a baseline, our intention is to continue developing the process of capturing our carbon footprint in the future. We will closely follow the further developments of the carbon footprint reporting requirements and complete the assessments when new legislation is published, or new information regarding its application becomes available.

WithSecure has performed an analysis of the EU Taxonomy Regulation (2020/852), Commission Delegated Regulation (2021/2139) on Taxonomy screening criteria, Commission Delegated Regulation (2021/2178) on Taxonomy disclosures and other related guidance from the European Commission, on reporting the activities that qualify as contributing substantially to climate change mitigation or climate change adaptation, i.e., being taxonomy aligned.

The analysis has been performed in collaboration between the WithSecure product team, financial controlling and sustainability team and an external sustainability consultant.

Cyber security software, while supporting a wide range of activities in becoming digital and therefore reducing the need of physical materials and transportations of goods and people, as well as reducing the incremental cost of cybercrime to the society, is not an activity addressed by the current climate change mitigation and climate change adaptation taxonomy, hence it is not taxonomy eligible.

According to the European Commission, the purpose of the current Taxonomy Climate Delegated Act is to include the sectors producing the largest emissions. As a company operating in a low-emission sector, WithSecure business activities are not listed in the current EU Taxonomy and therefore they are not considered to be taxonomy eligible.

We will closely follow the further developments of the taxonomy reporting requirements and complete the assessments when new legislation is published, or new information regarding its application becomes available. New activities, with new environmental targets in future versions of the taxonomy might be more relevant for WithSecure and trigger a need of re-assessing both eligibility and alignment.

Taxonomy-eligible turnover

Taxonomy-eligible turnover is defined as the proportion of net turnover derived from products or services, including intangibles, associated with Taxonomyeligible economic activities.

Based on the analysis of the current economic activities listed in taxonomy, WithSecure business activities belong to Activity 8.2 Computer programming, consultancy and related activities (NACE J 62) of the Commission Delegated Regulation (2021/2139). Within the Taxonomy, Activity 8.2 is not defined as enabling, which following the definition of turnover in Annex I of the Commission

Delegated Regulation (2021/2178), cannot be defined as eligible or aligned. Additionally, Activity 8.2 is defined within the Taxonomy as an 'adapted' activity, which according to the technical screening criteria cannot be considered eligible unless the reporting entity can demonstrate that a climate risk and vulnerability assessment has been performed and that an expenditure plan has been set up to implement adaptation solutions that reduce the activity's most significant physical climate risks as set out in Appendix A to Annex II of the Delegated Regulation (2021/2139). As a result, WithSecure reports 0% of eligible its revenue to be taxonomy eligible and therefore no technical screening criteria apply, meaning the revenue cannot be taxonomy aligned.

Table – Proportion of turnover from products or services associated with Taxonomy-aligned economic activities – disclosure covering year 2022

				Substantial contribution criteria					DNSH criteria ('Does Not Significantly Harm')
Economic activities (1)	Code(s) (2)	Absolute turnover (3), MEUR	Proportion of turnover % (4),	% mate change mitigation (5), Cli	% mate change adaptation (6), Cli	marine % resources (7), Water and	% my (8), Circular econo	% Pollution (9),	% ms (10), Biodiversity and ecosyste	mitigation (11), Y/N mate change Cli	adaptation (12), Y/N mate change Cli	resources (13), Y/N marine Water and	my (14), Circular econo Y/N	Pollution (15), Y/N	ms (16), Y/N Biodiversity and ecosyste	m safeguards (17), Y/N mu Mini	year 2022 (18), Percent proportion of turnover, my-aligned Taxono	proportion of turnover, my – aligned year (19), Percent Taxono	Category (enabling activity or) (20), E	Category '(transitional activity)' (21), T
A. TAXONOMY-ELIGIBLE ACTIVITIES			%
Turnover of environmentally sustainable activities (Taxonomy aligned) (A.1)		0	0%	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	0%	n.a.	n.a.	n.a.
Turnover of Taxonomy-eligible but not environmentally sustainable activities (not Taxonomy-aligned activities) (A.2)		0	0%
Total (A.1 + A.2)		0	0%														%		%
B. TAXONOMY-NON-ELIGIBLE ACTIVITIES
Turnover of Taxonomy-non eligible activities (B)			134.7 100%
Total (A + B)			134.7 100%

WithSecure 2022 Board of Directors' Report Financial Statements Sustainability Report

/ Safer and greener digital world

/ Truly equitable workplace

/ Responsibly run business

/ Upright project

/ Carbon footprint

/ EU Taxonomy

Remuneration Report go to previous view Corporate Governance / Introduction / Sustainability governance

Operating expenses

The Operating expenses included in the taxonomy assessment are defined as direct non-capitalised costs that relate to research and development, building renovation measures, short-term lease, maintenance and repair, and any other direct expenditures relating to the day-to-day servicing of assets of property, plant and equipment by the undertaking or third party to whom activities are outsourced that are necessary to ensure the continued and effective functioning of such assets (2021/2178).

In the WithSecure calculation, operating expenses related to rental of premises (including depreciations for leased premises accounted for under IFRS 16 standard), maintenance of premises as well as other expenses related to the functioning of the leased and owned property, plant and equipment are included in the taxonomy assessment.

WithSecure has transitioned to third-party cloud platforms of Amazon Web Services (AWS) and Microsoft Azure for majority of its operations. Cloud hosting costs are not included in the Operating expense subject to taxonomy assessment.

Small number of transactions is still processed through co-located data center facilities. Most of the processing will transfer to cloud platforms during 2023 and the existing facilities will be decommissioned. The most recent advice from the EU Commission regarding materiality of the OPEX KPI (Second Draft Commission Notice, dated 19 December 2022) states where operating expense is considered as 'not material' for the business model for a non-financial undertaking, the reporting entity is exempted from the calculation of the numerator of the operating expense KPI and can disclose that numerator as being equal to zero. WithSecure has assessed that the operating expense associated with the co-located data center facilities is not material and therefore reports a taxonomy eligible operating expense of 0%.

Table – Proportion of OpEx from products or services associated with Taxonomy-aligned economic activities – disclosure covering year 2022

				Substantial contribution criteria						DNSH criteria ('Does Not Significantly Harm')
							%
Economic activities (1)	Code(s) (2)	Absolute turnover (3), MEUR	Proportion of turnover % (4),	% mate change mitigation (5), Cli	% mate change adaptation (6), Cli	marine % resources (7), Water and	my (8), Circular econo	% Pollution (9),	% ms (10), Biodiversity and ecosyste	mitigation (11), Y/N mate change Cli	adaptation (12), Y/N mate change Cli	resources (13), Y/N marine Water and	my (14), Circular econo Y/N	Pollution (15), Y/N	ms (16), Y/N Biodiversity and ecosyste	m safeguards (17), Y/N mu Mini	year 2022 (18), Percent proportion of turnover, my-aligned Taxono	proportion of turnover, my – aligned year (19), Percent Taxono	Category (enabling activity or) (20), E	Category '(transitional activity)' (21), T
A. TAXONOMY-ELIGIBLE
ACTIVITIES			%
OpEx of environmentally sustainable activities (Taxonomy aligned) (A.1)		0	0%	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	0%	n.a.
OpEx of Taxonomy-eligible but not environmentally sustainable activities (not Taxonomy-aligned activities) (A.2)		0	0%
Total (A.1 + A.2)		0	0%														%		%
B. TAXONOMY-NON-ELIGIBLE ACTIVITIES
Turnover of Taxonomy-non eligible activities (B)			6.63 100%
Total (A + B)			6.63 100%

WithSecure 2022

/ Responsibly run business

/ Upright project

/ Carbon footprint

/ EU Taxonomy

/ Sustainability governance

Capital expenses

The Capital expenses included in the taxonomy assessment are defined as additions to tangible and intangible assets during the financial year considered before depreciation, amortisation and any re-measurements, including those resulting from revaluations and impairments, for the relevant financial year and excluding fair value changes (2021/2178).

WithSecure capital expenses (MEUR 4.77) include capitalizations of long-term IT projects and development expenditure on new products or product versions with significant new features, according to IAS 38 accounting standard. A minor part of capital expenses relates to capitalization of employee laptops and other hardware, as well as office renovation expenses.

According to the Delegated Regulation (2021/2178), the capital expenses to be considered as eligible must be any of the following:

(a) related to assets or processes associated with Taxonomy-aligned economic activities, including training and other human resources adaptation needs, and direct non-capitalised costs that represent research and development;

(b) part of the CapEx plan to expand Taxonomy-aligned economic activities or allow Taxonomy-eligible economic activities to become Taxonomy-aligned within a predefined timeframe
(c) related to the purchase of output from Taxonomy-aligned economic activities and to individual measures enabling the target activities to become low-carbon or to lead to greenhouse gas reductions as well as individual building renovation measures as identified in the delegated acts adopted pursuant to Article 10(3), Article 11(3), Article 12(2), Article 13(2), Article 14(2) or Article 15(2) of Regulation (EU) 2020/852 and provided that such measures are implemented and operational within 18 months.

Research work relates to developing the current activities that are considered as non-eligible for taxonomy reporting (see paragraph Taxonomy-eligible turnover above). Taxonomy eligibility of WithSecure capital expense is therefore 0%.

WithSecure 2022 Board of Directors' Report Financial Statements Sustainability Report

/ Safer and greener digital world

/ Truly equitable workplace

/ Responsibly run business

/ Upright project

/ Carbon footprint

/ EU Taxonomy

Remuneration Report go to previous view Corporate Governance / Introduction / Sustainability governance

Table – Proportion of CapEx from products or services associated with Taxonomy-aligned economic activities – disclosure covering year 2022

				DNSH criteria Substantial contribution criteria ('Does Not Significantly Harm')
Economic activities (1)	Code(s) (2)	Absolute turnover (3), MEUR	Proportion of turnover % (4),	% mate change mitigation (5), Cli	% mate change adaptation (6), Cli	marine % resources (7), Water and	% my (8), Circular econo	% Pollution (9),	% ms (10), Biodiversity and ecosyste	mitigation (11), Y/N mate change Cli	adaptation (12), Y/N mate change Cli	resources (13), Y/N marine Water and	my (14), Circular econo Y/N	Pollution (15), Y/N	ms (16), Y/N Biodiversity and ecosyste	m safeguards (17), Y/N mu Mini	year 2022 (18), Percent proportion of turnover, my-aligned Taxono	proportion of turnover, my – aligned year (19), Percent Taxono	Category (enabling activity or) (20), E	Category '(transitional activity)' (21), T
A. TAXONOMY-ELIGIBLE ACTIVITIES			%
CapEx of environmentally sustainable activities (Taxonomy aligned) (A.1)		0	0%	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	%	n.a.
CapEx of Taxonomy-eligible but not environmentally sustainable activities (not Taxonomy-aligned activities) (A.2)		0	0%
Total (A.1 + A.2)		0	0%														%		%
B. TAXONOMY-NON-ELIGIBLE ACTIVITIES
Turnover of Taxonomy-non eligible activities (B)			4.77 100%
Total (A + B)			4.77 100%

Sustainability governance in WithSecure

WithSecure has established governance principles of its sustainability program as part of the work done in 2022. The objective is to formalize these principles in a Sustainability policy during 2023.

WithSecure Board of Directors approves the program-level priorities and objectives on sustainability. Both Non-financial information included in the Board of Directors' report and the separate Sustainability Report are approved by the Board of Directors, as part of the Annual report approvals. Audit Committee of the Board reviews the progress and key results of the program.

Global Leadership Team (GLT) is responsible for the implementation of the strategy, including sustainability. WithSecure Chief Financial Officer oversees the sustainability coordination and ensures that the program is appropriately resourced and working on the right areas, supporting the program priorities. Each program topic has a "home team" who execute the program as part of their other work. GLT owner of each home team is responsible for the achievement of the sustainability objectives in their area. Any sustainabilityspecific topics are CFO's responsibility.

Home teams are represented in a cross-functional sustainability team, regularly reviewing the program progress and designing sustainability-specific activities. Investor relations director, reporting to the CFO, coordinates the work of the team.

WithSecure's target is to continue implementing the sustainability program into the company activities, increasing awareness, and enabling full compliance with the Corporate Sustainability Reporting Directive of the European Union and the related standards, when they become applicable.

WithSecure 2022

Board of Directors' Report

Financial Statements

Sustainability Report

Remuneration Report go to previous view Corporate Governance / Introduction / Safer and greener digital world

/ Truly equitable workplace

/ Responsibly run business

/ Upright project

/ Carbon footprint

/ EU Taxonomy

/ Sustainability governance

WithSecure

Corporate Governance

99 WithSecure's Corporate Governance Statement
Board of Directors 105
108 Global Leadership Team

WithSecure 2022 Board of Directors' Report Financial Statements Sustainability Report Corporate Governance Remuneration Report go to previous view

WithSecure's Corporate Governance Statement 2022

WithSecure's Corporate Governance Statement

Corporate Governance at WithSecure

WithSecure's corporate governance practices are based on applicable Finnish laws, the rules of Helsinki Stock Exchange (Nasdaq Helsinki Oy) and the regulations and guidelines of Finnish Financial Supervisory Authority as well as the company's Articles of Association. This statement has been prepared in accordance with the Finnish Corporate Governance Code 2020 (publicly available at http://cgfinland.fi/en/) issued by the Securities Market Association of Finland.

Up-to-date information about WithSecure's governance is available on the company's website at https://www.withsecure.com/en/about-us/investor-relations.

Governing bodies

WithSecure's highest decision-making body is the General Meeting of Shareholders which elects the members of the Board of Directors. The Board of Directors is responsible for the administration of WithSecure and appropriate organization of its operations. The Board of Directors appoints the CEO. The CEO, assisted by the Global Leadership Team, is responsible for managing the company's business and implementing its strategic and operational targets.

General Meeting of Shareholders

Under the Limited Liability Companies Act, shareholders exercise their decisionmaking power at the General Meeting.

The General Meeting is normally held once a year as an Annual General Meeting (AGM). The AGM decides on matters stipulated by the Articles of Association and the Limited Liability Companies Act, including:

• adoption of the Financial Statements
• distribution of profit for the year
• discharging the members of the Board of Directors and the CEO from liability
• election of members of the Board and the decision on the remuneration of the Board members
• approval of the Remuneration Policy and the Remuneration Report
• election of the auditor and the decision on the auditor's remuneration, and
• other proposals submitted to General Meeting

Each share carries one vote in the General Meeting.

A shareholder may propose items to be included on the agenda provided they are within the authority of the meeting, and the Board of Directors has received the request in advance in accordance with the set schedule. The invitation to the AGM is published as a stock exchange release and is made available on the company's website.

WithSecure 2022

Board of Directors' Report

Financial Statements

Sustainability Report

Corporate Governance

/ Corporate Governance Statement

/ Board of Directors

/ Global Leadership Team

2022:

The AGM was held on 16 March 2022 at the company's headquarters in Helsinki.

In addition, an Extraordinary General Meeting (EGM) was held on 31 May 2022 to decide on the partial demerger and the separation of WithSecure's consumer security business.

The meetings were held based on the so-called temporary act so that shareholders participated in the meeting and exercised their shareholder rights only by voting in advance and by submitting counterproposals and asking questions in advance.

The resolutions and the meeting minutes of the AGM and EGM are available on WithSecure's website.

Board of Directors

The Board of Directors is responsible for the administration of WithSecure and appropriate organization of its operations. The Board's operations, responsibilities and duties are based on the Finnish Companies Act and other applicable legislation and are supplemented by the Board Charter. These cover the following main areas:

• approving the strategy of WithSecure, overseeing its operations and annual budgets
• appointing and dismissing the CEO
• approving any major investments, acquisitions, changes in corporate structure or other matters that are significant or far-reaching
• ensuring that the supervision of the company's accounting and financial management is duly organized
• ensuring that internal control and risk management systems are in place
• approving personnel policies and rewards systems
• preparing matters to be handled at the General Meeting

The Board of Directors meets as frequently as necessary and according to the Board Charter at least five times during its term. The Board of Directors has quorum when more than half of the members are present. An annual self-assessment is carried out by the Board to evaluate its operations. The Board of Directors primarily strives at unanimous decisions. If a decision cannot be made unanimously, the decision will be made by voting and with single majority. If the votes are even, the Chair's vote is decisive.

In accordance with WithSecure's Articles of Association, the Board of Directors comprises three to seven members, who are elected at the Annual General Meeting for a period of office that extends to the subsequent AGM. The Board of Directors represents all shareholders.

Diversity is an essential part of WithSecure's success. According to Diversity Principles established by the Board of Directors, an optimal mix of diverse backgrounds, expertise and experience strengthens the Board's performance and promotes creation of long-term shareholder value. The Diversity Principles of the Board of Directors aim to strive towards appropriately balanced gender distribution. Both genders are represented in the Board of Directors.

To create openness, one member of the Board of Directors is elected from among WithSecure's personnel. An election is arranged annually for WithSecure personnel and each permanent WithSecure employee is eligible to stand as a candidate. The Personnel Committee interviews three persons who have obtained the highest number of votes in the elections, and chooses a candidate from amongst them to be proposed for election as a member of the Board by the Annual General Meeting. Tony Smith was appointed to the Board of Directors through this process in 2022.

The majority of Board members are independent from the company and from its major shareholders. For a detailed description of the members of the Board of Directors and their shareholdings see the end of this statement.

2022:

In 2022 the Board of Directors convened 22 times, Audit Committee 6 times and Personnel Committee 6 times.

WithSecure 2022

Board of Directors' Report
Financial Statements

Sustainability Report

Corporate Governance

/ Corporate Governance Statement

/ Board of Directors

/ Global Leadership Team

101

WithSecure 2022

Board of Directors' Report

Financial Statements

Sustainability Report

Corporate Governance

/ Corporate Governance Statement

/ Board of Directors

/ Global Leadership Team

Remuneration Report go to previous view

Members of the Board of Directors and the Committees

Members	Independence of the company	Independence of major shareholders	Board (Meeting attendance)	Audit Committee (Meeting attendance)	Personnel Committee (Meeting attendance)
Risto Siilasmaa	Yes	No 1)	Chair (22/22)		Member (6/6)
Pertti Ervi	Yes	Yes	Member (22/22)	Chair/Member 2) (6/6)
Päivi Rekonen	Yes	Yes	Member (22/22)		Chair/Member 3) (6/6)
Tuomas Syrjänen	Yes	Yes	Member (22/22)		Chair/Member 3) (6/6)
Keith Bannister	Yes	Yes	Member (21/22)	Member (6/6)
Kirsi Sormunen (as of 16 March 2022)	Yes	Yes	Member (18/18)	Chair/Member 2) (4/4)
Tony Smith (as of 16 March 2022)	No 4)	Yes	Member (17/18)	Member (4/4)
Åsa Riisberg (until 16 March 2022)	Yes	Yes	Member (4/4)	Member (2/2)
Robin Wikström (until 16 March 2022)	No 5)	Yes	Member (4/4)	Member (2/2)

1) Risto Siilasmaa is the founder of WithSecure and on 31 December 2022 owned 34.37% of WithSecure shares.

2) Pertti Ervi served as the Chair of the Audit Committee until 31 July 2022, and Kirsi Sormunen has served as the Chair of the Audit Committee from 1 August 2022 onwards.

3) Päivi Rekonen served as the Chair of the Personnel Committee until 16 March 2022, and Tuomas Syrjänen has served as the Chair of the Personnel Committee from 16 March 2022 onwards.

4) Tony Smith was elected from among WithSecure's personnel in 2022, according to the process described above.

5) Robin Wikström was elected from among WithSecure's personnel in 2021, according to the process described above.

Board Committees

In 2022, the Board established two committees: Audit Committee and Personnel Committee (nomination and remuneration matters). The Board of Directors appoints from among itself the members and the Chair of the committee. Each committee must have at least three members. The Board of Directors confirms the main duties and operating principles of each committee. The duties of each committee are defined in the committee charters which are available on WithSecure's website at https://www.withsecure.com/en/about-us/investor-relations.

Audit Committee

The Audit Committee reviews, instructs and evaluates risk management, internal supervision systems, IT strategy and practices, financial reporting as well as auditing of the accounts and internal auditing. The Audit Committee is neither a decision-making nor an executive body. Audit Committee also prepares a proposal for the election of auditor to the Board of Directors and regularly considers the need for a separate internal audit function. Members of the Audit Committee must have broad business knowledge, as well as sufficient expertise and experience with respect to the committee's area of

responsibility and the mandatory tasks relating to auditing. The majority of members of the Audit Committee shall be independent from WithSecure and at least one member shall be independent of the company's significant shareholders. A person who participates in the day-to-day management of WithSecure group companies (for example as the managing director) cannot be appointed to the Audit Committee. The Board elects the chair and secretary of the Audit Committee. The Audit Committee calls in experts to its meetings if they are necessary for the matters to be discussed. All members of the Board of Directors may, at their discretion, attend Audit Committee meetings. Materials of the Audit Committee meetings are made available for all members of the Board of Directors.

The Audit Committee convenes at least four times a year as notified by the Chair of the Committee. Members of the Audit Committee are listed in the table above.

Personnel Committee

The Personnel Committee prepares material and instructs with issues related to the composition and compensation of the Board of Directors and remuneration of the other members of the top management of the company. The Committee

assists in the preparation of Board proposals to the shareholders related to these matters, as governed by the Finnish Companies Act. Personnel Committee is neither a decision-making nor an executive body. Personnel Committee calls in experts to its meetings when necessary for the issues to be discussed. Materials of Personnel Committee meetings are made available for all members of the Board of Directors.

The Personnel Committee convenes at least two times a year as notified by the Chair of the Committee. Members of the Personnel Committee are listed in the table above.

President and CEO

The Board of Directors appoints and may dismiss the CEO and decides upon the CEO's remuneration and other benefits in accordance with the Remuneration Policy. The CEO is responsible for the day-to-day management of the company. The CEO's main duties include:

• managing the business according to the instructions issued by the Board of Directors
• presenting the matters to be handled in the Board of Directors' meetings
• implementing the decisions made by the Board of Directors
• other duties determined in the Limited Liability Companies Act

2022:

Juhani Hintikka has been WithSecure's President and CEO since 1 November 2020.

The biographical details of the CEO including the shareholdings are specified later in this report. The remuneration of the CEO is specified in WithSecure's Remuneration Policy and Report.

Global Leadership Team

The Global Leadership Team supports the CEO in the daily operative management of the company.

2022:

Current information on the WithSecure Global Leadership Team can be found on our website: https://www.withsecure.com/en/about-us/investor-relations.

For descriptions of all members of the Global Leadership Team during 2022 and their roles, respective membership periods and shareholdings, see the end of this statement.

WithSecure 2022

Board of Directors' Report

102

Financial Statements

Sustainability Report

Corporate Governance

/ Corporate Governance Statement

/ Board of Directors

/ Global Leadership Team

Internal control and risk management

Risk Management

Risk management and internal control processes at WithSecure seek to ensure that risks related to the business operations of the company are properly identified, evaluated, monitored and reported in compliance with the applicable regulations.

WithSecure's Board of Directors defines the principles of risk management and internal controls which are followed within the company. The Audit Committee assists the Board in the supervision of WithSecure's risk management function. The CEO is accountable for ensuring that the risk management principles are implemented and applied constantly and consistently across the organization.

The primary goal of WithSecure's risk management principles is to empower the organization to identify and manage risks more effectively. The potential negative impact and probability of different situations arising from our business operations on the company, its customers, or its partners are monitored as part of the risk management process. Another objective of the risk management is to constantly monitor and pro-actively control the impact and/or probability of situations derived from our business operations which may have a negative impact on WithSecure, its customers, or its partners. Proactive monitoring, risk simulation and stress testing also allows building strategic resilience in the company and its business operations. Risk management may also be utilized to identify opportunities for benefit.

WithSecure promotes continuous risk evaluation by the company's personnel. The relevant operational risks identified through the risk management process are regularly reviewed by the CEO and Global Leadership Team and the company's statutory auditor. Risk Management is an integrated part of WithSecure's governance and management, and the risk management process is aligned with the ISO-31000 standard. The Audit Committee regularly conducts a review of top operational risks and evaluates the effectiveness of the risk management system.

Internal Control

Internal Control, supported by Risk Management, is an important element of WithSecure's management system. The Board of Directors is responsible for ensuring that the operating principles for internal control have been defined, and that the company monitors the functioning of internal control.

WithSecure has defined its objectives for internal control based on the globally applied principles. Internal control consists of e.g. policies, processes, procedures as well as control and monitoring activities. Internal Control is

designed to provide reasonable assurance regarding the achievement of WithSecure's objectives in following categories:

• Effectiveness, efficiency and transparency of operations on all levels in accordance with the WithSecure strategy;
• Reporting, including financial and non-financial, external and internal, to the Board, management, shareholders and stakeholders being complete, reliable, relevant and timely;
• Compliance with applicable laws, regulations and WithSecure policies and instructions.

WithSecure's Internal Control Operating Principles define the roles, design and practices of internal control. The principles provide guidance on how internal control is implemented at different levels, systems and amongst employees and outsourced functions. Internal control over financial reporting consists of risk identification and assessment, processes and internal control points and internal control monitoring and reporting.

Internal audit

Audit Committee considers the need for and appropriateness of a separate Internal Audit function on a regular basis. To date, the Audit Committee has concluded that, due to the size, organizational structure and largely centrally controlled financial management of the company, a separate Internal Audit function is not necessary.

In the absence of an Internal Audit function, attention is paid to periodical review of the written guidelines and policies concerning accounting, reporting, documentation, authorization, risk management, internal control and other relevant matters in all departments. Related controls are also tested annually. The guidelines and policies are coordinated by the company's finance department with active involvement by the legal department.

The absence of a separate Internal Audit function is considered when defining the scope of the company's external audit. Where necessary, the Internal Audit services will be purchased from an external service provider.

To facilitate transparency and exchange of information on Internal Audit related matters, the financial management team has frequent meetings with the auditors. The Audit Committee also meets regularly with the auditors.

WithSecure provides an effective, objective, confidential and secure Whistleblowing Channel which allows both WithSecure employees and other stakeholders to express their concerns or suspicions openly and safely.

WithSecure 2022

Board of Directors' Report

103

Financial Statements

Sustainability Report

Corporate Governance

/ Corporate Governance Statement

/ Board of Directors

/ Global Leadership Team

WithSecure Whistleblowing Channel was launched to all stakeholders during 2022, following its internal launch at the end of 2021. The Whistleblowing Channel is available to all stakeholders 24/7. It is maintained by impartial and independent service provider to ensure objective and timely handling of reports.

Related party transactions

The Audit Committee defines the principles for monitoring and assessing WithSecure's related party transactions. The definition of the related parties is based on IAS 24 standard. WithSecure collects information about its related parties on regular basis. The Board of Directors decides on related party transactions that are not conducted in the ordinary course of business of the company or are not implemented under arm's-length terms. Related party transactions are disclosed as part of financial statements according to the applicable legislation.

Insider management

WithSecure complies with the applicable legislation, including EU Market Abuse Regulation (MAR), the regulations of the Finnish Financial Supervisory Authority as well as Nasdaq Helsinki's Guidelines for Insiders. WithSecure has established its own insider policy to complement the regulation and guidelines above.

WithSecure maintains a list of all persons who have regular access to company's financial data. Due to the sensitive nature of financial information, persons having access to financial information before publication of an interim financial report or a year-end report shall be subject to a thirty (30) day trading restriction prior to publication of such report.

In addition, WithSecure maintains a project-specific insider list of any projects and events which, if realized, would be likely to have a significant effect on the value of WithSecure's shares or other financial instruments, and which have been subject to delaying of disclosure in accordance with MAR.

WithSecure has decided not to include any persons as permanent insiders. All persons with inside information regarding a project will be included in the project specific insider list.

Persons discharging managerial responsibilities comprise the Board of Directors, the CEO and other members of the Global Leadership Team. These persons have a duty to notify WithSecure and the Finnish Financial Supervisory Authority of every transaction in their own account relating to Financial Instruments of WithSecure within three business days. The company publishes these notifications as a stock exchange release, as specified by MAR. All

releases published on managers' transactions are available on the company's website.

Auditors

The auditor is elected by the Annual General Meeting for a term of service ending at the close of the next Annual General Meeting. The auditor is responsible for auditing the consolidated and parent company financial statements and accounting. The auditor reports to the Board of Directors or the Audit Committee at least once a year.

2022:

WithSecure has been audited by PricewaterhouseCoopers with Janne Rajalahti, Authorized Public Accountant, as the responsible auditor.

WithSecure paid the auditor EUR 130,000 in audit fees (2021: EUR 150,000), and EUR 2,302,000 (2021: EUR 347,000) for non-audit services.

WithSecure 2022

Board of Directors' Report

104

Financial Statements

Sustainability Report

Corporate Governance

/ Corporate Governance Statement

/ Board of Directors

/ Global Leadership Team

Board of Directors

In this section are the biographies of the Members of the Board of Directors during 2022

Risto Siilasmaa Chair of the Board of Directors since 2006 Born 1966, M.Sc. (Engineering)

Pertti Ervi

Member of the Board since 2003 Born 1957, B.Sc. (Electronics)

WithSecure 2022

Board of Directors' Report

105

Financial Statements

Sustainability Report

Corporate Governance

/ Corporate Governance Statement

/ Board of Directors

/ Global Leadership Team

Remuneration Report go to previous view

Main employment history:

Founder, President and CEO, Member of the Board, WithSecure, 1988–2006 Chair of the Board 2012–2020, Member of the Board 2008–2012, Interim CEO 2013–2014, Nokia Corporation

Chair of the Board 2016–2018, Vice-Chair of the Board 2013–2015, Member of the Board 2007–2019, The Federation of Finnish Technology Industries Vice Chair of the Board 2017–2018, Member of the Board 2007–2010 and 2013–2016, Confederation of Finnish Industries EK

Current board memberships and public duties:

Member of the Board, CybExer Technologies, 2022– Founder and Member of the Board, F-Secure Corporation, 2022– Member of the Board, Futurice Oy, 2018– Member of the Board, Pixieray Oy, 2021– Member of the Board, Quanscient Oy, 2022– Member of the Board, Upright Oy, 2022- Chair, Technology Advisory Board appointed by the Finnish Government 2020– Senior Advisor, Boston Consulting Group, 2020– Member, Komatsu International Advisory Board, 2020– Member, Yonsei University School of Business, Global Advisory Board, 2020– Member, International Advisory Board of IESE, 2019– Member, Global Tech Panel, an initiative of EU High Representative for foreign affairs and security policy, 2018– Founding Partner, Chair of the Board, First Fellow Partners, 2016–

Main employment history:

Currently an independent management consultant and professional board member

Chair of the Board 2017–2020, Member of the Board 2009–2017, Teleste Corporation

Chair of the Board, Comptel Corporation, 2011–2017

Co-CEO, Member of the Executive Board, Computer 2000 AG, 1995–2000 Co-founder, Managing Director, Computer 2000 Finland Corporation, 1983–1995

Current board memberships and public duties:

Chair of the Board, F-Secure Corporation, 2022– Chair of the Board, QPR Software Corporation, 2021– Member of the Board, Pointsharp Ab, 2021–

Chair of the Board 2011–, Member of the Board 2008–, Efecte Corporation

Päivi Rekonen

Member of the Board since 2017 Born 1969, M.Sc. (Economics), M.Sc. (Social Sciences)

Main employment history:

Independent strategy advisor and professional board member, 2018– Managing Director, Group Technology, UBS, 2014–2018 Senior Vice President, Global Head of Digital Strategy, Adecco Group, 2011–2012 Head of IT, Credit Suisse, 2007–2009 Various leadership positions, Cisco Systems, 1998–2007 Various leadership positions, Nokia Corporation, 1990–1998 Current board memberships and public duties: Member of the Board, Wipro Ltd, 2022– Chair of the Board, SEBA Bank AG, 2020– Member of the Board, Efecte Corporation, 2018–

Member of the Board, Konecranes Corporation, 2018–

Tuomas Syrjänen

Member of the Board since 2019 Chair of the Personnel Committee Born 1976, M.Sc. (Engineering)

Main employment history:

Data & AI Renewal, Futurice Oy, 2019– CEO, Futurice Oy, 2008–2018 Head of Business Unit, Futurice Oy, 2003–2008 Business Development, Futurice Oy, 2001–2002 Current board memberships and public duties: Chair of the Board of Directors, Flow Technologies Oy, 2021– Member of the Board, Vaisala Corporation, 2019– Member of the Board, Futurice Oy, 2018– Member of the Board, Taaleri Corporation, 2017–

Keith Bannister

Member of the Board since 2020 Born 1966, B.Sc. (Hons) (Mathematics and Computer Science)

Chartered Accountant (Fellow of ICAEW) Non-Executive Director – FT Advanced Professional Diploma Main employment history: Partner, KPMG LLP, 2000–2018 Various leadership positions, KPMG LLP, London UK, 1987–2018 Current board memberships and public duties: Member of the Board of Governors, Bridewell Royal Hospital, 2020– WithSecure 2022

Board of Directors' Report

106

Financial Statements

Sustainability Report

Corporate Governance

/ Corporate Governance Statement

/ Board of Directors

/ Global Leadership Team

Remuneration Report go to previous view

Kirsi Sormunen

Member of the Board since 2022 Chair of the Audit Committee Born 1957, M.Sc. (Economics)

Main employment history:

Member of the Board, DNA Plc, 2014–2021 Member of the Board, VR Group, 2017–2020 Member of the Board, Sitra, 2013–2020 Member of the Board, Neste Corporation, 2013–2017 Vice President, CSR/Sustainability/CSO, Nokia Corporation, 2004–2014 Various leadership positions in F&C, Nokia Corporation, 1993–2004 Current board memberships and public duties: Member of the Board, Exel Composites, 2020– Senior Advisor, DIF / Directors Institute of Finland, 2016–

Tony Smith

Member of the Board since 2022 Born 1971

Non-current members

Åsa Riisberg

Board member since March 2021 until March 2022

Robin Wikström

Board member since March 2021 until March 2022

WithSecure shares owned by the members of the Board

	Shareholding
Board member	31 December 2022	31 December 2021
Risto Siilasmaa	60,017,365	60,011,037
Pertti Ervi	84,741	67,721
Päivi Rekonen	26,543	23,538
Tuomas Syrjänen	29,218	25,422
Keith Bannister	12,272	9,267
Kirsi Sormunen	3,533	0
Tony Smith	1,002	0

WithSecure 2022

Board of Directors' Report

107

Financial Statements

Sustainability Report

Corporate Governance

/ Corporate Governance Statement

/ Board of Directors

/ Global Leadership Team

Remuneration Report go to previous view

Main employment history:

Regional Vice President, Singapore and South-East Asia, WithSecure, 2023– Director, Strategic Account Development (Solutions), WithSecure, 2020–2022 Director, Sales Enablement (MDR), WithSecure, 2019–2020 Strategic Business Manager (MDR), WithSecure, 2017–2019

Client Director, Interoute Communications, 2012–2017

Head of Bids and Business Development (Global), VIX Technology, 2008–2012

Global Leadership Team

In this section are the biographies of all the members of the Global Leadership Team during 2022.

Juhani Hintikka President and Chief Executive Officer Born 1966, M.Sc. (Engineering)

Member of the Global Leadership Team since 2020

Christine Bejerasco

Chief Information Security Officer Born 1982, B.Sc. (Computer Science) Member of the Global Leadership Team since 2021

Main employment history:

President and CEO, WithSecure, 2020– Investor, Advisor, 2018–2020 President and CEO, Comptel Corporation, 2011–2017 Various leadership positions, Nokia Corporation, 1999–2010 Various leadership positions, Konecranes Corporation, 1993–1999 Current board memberships:

Member of the Board, The Federation of Finnish Technology Industries, 2022– Member of the Board, The European Cyber Security Organisation (ECSO), 2021– Member of the Board, Finnish Information Security Cluster – FISC ry (FISC), 2021–

Main employment history: CISO, WithSecure, 2023– CTO, WithSecure, 2021–2022 Vice President, Tactical Defense Unit, WithSecure, 2019–2021 Various technical & leadership roles, WithSecure, 2008–2019 Malware Researcher, PC Tools, 2006–2008 Various threat analysis positions, Trend Micro, 2003–2006

WithSecure 2022

Board of Directors' Report

108

Financial Statements

Sustainability Report

Corporate Governance

/ Corporate Governance Statement

/ Board of Directors

/ Global Leadership Team

WithSecure 2022

Board of Directors' Report

109

Financial Statements

Sustainability Report

Corporate Governance

/ Corporate Governance Statement

/ Board of Directors

/ Global Leadership Team

Remuneration Report go to previous view

Charlotte Guillou

Chief People Officer Born 1978, M.A. (Adult Education) Member of the Global Leadership Team since 2021

Main employment history:

Chief People Officer, WithSecure, 2021– Various leadership positions in human resources, OP Financial Group, 2018–2021 HR & Change Lead for Finance, KONE Corporation, 2018 Country Manager North, Scan-Horse A/S, 2017–2018 Various leadership positions in human resources, Fiskars Group, 2013–2017 Various leadership positions in human resources, Nokia Corporation, 2007–2012 Management Consultant, Deloitte Finland, 2004–2007 HRD Consultant, Psykologitoimisto Cresco, 2000–2003

Main employment history:

Chief Customer Officer, WithSecure, 2023– EVP, Business Security, WithSecure, 2019–2022 EVP, Enterprise & Channel Sales, WithSecure, 2018–2019 Managing Director, Dustin Finland, 2015–2017 Vice President, Sales, McAfee / Intel Security, 2013–2015 Chief Operating Officer, Stonesoft, 2009–2013 Vice President, Stonesoft, 2004–2008

Juha Kivikoski Chief Customer Officer Born 1970, M.Sc. (Econ.)

Tom Jansson

Chief Financial Officer Born 1968, M.Sc. (Econ.) Member of the Global Leadership Team since 2021

Antti Koskela

Chief Product Officer Born 1971, M.Sc. (Electrical Engineering) Member of the Global Leadership Team since 2021

Member of the Global Leadership Team since 2018

Main employment history:

CFO, WithSecure, 2021– CFO, Posti Group Corporation, 2018–2021 CFO, Comptel Corporation, 2013–2017 Various leadership & finance positions, Tellabs Inc., 1994–2013 Current board memberships:

Member of the Board, Nightingale Health Corporation, 2021–

Main employment history:

CPO, WithSecure, 2021–

Vice President, Business Development, Elisa Corporation, 2020–2021 CDO and Vice President, Nokia Software, 2018–2020 CTO and Executive Vice President, Comptel Corporation, 2011–2017 Various leadership positions, Nokia Siemens Networks, 2007–2011

Various leadership positions, Nokia Networks, 1999–2007 Current board memberships:

Member of the Board, QPR Software Corporation, 2021–

WithSecure 2022

Board of Directors' Report

110

Financial Statements

Sustainability Report

Corporate Governance

/ Corporate Governance Statement

/ Board of Directors

/ Global Leadership Team

Remuneration Report go to previous view

Tim Orchard

Chief Technology Officer Born 1976, B.Sc. (Psychology) Member of the Global Leadership Team since 2019

Main employment history:

CTO, WithSecure 2023– EVP, Solutions, WithSecure, 2022 EVP, Managed Detection & Response, WithSecure, 2019–2021 Chief Operating Officer, Countercept, 2018–2019 Various leadership positions, BAE Systems Applied Intelligence, 2012–2018 Technical Director, Activity Info Management Ltd., 2007–2012

Main employment history:

CLO, WithSecure, 2021– Vice President, General Counsel, WithSecure, 2018–2021 Director, Legal and Compliance, Nokia Corporation, 2017–2018 General Counsel, Head of Legal, Comptel Corporation 2015–2017 Legal Counsel, Comptel Corporation, 2004–2015 Legal Counsel, Hex Corporation, 2002–2003

Tiina Sarhimaa Chief Legal Officer Born 1976, LL.M.

Scott Reininga

Executive Vice President, Solutions Born 1971, M.Sc. (Management) Member of the Global Leadership Team since 2022

Ari Vänttinen

Chief Marketing Officer Born 1969, M.Sc. (Economics and Business Administration)

Member of the Global Leadership Team since 2021

Main employment history:

EVP, Solutions, WithSecure, 2022– Vice President Global Consulting, Secureworks, 2014–2022 Director of Operations, Secureworks, 2012–2014 Director of Operations, EMEA, Dell Technologies 2010–2012 Various leadership positions, Dell Technologies 2003–2010

Member of the Global Leadership Team since 2021 Main employment history: CMO, WithSecure, 2021– CEO and Founder, CMOwashere Oy, 2018–2020 CMO, Comptel Corporation, 2014–2018 Senior Director, Marketing, McAfee Corporation, 2014 Vice President, Marketing, Stonesoft Corporation, 2010–2013 Senior Executive Consultant, Talent Vectia Oy, 2007–2010 Global Marketing Manager, Nokia Corporation, 2004–2007

Changes in Leadership Team composition after period-end

In October 2022, WithSecure decided on a new operating model for the company. As part of the new model, sales teams were combined into one unified Customer Operations organization, led by Juha Kivikoski. Research and development teams were combined into one unified product organization, led by Antti Koskela. Chief Information Security Officer (CISO) became part of the leadership team, former CTO Christine Bejerasco assumed the role of CISO. Tim Orchard assumed the role of CTO, and the role of EVP, Solutions became vacant. In addition, Cloud Protection for Salesforce became an independent unit, reporting directly to the President & CEO. All changes became applicable on 1 January 2023.

On 1 December 2022, Scott Reininga joined WithSecure as the new EVP, Solutions.

At the end of the year, the composition of the Global Leadership Team was the following:

Juhani Hintikka (President and CEO), Christine Bejerasco (CTO, became CISO on 1 January 2023), Charlotte Guillou (Chief People Officer), Tom Jansson (Chief Financial Officer), Juha Kivikoski (EVP, Business Security, became EVP, Customer Operations on 1 January 2023), Antti Koskela (CPO), Tim Orchard (EVP, Solutions, became CTO on 1 January 2023), Scott Reininga (EVP, Solutions), Tiina Sarhimaa (CLO) and Ari Vänttinen (CMO).

Non-current members

Timo Laaksonen

Executive Vice President, Consumer Security – until June 2022

Edward Parsons

Executive Vice President, Cyber Security Consulting – until January 2022

WithSecure shares owned by the members of the Global Leadership Team

	Shareholding
Global Leadership Team Member	31 December 2022	31 December 2021
Juhani Hintikka	612,670	0
Juha Kivikoski	90,954	15,854
Scott Reininga	73,621	0
Christine Bejerasco	70,485	2,930
Antti Koskela	63,767	2,500
Charlotte Guillou	61,267	0
Tom Jansson	61,267	0
Ari Vänttinen	61,267	0
Tiina Sarhimaa	57,551	2,250
Tim Orchard	6,288	0

WithSecure 2022

Board of Directors' Report

111

Financial Statements

Sustainability Report

Corporate Governance

/ Corporate Governance Statement

/ Board of Directors

/ Global Leadership Team

WithSecure

Remuneration Report

WithSecure 2022 Board of Directors' Report Financial Statements Sustainability Report Corporate Governance Remuneration Report go to previous view

112

WithSecure Remuneration Report 2022

WithSecure Remuneration Report

Dear Shareholders,

On behalf of WithSecure's Personnel Committee, I am pleased to share the Remuneration Report for 2022. The report presents remuneration paid in 2022 to the Board members and the President and CEO in line with the Remuneration Policy approved at the Annual General Meeting 2022. WithSecure Remuneration Policy and the Remuneration Report comply with the EU Shareholder Rights Directive (SHRD) and Finnish Corporate Governance Code 2020.

The purpose of the Personnel Committee is to ensure that the variety of remuneration programs and elements reinforces the execution of the business strategy, supports paying for performance and ensures that the remuneration is designed to be competitive in comparison to relevant peer groups. The purpose of WithSecure's remuneration principles is to increase commitment and work engagement, and to be consistent across the organization. The other focus areas of our personnel Committee are the culture and value work, as well as the talent development.

WithSecure's executive remuneration structure is designed to promote the business objectives and long-term shareholder value as well as long-term profitability of the company. This is evident especially in the performance criteria set for the variable remuneration. A significant portion of the President and CEO's remuneration package is based on performance. If targets are met, the short- and long-term incentives comprise 57% of the total remuneration, as defined in the Remuneration Policy. The short- and long-term incentive plans are based on the company's financial performance and shareholder value development to ensure a strong link between the company's performance and CEO remuneration.

Performance in 2022

The separation of the consumer security business to an independent company was completed on 30 June 2022. In addition, the new customer-centric operating model was introduced in late 2022, to support our strategy execution and to help WithSecure to deliver the best possible value to its customers. Financially, year 2022 marked strong revenue growth for WithSecure, especially its cloud-native products. In cyber security consulting, we suffered from higher than usual attrition rates in the first half. During the year, we have improved both the recruitment and retention of personnel and our consulting delivered a growth quarter again in the end of the year. We have started to follow our

promise of becoming profitable by improving our results in the second half of the year.

As we updated our strategy in 2022, we also revised our people strategy and it is now defined around five key areas; rewarding, talent & development, culture & leadership, diversity, inclusion & wellbeing, and enabling business growth. Engaged and competent people is imperative to our success and our purpose is to create a place of work where colleagues can thrive both personally and professionally in order to drive the success of our business. We offer our people an inclusive, flexible and caring workplace built on our

values. We continue to invest in the development of our people with the aim to offer equal and inspiring opportunities to learn and crow.

To support our growth journey, new share-based incentive schemes were implemented during 2022. The Employee Share Savings Plan was introduced to all employees and the Performance Matching Share Plan to the company's leadership and other key leaders. The aim of these long-term incentive plans was to increase the alignment of shareholders and our people and to offer an attractive opportunity to benefit from the company's success to all employees.

Looking ahead to 2023

In 2022, WithSecure launched a revised sustainability program. Among bigger focus on sustainability, dedicated initiatives are also in place for diversity & inclusion, and wellbeing.

We are positively looking into 2023 and our focus is on building the growth mindset and experimentation culture and driving towards further growth and profitability.

Chair of the Personnel Committee

Tuomas Syrjänen

Financial Statements Sustainability Report Corporate Governance Remuneration Report go to previous view

Board of Directors' Report

WithSecure 2022

Remuneration of the Executives

The development of WithSecure's executive compensation in 2018–2022 is described in the table below. The remuneration of the Board of Directors was brought closer to the market median levels in 2018, and it has stayed on the same level since. The total remuneration of the President and CEO has varied year by year as a significant part of the remuneration is tied to the company's financial performance.

Average annual remuneration

(EUR)	2018	2019	2020	2021	2022
President and CEO 1)	616,361	466,780	482,863	375,327	555,519
Chair of the Board	80,000	80,000	80,000	80,519	80,000
Other Board Members 2)	40,500	40,500	40,000	44,508	44,000
Average employee 3)	62,279	62,650	61,832	67,443	74,158 4)
Revenue, EUR million 5)	191	217	220	130	135
Adjusted EBITDA, EUR million 5)	17	23	36	–11	–23

1) Remuneration paid during the financial year, including the base salary as well as short- and long-term incentives.

2) Average remunerations paid to the Board Members, excluding the employee representative.

3) Total wages and salaries of the calendar year / average headcount during the year in all countries. Numbers until 2020 include the consumer security (F-Secure). 2021 and 2022 are restated to include only WithSecure.

4) The average salary by employee is impacted by the structural changes of the company during the year.

5) Numbers until 2020 include the consumer security (F-Secure). 2021 and 2022 are restated to include only WithSecure.

Share price development of WithSecure and indices

● WithSecure (adjusted F-Secure history)

● HACK

● OMX TECH

Source: Thomson Reuters Eikon

WithSecure 2022 Board of Directors' Report Financial Statements Sustainability Report Corporate Governance Remuneration Report go to previous view

Remuneration of the Board of Directors

The Annual General Meeting decided on March 16, 2022 that the Board of Directors is paid fixed annual compensation for the term ending at the end of the next Annual General Meeting. The annual fee for the Chairman of the Board is EUR 80,000, for the Committee Chairs EUR 48,000, for Members of the Board EUR 38,000, and for a Board Member belonging to the personnel of the company EUR 12,667.

The Annual General Meeting decided that approximately 40% of the annual remuneration is paid in WithSecure's shares repurchased from the market. There are no special terms or conditions associated with owning the shares received as remuneration. The company will pay any applicable transfer tax arising from remuneration paid in shares.

For the Members of the Board of Directors, changes in the holdings of the company shares and rewards paid in shares are reported according to the Market Abuse Regulation. Related stock exchange releases are available on the company's website.

A separate meeting fee of EUR 1,000 is paid to the Board members travelling from another country to an on-site meeting within the European continent. If inter-continental travel is required, the fee is EUR 2,000.

The travel expenses and other costs directly related to the Board work of the members of the Board of Directors are paid in accordance with the company's compensation policy in force at any given time. In addition, the Chairman of the Board of Directors is offered assistant and administrative services.

WithSecure 2022 Board of Directors' Report Financial Statements Sustainability Report Corporate Governance Remuneration Report go to previous view

115

The Board of Directors Remuneration in 2022

	Annual fee paid in cash,	Annual fee paid in shares,	Annual fee paid in shares,
Member	EUR 1)	EUR	pcs	Meeting fees paid, EUR 2)	Total, EUR
Risto Siilasmaa	50,364	29,636	6,328	–	80,000
Pertti Ervi 3)	26,024	15,310	3,269	4,000	45,334
Päivi Rekonen	23,927	14,073	3,005	3,000	41,000
Tuomas Syrjänen 4)	30,222	17,778	3,796	–	48,000
Keith Bannister	23,927	14,073	3,005	3,000	41,000
Kirsi Sormunen 3)	28,121	16,546	3,533	–	44,667
Tony Smith	7,974	4,693	1,002	–	12,667
Åsa Riisberg 5)	–	–	–	1,000	1,000
Robin Wikström 6)	–	–	–	–	–
Total	190,559	112,109	23,938	11,000	313,668

1) Annual fee paid in cash including the transfer tax paid due to the share-based remuneration.

2) Meeting fees paid based on international travel.

3) Pertti Ervi served as the Chair of the Audit Committee until 31 July 2022, and Kirsi Sormunen has served as the Chair of the Audit Committee from 1 August 2022 onwards

4) Päivi Rekonen served as the Chair of the Personnel Committee until 16 March 2022, and Tuomas Syrjänen has served as the Chair of the Personnel Committee from 16 March 2022 onwards

5) Åsa Riisberg was a member of the Board of Directors from 24 March 2021 to 16 March 2022. Only meeting fee paid in 2022

6) Until 16 March 2022 – no payments were made in 2022

Remuneration of the President and CEO

The remuneration of the President and CEO is decided by the Board of Directors. The main components of the President and CEO's total remuneration are base salary and short- and long-term incentives.

Salaries and financial benefits paid in and accrued based on 2022 are described below:

EUR	Payments in 2022	Accrued based on 2022
Base salary, Including fringe benefits	350,244	–
Pension/Other financial benefits	–	–
Short-term incentives (STI)
Earning period 2021	205,275	–
Earning period 2022	–	145,163
Long-term incentive (LTI) EUR/shares	–	–
Total	555,519	145,163

WithSecure 2022 Board of Directors' Report Financial Statements Sustainability Report Corporate Governance Remuneration Report go to previous view

116

STI Plan	Performance Criteria	Weight	Minimum	Target	Maximum	Outcome	Performance	Achievement
	Revenue	60%	220.0	235.0	250.0	236.3	108.7%
STI 2021	Adjusted EBITDA	40%	29.0	35.4	42.0	37.4	130.3%	117.3%
STI Plan	Performance Criteria	Weight	Minimum	Target	Maximum	Outcome	Performance	Achievement
STI H1/	Revenue	60%	112.6	118.6	124.6	119.6	116.7%
2022	Adjusted EBITDA	40%	6.9	8.5	10.1	10.3	200.0%	150%
STI Plan	Performance Criteria	Weight	Minimum	Target	Maximum	Outcome	Performance	Achievement
STI H2/	Revenue	60%	68.9	72.6	76.3	69.9	26.5%
2022	Adjusted EBITDA	40%	–8.6	–7.2	–5.8	–10.0	0.0%	15.9%

Short-term incentive (STI)

The target STI reward for the President and CEO is 50% of annual base salary, maximum payout being approximately equal to the annual base salary. The STI reward for the President and CEO can be paid partly or fully to a pension fund . The Board of Directors decides annually on the contribution to the fund. As the contribution to the pension fund is not subject to social or other employer costs, the reward paid to the pension fund is multiplied by 1.1.

The STI Plan 2022 for the President and CEO was based on WithSecure's revenue with 60% weight and adjusted EBITDA with 40% weight of total. The performance criteria for the STI Plan 2022 were originally set for the full year 2022, but due to the demerger of consumer business, the targets were set and evaluated separately for first and second half of the year. The overall achievement for first half of 2022 was 150% and for the second half 15,9 %.The STI reward for the full year of 2022 is paid in Q1 2023.

Long-term incentive (LTI)

No Long-term incentive (LTI) payments were made to the President and CEO during 2022.

The President and CEO was granted 202,983 shares within the Performance Share Plan (PSP) 2021–2023 in 2021. This grant represents the target level reward, the maximum reward being two times the target allocation. Final reward is determined based on the extent to which the targets have been reached during the performance period.

As reported originally in the Remuneration Report 2020, the President and CEO was granted a one-time allocation of 106,833 shares within the Restricted Share Plan (RSP) 2021–2023. The reward is conditional to continuous service with the company at the time of payment in 2024.

The shares allocated within the Performance Share Plan and the Restricted Share Plan were converted from the original allocation to match the WithSecure share after the demerger.

The company launched a new Performance Matching Share Plan in 2022 for President and CEO, leadership team members and other key leaders of WithSecure. The plan consists of one 4-year performance period. In the plan, the participants are given an opportunity to invest in WithSecure and earn WithSecure shares through a matching reward. The prerequisite for participation in the plan is a personal investment in WithSecure within the guidelines approved by the Board of Directors. The intention of the company is that the Performance Matching Share Plan 2022–2026 will replace two typical annual performance share plan allocations for the President and CEO during the years 2022 and 2023.

The key terms of service of the President and CEO

The contract of the President and CEO is an indefinite contract with a six-month period of notice both ways. If the company terminates the contract of employment, the President and CEO is entitled to a severance payment equivalent of six months' base salary.

The President and CEO does not have a supplementary pension plan, and the determination of his pension conforms to the standard rules specified by Finland's Employee Pension Act (TYEL). The President and CEO's retirement age is also determined by the statutory pension system and is 65 years under the applicable Finnish legislation.

President and CEO Pay mix 2022

WithSecure 2022 Board of Directors' Report Financial Statements Sustainability Report Corporate Governance Remuneration Report go to previous view

117

The President and CEO – Current LTI Plans

Share Plan	Performance Criteria	Target reward	Maximum reward	Reward payment
Performance Share Plan 2021–2023	Absolute TSR	202,983 shares	405,965 shares	Q1 / 2024
Restricted Share Plan 2021–2023	Continuous employment	106,833 shares	106,833 shares	Q1 / 2024
Performance Matching Share Plan 2022–2026	WithSecure market capitalization	3 × matching of initial investment of 612,670 shares	5.5 × matching of initial investment of 612,670 shares	Q4 / 2026

Information for shareholders

Financial calendar

During the year 2023, WithSecure Corporation will publish financial information as follows

• 20 April 2023: Interim Report for January–March 2023
• 14 July 2023: Half-Year Financial Report for January–June 2023
• 18 October 2023: Interim Report for January–September 2023

WithSecure observes at least a three-week (21 days) silent period prior to publication of financial reports, during which it refrains from engaging in discussions with capital market representatives or the media regarding WithSecure's financial position or the factors affecting it.

The Annual General Meeting is scheduled for Tuesday, 21 March 2023. The Board of Directors will convene the meeting.

Contact information

Tom Jansson CFO, WithSecure Corporation

Laura Viita, Investor Relations Director, WithSecure Corporation

+358 50 487 1044

[email protected]

WithSecure 2022 Board of Directors' Report Financial Statements Sustainability Report Corporate Governance Remuneration Report go to previous view

Remuneration Report Corporate Governance Sustainability Report Financial Statements Board of Directors' Report WithSecure 2022

WithSecure Corporation Tammasaarenkatu 7 P.O. Box 24, 00181 Helsinki Tel. +358 9 2520 0700 [email protected] withsecure.com/en/about-us/investor-relations

AI Terminal

WithSecure Oyj

3267_10-k_2023-02-09_d1db869f-7546-4b26-b232-fb831582c6a7.pdf

Annual Report 2022

Contents

WithSecure 2022

Board of Directors' report and financial statements

Sustainability Report

Corporate Governance

Remuneration Report

Information for shareholders

WithSecure in Brief

Portfolio of products

Elements™

Managed Services™

Technology foundation

Cloud Protection™

1 software for protecting content in Salesforce

Elements™

Turning first line insights into new services and software

Letter from the CEO

2022 – year of turbulence, revenue growth and fresh starts

Winning security portfolio delivering growth

Year of fresh starts

WithSecure

Board of Directors' report and financial statements

Board of Directors' report 2022

Market overview

Financial performance and key figures

Revenue and ARR

Cloud revenue

On-premise revenue

Cyber security consulting

Gross margin

Operating expenses

Profitability

Cash flow

Acquisitions and financial arrangements

Changes in the group structure

Capital structure

Research and development

Non-financial information

Organization and management

Personnel

Leadership team

Shares, Shareholders' equity, Own shares

Risks and uncertainties

Risks related to cyber security market

Market consolidation

Geopolitical risks

Ukraine war

Environmental risks

Risks related to WithSecure operations and products

Attracting and retaining talent

Product risks

Cyber security incident

Intellectual property rights (IPR)

Financial risks

Inflation and interest rates

Liquidity risk

Currency fluctuations

Annual General Meeting

Extraordinary General Meeting

Change in the Board committee after the AGM

Outlook for 2023

Medium term financial targets (unchanged)

Board of Directors' proposal for disposal of distributable funds

Events after period-end

Key figures

Calculation of key ratios

Reconciliation of alternative performance measures

Classification of adjusted costs in operating expenses

Classification of adjusted income in other operating income

Shares and shareholders

Shares and share ownership distribution, 31 Dec 2022

Largest shareholders and administrative register

Ownership of management

Ownership of management

WithSecure 2022 Board of Directors' Report Remuneration Report go to previous view Corporate Governance Sustainability Report Financial Statements / Key figures / Calculation of key ratios

Statement of comprehensive income January 1–December 31, 2022