F-Secure 2020
Board of Directors' Report
Financial statement
Corporate responsibility
Corporate governance

ANNUAL REPORT 2020

F-Secure

F-Secure 2020
Board of Directors' Report
Financial statements
Corporate responsibility
Corporate governance

Our purpose

WE EXIST TO BUILD TRUST IN SOCIETY AND TO KEEP PEOPLE AND BUSINESSES SAFE

WE CREATE TRUST WITH OUR VALUES

Our INTEGRITY is beyond compromise.

We conquer challenges through COMMITMENT.

We exceed expectations with EXCELLENCE.

F-Secure 2020 Board of Directors' Report Financial statements Corporate responsibility Corporate governance

<-->

F-SECURE 2020

Key figures 2020 ... 02
Business model:
Scalable software complemented by services . 03
F-Secure’s way of operating ... 04
Products and services ... 05
CEO letter ... 06

BOARD OF DIRECTORS' REPORT

Board of Directors’ Report 2020 ... 08
Key figures ... 14
Calculation of key ratios ... 15

FINANCIAL STATEMENTS

F-SECURE CONSOLIDATED ... 18
Statement of comprehensive income ... 18
Statement of financial position ... 19
Statement of cash flows ... 20
Statement of changes in equity ... 21
Notes to the Financial Statements ... 22

F-SECURE CORPORATION ... 40
Income statement ... 40
Balance sheet ... 41
Cash flow statement ... 42
Notes to the
parent company Financial Statements ... 43

Auditor’s Report ... 53

NON-FINANCIAL INFORMATION

Statement of Corporate responsibility ... 58

CORPORATE GOVERNANCE

F-Secure’s Corporate Governance Statement ... 67
Board of Directors ... 71
Leadership team ... 73
Remuneration report ... 76

INFORMATION FOR SHAREHOLDERS

Information for shareholders ... 81

Nobody knows cyber security like F-Secure. For three decades, F-Secure has driven innovations in cyber security, defending over 100,000 companies and millions of people. With unsurpassed experience in endpoint protection as well as detection and response, F-Secure shields enterprises and consumers against everything from advanced cyber attacks and data breaches to widespread ransomware infections.

F-Secure’s sophisticated technology combines the power of machine learning with the human expertise of its world-renowned security labs. F-Secure’s security experts perform incident response and forensic investigations on four continents, and its products are sold all over the world by around 200 broadband and mobile operators and thousands of resellers.

Founded in 1988, F-Secure is listed on the Nasdaq Helsinki.

F-Secure 2020
Board of Directors' Report
Financial statements
Corporate responsibility
Corporate governance

KEY FIGURES 2020

Revenue & profitability

Revenue

220

MEUR

Adjusted EBITDA

MEUR

Adjusted EBITDA margin

16%

55% of revenue from corporate security, MEUR

Corporate security revenue
Consumer security revenue

Revenue split by business, %

Revenue split by region, %

Key figures

100+

countries with sales

30+

years in the business

1,700

employees

三

F-SECURE 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

F-SECURE 2020

BUSINESS MODEL: SCALABLE SOFTWARE COMPLEMENTED BY SERVICES

CORPORATE SECURITY PRODUCTS		CYBER SECURITY CONSULTING	CONSUMER SECURITY
Endpoint Protection for Businesses	Managed Detection and Response
Holistic Endpoint Protection Suite
Pure-play software detection and response
Cloud Protection – securing content exchanged e.g. on Salesforce	F-Secure Countercept – a top-of-the-class solution for detecting and responding to the most demanding cyber threats	Industry leading consulting organization with rare expertise to overcome unprecedented cyber attacks	Comprehensive protection for consumers' digital lives
Endpoint protection complemented by identity and router protection
Software Business	Software Business	Service Business	Software Business
	24/7 Service Center

F-Secure 2020
Board of Directors' Report
Financial statements
Corporate responsibility
Corporate governance

F-SECURE2020

F-SECURE'S WAY OF OPERATING

Corporate Security Products

100,000+ companies

Endpoint products for businesses that utilize an extensive network of more than 6,000 reseller partners worldwide
F-Secure Countercept, Managed Detection and Response solution, relies on F-Secure experts and industry-leading technology

Cyber Security Consulting

300+ enterprises

F-Secure Consulting is a multi-disciplinary organization operating on four continents and is well-known for its research-led methodology

Consumer Security Products

Tens of millions of consumers

A strong and scalable consumer business supported by a global network of around 200 telecommunication operators

F-Secure combines award winning cyber security solutions for businesses and consumers with industry-leading consulting expertise.

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

\leftrightarrow

\rightarrow

F-SECURE 2020

PRODUCTS AND SERVICES

Corporate security

In corporate security F-Secure provides a broad range of cyber security products, managed detection and response solutions and cyber security consulting to companies globally with a focus on the mid-market and local enterprises.

Detection & Response solutions (EDR & MDR)

MDR: F-Secure Countercept – Advanced threat hunting and continuous response capabilities against targeted attacks delivered as a managed service. Provides 24/7 monitoring, alerts within minutes, and gives clear guidance on how to respond

EDR: F-Secure Rapid Detection & Response – Customer- or partner-managed software solution for detecting and responding to targeted attacks

Prevention solutions

F-Secure Protection Service for Business – Cloud-hosted endpoint security

F-Secure Business Suite – On-site deployed endpoint security

F-Secure Cloud Protection for Salesforce – Content level security for Salesforce's customers

F-Secure Cloud Protection for Microsoft Office 365 – Advanced protection for online exchange of content

Prediction solutions

F-Secure Radar – Vulnerability scanning and management platform

phishd – Anti-phishing behavior management platform

Cyber security services

F-Secure provides premium consultancy services for all areas of cyber security on four continents, including services such as:

F-Secure Cyber Incident & Resilience Services
F-Secure Security Assessments
F-Secure Red Team Testing
F-Secure Cyber Risk Management

Consumer security

In consumer security the company provides a comprehensive range of endpoint protection, privacy and password management solutions, and security for all the connected devices at home, both separately and as a bundled premium offering (F-Secure TOTAL). The majority of consumer sales comes from the sale of endpoint protection products through the operator channel, but the company also sells consumer products through various retail partners, as well as the company's own web shop.

F-Secure SAFE – Easy to use antivirus and internet security, including Family rules to let you set healthy boundaries for your children's device use.

F-Secure FREEDOME – VPN that hides your online activity to ensure anonymous and secure internet browsing.

F-Secure KEY – A light and easy password manager, allowing you to store your passwords securely and access them from any device.

F-Secure SENSE – A software-based solution integrated in operators' broadband routers to secure all devices and the entire connected home against online threats.

F-Secure ID PROTECTION –
Combines personal information monitoring against data breaches with password manager to create strong passwords.

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

CEO LETTER

SOFTWARE BUSINESSES SHOWED THEIR RESILIENCE

The past year was characterized by the COVID-19 pandemic, which disrupted the lives and operations of both people and organizations alike. F-Secure's first priority was to ensure the health and safety of our employees, along with ensuring full business continuity to our customers. The transition to remote work was smooth and all cyber security operations protecting our customers remained unaffected.

During the pandemic our software businesses for both corporate customers and consumers showed their resilience, whereas our consulting business experienced a clear negative impact from the challenging operating environment. As a result, the group revenue remained at the previous year's level at EUR 220.2 million (217.3m), while adjusted EBITDA improved significantly to EUR 35.7 million (23.2m) which translates to a margin of 16%. The profitability increase comes from lower activity levels influenced by the COVID-19 pandemic and prudent cost management.

Cyber criminals took advantage of the increased attack surface after the COVID-19 outbreak

Cyber criminals moved quickly to capitalize on the COVID-19 breakout with a rapid rise of pandemic-related malicious domains and phishing campaigns. The explosion of remote working and boost in digitalization due to the pandemic also increased attacks that looked for ways to exploit vulnerabilities brought on by this shift. The frequency and scope of attacks targeting critical infrastructure, the healthcare sector, major corporations and governments grew significantly. In the year 2020 some of such developments included: large ransomware attacks against major corporations, increased attacks against cloud infrastructure, and attacks targeting the COVID-19 vaccine research.

The majority of cyber attacks are financially motivated, even though the most damaging ones are orchestrated by state-sponsored threat actors. A good example is the supply chain attack against SolarWinds at the end of last year, which according to multiple public officials was backed by a nation-state actor. This attack had an impact on both governmental organizations, as well as many companies globally.

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

CEO LETTER

Top results in external evaluations highlight F-Secure's technological capability in fighting the most advanced threats and securing the digital lives of individuals

F-Secure holds a broad portfolio of solutions to secure businesses and the digital lives of consumers. The common denominator is F-Secure's ability to innovate, whether it means deploying software products with the latest technology or fighting the most advanced persistent threats.

Our abilities have been yet again proven by recognitions in the field of detection and response in the MITRE ATT&CK evaluation by Forrester Research and in endpoint protection by achieving high scores throughout the year in various AV-test.org evaluations. The top scores achieved in these independent tests are a testimony to the high-quality research and development work done by F-Secure, setting us apart from the competition.

All businesses are set for a successful year 2021 to come

F-Secure is now a well-established player in the MDR (Managed Detection and Response) market. Despite the prolonged sales cycles due to the pandemic, F-Secure Countercept won tens of new deals around the globe within industry verticals that are the most targeted by hackers. These customers place their faith in our hands with multiyear deals highlighting the great growth opportunity for us.

The year 2020 in endpoint protection for businesses was characterized by the order intake growing clearly faster than revenue. This was especially noticeable within our cloud native solutions, which is a sign of good and developing momentum among the channel partners.

In consumer security we saw an increase in activation rates and a solid renewal performance in our core solutions, including both the operator and direct channels. The future of this business line looks better than for years, as we came to win new operator deals – including our latest solutions: F-SECURE ID PROTECTION and SENSE.

For consulting the year ended with a positive sentiment, even though this business was clearly hit by the pandemic during the year. In the long term the market remains attractive for profitable growth.

F-Secure builds trust in society and keeps people and businesses safe

Since I joined the company in November, I have been excited to learn that the company has developed some of the most sought after technology and employs many of the greatest talents in the cybersecurity industry. In order to protect our customers, it is pivotal to have visibility into the most challenging real-life attacks worldwide. I have been impressed to see how we utilize the combination of our expertise and the company's deep roots in technology.

Given the changes in the business environment, F-Secure's mission of building trust in society and keeping people and business safe is more important than ever.

In order to protect our customers it is pivotal to have visibility into the most challenging real-life attacks worldwide.

2020

100

2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

BOARD OF DIRECTORS' REPORT 2020

In 2020 the COVID-19 pandemic impacted the whole business environment and ways of working. Throughout the year F-Secure ensured safety of its employees and business continuity to its customers. F-Secure's scalable software businesses showed their resilience, whereas consulting was impacted by the pandemic. From a financial standpoint, the positive profitability development carried on resulting in an adjusted EBITDA of EUR 35.7 million (EUR 23.2m).

In endpoint security for businesses, the new order growth characterized the year of 2020, yet the revenue remained at the previous year's level. The notable development in orders sows the seed for revenue growth. The sales performance stems from close cooperation with channel partners, as well as from the enhancements made to the unified management interface, which are valued by F-Secure's end customers and partners.

Consumer security had the largest revenue growth in 2020. Compared to recent years, the overall sentiment regarding the business has improved due to the good sales performance of F-Secure's conventional product offering. In addition, F-Secure managed to secure new deals for the latest consumer solutions, F-Secure SENSE and ID PROTECTION, which demonstrate growth potential in the longer term.

One of F-Secure's main growth areas, Managed Detection and Response (MDR), experienced the effects from the global pandemic as sales cycles were prolonged. Despite of market uncertainties, F-Secure was able to gain many new customers around the globe. F-Secure Countercept's technological competitiveness was once again highlighted by its impressive scores in a third-party evaluation.

Cyber security consulting was impacted by the COVID-19 pandemic, which led to a reduction of 8% in revenue. The pandemic has complicated the short-term predictability of the business, however in the long term the market remains attractive for profitable growth.

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

BOARD OF DIRECTORS' REPORT

Financial performance and key figures

Total revenue in January–December remained at the previous year's level, and was EUR 220.2 million (217.3m). Corporate security represented 55% (56%) of all revenue and consumer security 45% (44%).

Corporate security

Revenue from corporate security remained at the previous year's level, and was EUR 120.1 million (122.5m).

Products

Revenue from Endpoint Protection (EPP) solutions increased from the previous year's level, excluding the effect from discontinued products. The renewal performance with the existing EPP installations remained on a good level. The growth of new orders outpaced revenue growth clearly throughout the year. There is increasing demand for solutions that are sold adjacent to traditional EPP such as Cloud Protection products. Also, the sales of Endpoint Detection and Response (EDR) increased although majority of the business still emerges from traditional EPP. Over the previous quarters there has been a rise in contract duration, meaning that the revenue impact of new orders is spread over a longer time period.

Revenue from Managed Detection and Response (MDR) solutions (F-Secure Countercept) increased compared to the previous year's level although it was negatively impacted by the extended sales cycles caused by COVID-19. Renewal performance was good throughout the year. Several new deals were won around the world in demanding customer verticals, such as media, critical infrastructure and finance.

Cyber security consulting

Revenue from cyber security consulting decreased by 8% to EUR 45.8 million (50.0m) as the business was hit by the COVID-19 pandemic. The pandemic outbreak caused a slowdown in sales, blocked physical access to some customer sites, and made customers evaluate more cautiously how much to spend on cyber security. Low utilization rates were countered in impacted countries with furloughs. In the Nordics, a particularly large project is in its finalization phase, which meant a reduction in scope when compared to the previous year. By the end of the year the development was positive due to organizations adjusting to the situation.

Consumer security

Revenue from consumer security increased by 6% to EUR 100.1 million (94.8m). Revenue from both operator channel and direct business grew. The reported revenue growth contains a slight positive impact related to one-off items.

Operators

The operator channel revenue grew from the previous year's level which stems mainly from the sales of our core endpoint protection solutions. The close cooperation with global operator partner network and boost in digitalization since the pandemic outbreak have generated an increase in product activation and usage rates. The negative impact from COVID-19 pandemic is mainly related to the prolonging of F-Secure SENSE and ID PROTECTION sales cycles and launch timelines.

Direct sales

Revenue from the direct sales to consumers grew from the previous year's level, and it was driven by the positive performance of our bundled solution, F-Secure TOTAL. The overall renewal performance was on a good level throughout the year. Especially ecommerce sales performed well.

Gross margin

Gross margin increased by 3% to EUR 172.2 million (166.8m), or 78% of revenue (77%). Relative gross margin increased compared to the previous year as cyber security consulting's share of all revenue decreased.

Operating expenses

Operating expenses excluding depreciation, amortization and impairment and IAC items decreased by EUR 6.6 million to EUR 138.5 million (145.1m) especially due to lower sales and marketing activity driven by the COVID-19 pandemic.

Depreciation and amortization decreased by EUR 8.0 million and was EUR 16.0 million (24.0m). PPA amortization from acquisitions was EUR 3.2 million (4.1m). Impairment of goodwill EUR 6.0 million was booked during the comparative period.

Profitability

Adjusted EBITDA was EUR 35.7 million and 16.2% of revenue (23.2m, 10.7%) and adjusted EBIT was EUR 22.9 million and 10.4% of revenue (9.6m, 4.4%). Profitability improved due to lower operating expenses and revenue growth from the consumer security.

EBITDA was EUR 35.7 million and 16.2% of revenue (31.1m, 14.3%). EBIT was EUR 19.7 million and 8.9% of revenue (7.2m, 3.3%) including EUR 3.2 million of PPA amortization.

Cash flow

Cash flow from operating activities before financial items and taxes improved significantly, and was EUR 48.3 million (19.0m). Group result excluding non-cash flow impacting items, such as adjustments to PPA, improved from the previous year generating higher cash flow. High order intake with upfront payments resulted in improved net working capital. In total, changes in net working capital increased cash flow by 17.4 million. Cash flow from operations was EUR 46.7 million (18.5m).

Acquisitions and financing arrangements

F-Secure did not carry out acquisitions during 2020.

Company did not enter new financing agreements during 2020. Bank loan repayments were made according to the schedule. Total repayments for term loan during 2020 were EUR 6.0 million. Company's financing agreement includes a committed revolving credit facility (RCF) of EUR 23.0 million to decrease short-term

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←

→

BOARD OF DIRECTORS' REPORT

liquidity risk. Remaining bank loans at the end of the financial year were EUR 30.0 million of which RCF represents EUR 5.0 million. During next 12 months EUR 6.0 million of remaining term loan will be paid according to the financing agreement.

The financing agreement includes conventional loan covenants related to ratio of net debt to EBITDA and equity ratio. F-Secure complied with the covenants throughout the reporting period.

Changes in group structure

Following changes have occurred in the Group structure during the financial year:

On 31 December 2020 F-Secure Polska S.A. and F-Secure Cyber Security Sp. z.o.o. merged with F-Secure Sp z.o.o. After the merger F-Secure operates only one legal entity, F-Secure Sp. z.o.o., in Poland.

F-Secure SDC SAS in France and F-Secure PTE Ltd in Singapore were liquidated during last quarter of 2020.

Capital structure

F-Secure's financial position remained solid. At the end of the year F-Secure's cash and cash equivalents totaled EUR 51.4 million (25.5 million). Equity ratio on 31 December 2020 was 52.5% (49.0%) and gearing ratio was -14.1% (20.8%).

Capital expenditure

Capital expenditure was EUR 14.3 million (12.8 million). Capitalized development expenses were EUR 5.5 million (6.2 million).

Research and development

F-Secure's research and development expenditure amounted to EUR 41.9 million in 2020, representing 19% of revenue (EUR 39.6m, 18%). Capitalized development expenses were EUR 5.5 million (EUR 6.2 million).

F-Secure has consistently earned top marks in third-party technology evaluations for providing the best protection, advanced detection & effective response capabilities and high

customer satisfaction. This speaks for the company's superior ability to understand the security attack landscape and to innovate by drawing meaningful conclusions from versatile sources of data. F-Secure collects and combines security data derived from different sensor types; servers, endpoints such as desktops or mobile devices, and cloud platforms. This data is analyzed in real time utilizing artificial intelligence and results in rapid, high fidelity detections and security analytics. The threat detection is augmented with tailored and expert driven threat hunting activities which combined lead to industry-leading solutions.

F-Secure's Detection and Response solutions achieved excellent scores also in the second round of MITRE ATT&CK evaluation highlighting the efficiency and accuracy of F-Secure Countercept. F-Secure is developing one core XDR (Extended Detection and Response) technology platform for its customers. The transfer of MDR (Managed Detection and Response) customers to the new platform began in 2020 and will continue in 2021. The development of the underlying technology continues e.g. by enhancing the solution on different operating systems and cloud platforms.

In 2020, F-Secure's endpoint products for businesses were further strengthened by introducing a new solution to the cloud-based technology suite – Cloud Protection for Microsoft Office 365. In addition, the development of the suite's unified management interface for business customers continued. The aforementioned improvements result in enhanced usability that make us a preferred vendor for channel partners. F-Secure's ability to offer best-in-class protection for both businesses and consumers was again highlighted by receiving industry-leading scores for Windows antivirus software at AV-test.org evaluations throughout the year.

In consumer security the latest solutions, F-Secure SENSE and ID PROTECTION, were developed further and unification of the user experience continued in 2020. Development of F-Secure SENSE is done in cooperation with operator partners and router manufacturers to enable e.g. the product's deployment over various different router architectures. Important milestone for

F-Secure ID PROTECTION was launching the product also in direct sales channel. In addition, the development work around combined user experience aims at making the use of F-Secure's consumer product portfolio as seamless as possible.

Organization and leadership

Personnel

At the end of the year, F-Secure had 1,678 employees, which shows a net decrease of 18 employees (-1%) since the beginning of the year (1,696 on 31 December 2019).

Leadership team

At the end of the year, the composition of the Leadership Team was the following:

Juhani Hintikka (CEO & President), Eriikka Söderström (CFO), Jyrki Tulokas (Security Research & Technologies), Antti Hovila (Strategy, Brand & Communications), Kristian Järnefelt (Consumer Security), Juha Kivikoski (Business Security), Edward Parsons (Cyber Security Consulting), Tim Orchard (Managed Detection & Response) Jari Still (Information & Business Services) and Eva Tuominen (People Operations & Culture).

Juhani Hintikka was appointed President and CEO of F-Secure Corporation, effective 1 November, 2020.

In February 2021, Ari Väntinen started as Chief Marketing Officer. Consequently, Antti Hovila is now Executive Vice President, Strategy & Portfolio.

Shares, Shareholders' Equity, Own Shares

The total number of company shares is currently 158,798,739. The company's registered shareholders' equity is EUR 1,551,311.18. The company held 607,108 of its own shares at the end of the year.

In 2020, under the authorization held by the Board of Directors, F-Secure transferred a total of 362,530 treasury shares to its employees and members of the Leadership Team, as settlement under F-Secure's share based incentive plans. The shares were

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←

→

BOARD OF DIRECTORS' REPORT

transferred without consideration and in accordance with the plan rules.

In accordance with the decision by the Annual General Meeting, 40% of the fees paid to the Members of the Board of Directors in 2020 were paid in F-Secure shares. In total, 42,106 of F-Secure treasury shares were transferred to the Members of the Board.

Information on the authorizations held by the Board of Directors in 2020 to issue shares and special rights entitling to shares, to transfer shares and repurchase own shares, is available in the section on the Annual General Meeting.

Risks and uncertainties

The following risks and uncertainties can adversely impact F-Secure's sales, profitability, financial condition, market share, reputation, share price or the achievement of the company's short- and long-term objectives. The matters described here should not be construed as exhaustive list. The most significant risks are:

COVID-19 pandemic

Cyber security consulting and the new sales of Managed Detection and Response (MDR) service are negatively affected by the COVID-19 pandemic. Further slowdown in the new sales of software products and Managed Detection and Response (MDR) solutions may occur if the situation prolongs.

Goodwill is tested for impairment annually and whenever there is indication that it might be impaired. The impacts of the pandemic on cyber security consulting can be seen as such indication, and an additional impairment testing of consulting goodwill was carried out during the second quarter based on updated long-term forecasts. Yearly impairment tests of Consulting and MDR goodwill were carried out at the end of the year. None of them resulted in impairment, although long-term forecasts include higher level of uncertainty due to prolonged pandemic. Management continues to assess the need for updated testing regularly.

Under the pandemic an increase in credit losses and delayed customer payments may occur. During the financial year

significant risks have not realized, but as the impacts of the pandemic on customers may arise in longer term, management has reassessed the provision for expected credit losses under IFRS 9 and a slight increase has been booked during the financial year to address increased risk.

Cyber security incident

Cyber security attacks threaten the confidentiality, integrity and availability of F-Secure's products, services and the enterprise. F-Secure builds cyber resilience by continually improving its capability to identify, protect, detect and respond to relevant threats.

Endpoint protection market disruption

Endpoint security market is highly competitive. Operating system manufacturers have increased their focus to built-in security features and at the same time new vendors and technologies have emerged. F-Secure has to succeed in maintaining in-depth understanding of cyber security threat landscape, hacker techniques and technologies used as well as continue to innovate in defense technologies.

Market consolidation

The cyber security market is consolidating due to economies of scale. F-Secure has to succeed in finding the right acquisition targets, as well as successfully integrating the target companies.

Risks relating to launch of new technologies

In a rapidly evolving industry it is vital to keep the products and services relevant to the customers while introducing new technologies to the market on-time. F-Secure is driving technology simplification and R&D effectivization initiatives as well as investments to artificial intelligence to ensure a competitive product portfolio.

Attracting and retaining talent

Competition for capable personnel is increasing and there is structural undersupply of talent in the cyber security industry.

F-Secure is continuously developing and adopting new ways of recruitment, building its own talent and knowledge pools and investing to training and development of personnel.

Geopolitical risks

F-Secure operates globally in different countries, and local regulation is exposing the company to geopolitical risks, including, for instance, unfavorable tax matters or export controls. Changes in regulations or their application, applicable to current or new technologies or services, may adversely affect F-Secure's business operations.

Currency fluctuations

Increased amount of operations and sites outside the Eurozone in different currencies exposes F-Secure to an increased risk related to currency fluctuations.

The Annual General Meeting

The Annual General Meeting of F-Secure Corporation was held on 12 May 2020. The Meeting confirmed the financial statements for the financial year 2019. The members of the Board and the President and CEO were discharged from liability. The Annual General Meeting decided to distribute no dividend for year 2019.

It was decided that the annual remuneration of the Board of Directors remains unchanged: EUR 80,000 for the Chairman of the Board of Directors, EUR 48,000 for the Committee Chairmen, EUR 38,000 for the members of the Board of Directors, and EUR 12,667 for a member of the Board of Directors belonging to the personnel of the Company. Approximately 40% of the remuneration will be paid as the Company's shares.

It was decided that the number of Board members is seven (7).

The following current Board members were re-elected: Tuomas Syrjänen, Pertti Ervi, Bruce Oreck, Päivi Rekonen and Risto Siilasmaa. Keith Bannister and Robert Bearsby, who belongs to the personnel of F-Secure Corporation, were elected as new members of the Board of Directors. The Board elected Risto Siilasmaa as

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←

⇒

BOARD OF DIRECTORS' REPORT

the Chairman of the Board. The Board nominated Siilasmaa as the Chairman of the Personnel Committee and Bruce Oreck and Päivi Rekonen as members of the Personnel Committee. Pertti Ervi was nominated as the Chairman of the Audit Committee and Tuomas Syrjänen, Keith Bannister and Robert Bearsby were nominated as members of the Audit Committee.

It was decided that the remuneration to the Auditor will be paid in accordance with the approved invoice. PricewaterhouseCoopers Oy was elected as the Company's auditor. Mr. Janne Rajalahti, APA, acts as the Responsible Auditor.

The Annual General Meeting authorized the Board of Directors to decide upon the repurchase of a maximum of 10,000,000 of the Company's own shares in one or several tranches and with the Company's unrestricted equity. The authorisation entitles the Board of Directors to decide on the repurchase also in deviation from the proportional holdings of the shareholders (directed repurchase). The authorisation comprises the repurchase of shares either on a regulated market on Nasdaq Helsinki Ltd in accordance with its rules and guidelines in which case the repurchase price is determined on the basis of the stock exchange price at the time of repurchase, or with a purchase offer to the shareholders in which case the repurchase price must be the same for all shareholders. The Company's own shares shall be repurchased to be used for carrying out acquisitions or implementing other arrangements related to the Company's business, for improving the Company's financing structure, as part of the implementation of the Company's incentive scheme or otherwise to be transferred further or cancelled. The authorisation includes the right of the Board of Directors to decide on all other terms related to the repurchase of the Company's own shares. The authorisation is valid until the next Annual General Meeting, in any case until no later than 30 June 2021, and it terminates the authorisation given to the Board of Directors by the Annual General Meeting of year 2019 concerning the repurchase of the Company's own shares.

The Annual General Meeting authorized the Board of Directors to decide on the issuance of a maximum of 31,000,000 shares

through a share issue as well as by issuing options and other special rights entitling to shares pursuant to Chapter 10, Section 1 of the Companies Act in one or several tranches. The maximum number of the shares corresponds to 19.5% of the Company's registered number of shares. The authorisation concerns both the issuance of new shares and the transfer of treasury shares held by the Company. The authorisation entitles the Board of Directors to decide on all terms related to the share issue as well as the issuance of options and other special rights entitling to shares. The issuance of shares may be carried out in deviation from the shareholders' pre-emptive subscription right (directed issue). The authorisation may be used for carrying out potential acquisitions or other transactions or share-based incentive schemes or otherwise for purposes decided by the Board of Directors. The Board of Directors is also entitled to decide on the sale of treasury shares on a regulated market on Nasdaq Helsinki Ltd in accordance with its rules and guidelines. The authorisation is valid until the next Annual General Meeting, in any case until no later than 30 June 2021, and it terminates the authorisation given to the Board of Directors by the Annual General Meeting of year 2019 concerning the share issue and the issuance of special rights entitling to shares.

Market overview

The growing number and variety of connected devices as well as digital services continues to create security challenges for both businesses and individuals. Combined with the increasing complexity of IT systems, tightening regulation and increasing significance of geopolitics, these trends are driving demand for security products and services. While advanced cyber-attacks are becoming more common and persistent, criminals are targeting companies of all sizes along with consumers by taking advantage of vulnerabilities in popular software, both traditional and new connected devices as well as online services. Apart from pure criminal activity, governments and hacktivists use vulnerabilities and malware for things including espionage and surveillance.

Attacks against corporations often go undetected for months. As most companies lack relevant capabilities for detection and

response, it is estimated that the demand for both Endpoint Detection and Response (EDR) solutions and Managed Detection and Response (MDR) will continue to increase rapidly. The new detection and response capabilities are supplementing existing endpoint protection solutions (EPP), causing the EPP market to be in transition. Overall, as organizations are increasingly adopting cloud services, they seek managed security services and cloud-based delivery to help them maintain control of their security.

The consumer security software market continues to be impacted by the changing device landscape, app stores and online sales overall. On the whole, the number of connected smart home devices is growing very rapidly, and as a result, telecommunication operators are investing heavily in upgrading connectivity and introducing new security related services into their offerings. As consumers become increasingly aware of the threats to their privacy and security, they seek to buy more comprehensive solutions to secure their digital lives. This creates opportunities for innovative new security products.

Outlook

F-Secure's financial outlook for 2021 is:

Revenue from corporate security products is expected to grow at a high single-digit rate.
Revenue from cyber security consulting is expected to grow but uncertainty remains due to the COVID-19 pandemic.
Revenue from consumer security is expected to grow approximately at the same rate as in 2020.
Adjusted EBITDA is expected to remain approximately at the previous year's level (EUR 35.7 million).

The COVID-19 pandemic continues to impact the predictability of cyber security consulting and can also impact the new sales of software solutions. The related risks are described in this Annual Report 2020.

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

BOARD OF DIRECTORS' REPORT

Dividend proposal

The company's dividend policy is to pay approximately half of its profits as dividends. On December 31, 2020, F-Secure Oyj's distributable funds totaled EUR 74.6 million, EUR 14.8 million of which was the net profit for the period. No material changes have taken place in the company's financial position after the balance sheet date.

F-Secure's Board of Directors proposes that a dividend of EUR 0.04 per share which totals EUR 6.4 million in dividends, be paid on the basis of the balance sheet to be adopted for the financial year that ended December 31, 2020. The dividend shall be paid to shareholders who are registered in the company's shareholder register maintained by Euroclear Finland Oy on the record date for the dividend payment, March 26, 2021. The Board of Directors proposes that the dividend will be paid on Thursday, 8 April 2021.

Events after period-end

No other material changes regarding the Company's business or financial position have occurred after the end of the year.

Helsinki, 9 February 2021

F-Secure Corporation

Board of Directors

Risto Siilasmaa

Pertti Ervi

Bruce Oreck

Päivi Rekonen

Tuomas Syrjänen

Keith Bannister

Robert Bearsby

President and CEO

Juhani Hintikka

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

KEY FIGURES

F-Secure has applied new IFRS16 standard from January 1, 2019 onwards with modified approach and comparatives are not restated. IFRS 15 and IFRS 9 standards have been applied from January 1, 2018 onwards and 2017 financials are restated retrospectively. Figures for 2016 are not restated and thus not fully comparable.

Economic indicators	IFRS 2020	IFRS 2019	IFRS 2018	IFRS 2017	IFRS 2016
Revenue (MEUR) *	220.2	217.3	190.7	169.8	158.3
Revenue growth %	1%	14%	12%	7%	7%
EBIT (MEUR) *	19.7	7.2	4.5	11.5	19.2
% of revenue	8.9%	3.3%	2.4%	6.8%	12.1%
Result before taxes *	16.5	4.2	1.7	12.4	20.8
% of revenue	7.5%	2.0%	0.9%	7.3%	13.1%
ROE (%)	16.2%	4.7%	1.2%	15.0%	19.9%
ROI (%)	18.5%	4.5%	7.9%	20.0%	28.6%
Equity ratio (%)	52.5%	49.0%	42.7%	61.9%	66.7%
Investments (MEUR)	14.3	12.8	99.8	9.3	6.9
% of revenue	6.5%	5.9%	52.3%	5.5%	4.4%
R&D costs (MEUR) *	41.9	39.6	35.7	34.1	28.4
% of revenue	19.0%	18.2%	18.7%	20.1%	17.9%
Capitalized development (MEUR)	5.5	6.2	4.7	3.9	3.2
Gearing %	-14.1%	20.8%	13.9%	-127.8%	-122.1%
Wages and salaries (MEUR)	103.7	104.4	84.9	70.1	61.8
Personnel on average	1,691	1,701	1,364	1067	981
Personnel on Dec 31	1,678	1,696	1,666	1104	1,026

For 2016 only continuing operations.

Adjusted number of shares	IFRS 2020	IFRS 2019	IFRS 2018	IFRS 2017	IFRS 2016
average during the period	158,082,324	157,719,368	157,224,137	156,502,983	156,022,774
average during the period, diluted	158,082,324	157,719,368	157,224,137	156,502,983	156,022,774
Dec 31	158,798,739	158,798,739	158,798,739	158,798,739	158,798,739
Dec 31, diluted	158,798,739	158,798,739	158,798,739	158,798,739	158,798,739
Key ratios	IFRS 2020	IFRS 2019	IFRS 2018	IFRS 2017	IFRS 2016
---	---	---	---	---	---
Earnings / share (EUR)	0.08	0.02	0.01	0.07	0.10
Earnings / share (EUR) continuing operations	0.08	0.02	0.01	0.07	0.10
Earnings / share diluted	0.08	0.02	0.01	0.07	0.10
Earnings / share diluted continuing operations	0.08	0.02	0.01	0.07	0.10
Shareholders' equity per share	0.52	0.48	0.42	0.45	0.49
Dividend per share *	0.04	0.00	0.00	0.04	0.12
Dividend per earnings (%)	50.0%	0.0%	0.0%	57.1%	122.8%
Effective dividends (%)	1.0%	0.0%	0.0%	1.0%	3.4%
P/E ratio	47.1	142.7	431.4	55.2	35.6
Share price, lowest (EUR)	2.04	2.19	2.18	3.17	2.19
Share price, highest (EUR)	4.14	3.40	4.24	4.84	3.60
Share price, average (EUR)	3.10	2.68	3.03	3.94	2.87
Share price Dec 31	3.84	3.05	2.32	3.89	3.48
Market capitalization (MEUR)	609.0	483.5	367.6	617.7	552.6
Trading volume (millions)	22.8	26.5	33.7	27.8	35.9
Trading volume (%)	14.33%	16.70%	21.2%	17.5%	22.6%

Board proposal

Turnover and average share price per month 2020

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

CALCULATION OF KEY RATIOS

Equity ratio, %	Total equity	× 100
	Total assets – advance payments received
ROI, %	Result before taxes + financial expenses	× 100
	Total assets – non-interest bearing liabilities (average)
ROE, %	Result for the period	× 100
	Total equity (average)
Gearing, %	Interest bearing liabilities – cash and bank and financial asset through profit and loss	× 100
	Total equity
Earnings per share, EUR	Profit attributable to equity holders of the company
	Weighted average number of outstanding shares
Shareholders' equity per share, EUR	Equity attributable to equity holders of the company
	Number of outstanding shares at the end of period
P/E ratio	Closing price of the share, end of period
	Earnings per share
Dividend per earnings, %	Dividend per share	× 100
	Earnings per share
Effective dividends, %	Dividend per share	× 100
	Closing price of the share, end of period
Operating expenses	Sales and marketing, research and development and administration costs
EBITDA	EBIT + depreciation, amortization and impairment

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

Reconciliation between adjusted EBITDA, EBITDA, adjusted EBIT and EBIT

EUR 1,000	Consolidated 2020	Consolidated 2019
Adjusted EBITDA	35.7	23.2
Adjustments to EBITDA
Change in fair value of contingent consideration		12.5
Restructuring	0.0	-4.6
EBITDA	35.7	31.1
Depreciation, amortization and impairment losses	-16.0	-24.0
EBIT	19.7	7.2
Adjusted EBIT	22.9	9.6
Adjustments to EBIT
Change in fair value of contingent consideration		12.5
PPA amortization	-3.2	-4.1
Impairment		-6.3
Restructuring	0.0	-4.6
EBIT	19.7	7.2

Classification of adjusted costs in operating expenses

	Operating Expenses 2020	Restructuring	Expenses for adjusted EBIT	Depreciation	Impairment	PPA amortization	Operating Expenses for Adjusted EBITDA 2020
Sales and marketing	-95.6		-95.6	6.2			-89.4
Research and development	-41.8		-41.8	5.9			-35.9
Administration	-17.1	0.0	-17.1	0.8		3.2	-13.2
Operating expenses	-154.5	0.0	-154.5	12.9		3.2	-138.5
	Operating Expenses 2019	Restructuring	Expenses for adjusted EBIT	Depreciation	Impairment	PPA amortization	Operating Expenses for Adjusted EBITDA 2019
---	---	---	---	---	---	---	---
Sales and marketing	-106.0		-106.0	6.6			-99.4
Research and development	-39.6		-39.6	6.3			-33.2
Administration	-28.1	4.6	-23.5	0.7	6.3	4.1	-12.4
Operating expenses	-173.7	4.6	-169.1	13.6	6.3	4.1	-145.1

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

Shares and shareholders

Shares and share ownership distribution, 31 Dec 2020

Shares	Number of shareholders	% of shareholders	Total shares	% of shares
1–100	6,566	25.26%	332,744	0.21%
101–1,000	15,180	58.39%	5,678,191	3.58%
1,001–50,000	4,174	16.06%	16,043,829	10.10%
50,001–100,000	33	0.13%	2,327,304	1.47%
100,001–	44	0.17%	134,416,671	84.65%
Total	25,997	100.00%	158,798,739	100.00%
Shareholders by category, 31 Dec 2020		Total shares	% of shares
---	---	---	---
Corporations		4,936,245	3.11%
Financial and insurance institutions		51,627,250	32.51%
General government		17,172,033	10.81%
Non-profit organizations		558,896	0.35%
Households		83,148,678	52.36%
Other countries and international organizations		1,355,637	0.85%
Total		158,798,739	100.00%

Largest shareholders and administrative register

Owner	Shares	% of shares	% of votes
Risto Siilasmaa	60,003,037	37.79%	37.93%
Nordea Bank Abp	14,868,129	9.36%	9.40%
Skandinaviska Enskilda banken AB	10,425,582	6.57%	6.59%
Nordea Nordic Small Cap Fund	9,796,976	6.17%	6.19%
Mandatum Life Insurance Company	6,945,150	4.37%	4.39%
Elo Mutual Pension Insurance Company	4,914,612	3.09%	3.11%
Ilmarinen Mutual Pension Insurance Company	4,167,860	2.62%	2.63%
The State Pension Fund	3,500,000	2.20%	2.21%
Varma Mutual Pension Insurance Company	3,470,660	2.19%	2.19%
Nordea Finland Fund	1,973,996	1.24%	1.25%
Administrative register	Shares	% of shares	% of votes
---	---	---	---
Nordea Pankki Suomi Oyj	14,868,129	9.36%	9.40%
Skandinaviska Enskilda Banken	10,425,582	6.57%	6.59%
Other registers	908,899	0.57%	0.57%
Other shareholders	37,216,730	23.44%	23.53%
Total	158,191,631	99.62%	100.00%
Own shares F-Secure Corporation	607,108	0.38%
Total	158,798,739	100.00%

Ownership of management

Board of Directors	Shares	% of shares
Risto Siilasmaa	60,003,037	37.79%
Pertti Ervi	62,921	0.04%
Tuomas Syrjänen	21,622	0.01%
Bruce Oreck	23,865	0.02%
Päivi Rekonen	18,572	0.01%
Keith Bannister	5,467	0.00%
Robert Bearsby	1,822	0.00%
Total	60,137,306	37.87%
Executive team	Shares	% of shares
---	---	---
Jari Still	139,013	0.09%
Eriikka Söderström	61,804	0.04%
Kristian Järnefelt	38,356	0.02%
Jyrki Tulokas	34,162	0.02%
Juha Kivikoski	11,804	0.01%
Ed Parsons	5,348	0.01%
Juhani Hintikka
Eva Tuominen
Antti Hovila
Tim Orchard
Total	290,487	0.18%

Ownership of management

The Board of Directors owned a total of 60,137,306 shares on December 31, 2020. This represents 37.9 percent of the Company's shares and 38.0 percent of votes.

日

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

STATEMENT OF COMPREHENSIVE INCOME JAN 1–DEC 31, 2020

EUR 1,000	Note	Consolidated, IFRS 2020	Consolidated, IFRS 2019
REVENUE	(2)	220,204	217,338
Cost of revenue	(6)	-47,996	-50,549
GROSS MARGIN		172,208	166,789
Other operating income	(3)	2,108	14,049
Sales and marketing	(4, 5, 6)	-95,625	-105,988
Research and development	(4, 5, 6)	-41,891	-39,568
Administration	(4, 5, 6)	-17,120	-28,122
EBIT		19,680	7,160
Financial income	(8)	2,443	1,424
Financial expenses	(8)	-5,666	-4,337
PROFIT (LOSS) BEFORE TAXES		16,457	4,247
Income tax	(9)	-3,581	-882
RESULT FOR THE FINANCIAL YEAR		12,875	3,365
Other comprehensive income
Exchange difference on translation of foreign operations		-7,361	5,081
COMPREHENSIVE INCOME FOR THE YEAR		5,514	8,446
Result of the financial year is attributable to:
Equity holders of the parent		12,875	3,365
Comprehensive income for the year is attributable to:
Equity holders of the parent		5,514	8,446
Earnings per share
- basic and diluted	(10)	0.08	0.02

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

STATEMENT OF FINANCIAL POSITION DEC 31, 2020

EUR 1,000	Note	Consolidated, IFRS 2020	Consolidated, IFRS 2019	EUR 1,000	Note	Consolidated, IFRS 2020	Consolidated, IFRS 2019
ASSETS
NON-CURRENT ASSETS				SHAREHOLDERS' EQUITY AND LIABILITIES
Tangible assets	(4, 13)	14,064	15,594	Share capital		1,551	1,551
Intangible assets	(13)	34,016	36,519	Share premium		165	165
Goodwill	(11, 12, 13)	81,944	88,398	Treasury shares		-1,288	-2,141
Deferred tax assets	(21)	3,954	3,072	Translation differences		-4,116	3,245
Other receivables	(16)	579	573	Reserve for invested unrestricted equity		6,464	6,173
Total non-current assets		134,557	144,156	Retained earnings		79,554	67,166
CURRENT ASSETS				Equity attributable to equity holders of the parent		82,330	76,158
Inventories	(14)	74	107	NON-CURRENT LIABILITIES
Accrued income	(16)	3,398	3,451	Interest bearing liabilities, non-current	(4, 19, 20)	23,929	29,451
Trade and other receivables	(15, 16)	47,462	53,857	Deferred tax liabilities	(21)	1,294	2,463
Income tax receivables	(16)	872	2,301	Other non-current liabilities	(22)	25,338	19,490
Financial asset at FVTPL	(15)	61	66	Provisions	(22)		3,041
Cash and bank accounts	(15, 20)	51,380	25,427	Total non-current liabilities		50,560	54,445
Total current assets		103,246	85,210
TOTAL ASSETS				CURRENT LIABILITIES
		237,803	229,366	Interest bearing liabilities, current	(4, 19, 20)	15,937	11,877
				Trade and other payables	(20, 22)	26,088	28,998
				Income tax liabilities	(22)	5,656	1,522
				Other current liabilities	(22)	57,232	56,365
				Total current liabilities		104,913	98,763
				TOTAL SHAREHOLDERS' EQUITY AND LIABILITIES		237,803	229,366

日

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

STATEMENT OF CASH FLOWS JAN 1–DEC 31, 2020

EUR 1,000	Consolidated, IFRS 2020	Consolidated, IFRS 2019	EUR 1,000	Consolidated, IFRS 2020	Consolidated, IFRS 2019
Cash flow from operations			Cash flow from investments
Result for the financial year	12,875	3,365	Investments in intangible and tangible assets	-8,139	-8,634
Adjustments			Proceeds from sale of intangible and tangible assets	238	123
Depreciation and amortization	16,020	23,988	Other investments	6	-8
Profit / loss on sale of fixed assets	58	57	Acquisition of subsidiaries, net of cash acquired	-3,681
Other adjustments	1,783	-5,626
Financial income and expenses	3,224	2,913
Income taxes	3,581	882	Cash flow from investments	-11,575	-8,519
Cash flow from operations before change in working capital	37,542	25,579	Cash flow from financing activities
Change in net working capital			Proceeds from interest-bearing liabilities	10,000
Current receivables, increase (-), decrease (+)	6,164	-1,531	Repayments of interest-bearing liabilities	-11,000	-6,000
Inventories, increase (-), decrease (+)	33	288	Repayments of lease liabilities	-7,251	-6,457
Non-interest bearing debt, increase (+), decrease (-)	5,069	-5,353	Cash flow from financing activities	-8,251	-12,457
Provisions, increase (+), decrease (-)	-500		Change in cash	26,854	-2,485
Cash flow from operations before financial items and taxes	48,307	18,982	Cash and bank at the beginning of the period	25,427	27,806
Interest expenses paid	-536	-636	Effects of exchange rate changes	-902	107
Interest income received	-4	70
Other financial income and expenses	-1,017	-930
Income taxes paid	-70	1,005
Cash flow from operations	46,680	18,490

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

STATEMENT OF CHANGES IN EQUITY

Attributable to the equity holders of the parent

EUR 1,000	Share capital	Share premium fund	Treasury shares	Translation differences	Unrestricted equity reserve	Retained earnings	Total equity
Equity December 31, 2018	1,551	165	-2,772	-1,838	6,082	63,092	66,279
Result of the financial year						3,365	3,365
Translation difference				5,081			5,081
Total comprehensive income for the year				5,081		3,365	8,446
Cost of share based payments			631		91	709	1,431
Equity December 31, 2019	1,551	165	-2,141	3,245	6,172	67,166	76,158
Result of the financial year						12,875	12,875
Translation difference				-7,361			-7,361
Total comprehensive income for the year				-7,361		12,875	5,514
Cost of share based payments			853		291	-486	659
Equity December 31, 2020	1,551	165	-1,288	-4,116	6,464	79,554	82,330

More information in note 17. Shareholders' equity

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

\leftrightarrow

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

NOTES TO THE FINANCIAL STATEMENTS

ACCOUNTING PRINCIPLES FOR THE CONSOLIDATED FINANCIAL STATEMENTS

Basic information

F-Secure provides cyber security products and services globally for consumers and businesses.

The parent company of the Group is F-Secure Corporation incorporated in Finland and domiciled in Helsinki. Company's registered address is Tammasaarenkatu 7, 00180 Helsinki. A copy of consolidated financial statements can be downloaded on www.f-secure.com or can be received from the parent company's registered address.

These financial statements were authorized for issue by the Board of Directors on 10 February 2021. According to the Finnish Companies Act, the Annual General Meeting can confirm or reject the consolidated financial statements after publication. The Annual General Meeting can also decide to change the financial statements.

ACCOUNTING PRINCIPLES

The consolidated financial statements of F-Secure Corporation of 2020 have been prepared in accordance with International Financial Reporting Standards (IFRS), applying the IAS and IFRS standards as well as SIC and IFRIC interpretations that were in force and had been approved by the EU by 31 December 2020.

Principles of consolidation

The consolidated financial statements incorporate the financial statements of F-Secure Corporation and entities controlled by F-Secure Corporation. Consolidation is done using the acquisition method and begins when control over the subsidiary is obtained. The consolidation stops when the control ceases. The Group does not have any associated companies nor is there any non-controlling interest in the Group.

All intra-group transactions and balances, including unrealized profits arising from intra-group transactions, have been eliminated on consolidation. Where necessary, accounting policies of the

subsidiaries have been adjusted to ensure consistency with the policies adopted by the Group.

Transactions in foreign currency

The consolidated financial statements are presented in euros, which is F-Secure Corporation's functional currency. At each reporting date for the purpose of presenting consolidated financial statements the income statements of foreign Group companies are translated at the average exchange rates for the reporting period and the balance sheets are translated using the European Central Bank's exchange rates prevailing on the reporting date. Translation differences are recognized in shareholders' equity and the change in other comprehensive income.

Foreign currency transactions are translated using the exchange rates prevailing at the dates of the transactions. On the reporting date, assets and liabilities denominated in foreign currencies are translated using the European Central Bank's exchange rates prevailing at that date. Exchange rate gains and losses are recognized in financial items in the income statement.

New and amended IFRS Standards that are effective for 2020

During 2020 there were no changes in the Group's accounting principles.

COVID-19 impacts on financial reporting during 2020

COVID-19 has impacted F-Secure's financial reporting and increased the amount of management judgment related to certain items in the financial statements. Operationally COVID-19 has had biggest impact on the cyber security consulting business, but due to prolonged sales cycles in Managed Detection and Response, also product revenue was impacted.

During second quarter of 2020 management assessed that COVID-19 impacts on consulting can be viewed as an indication of goodwill impairment and, thus, additional impairment testing of Consulting goodwill was carried out. As a result of the testing,

no impairment was detected. Management has continuously monitored any further indications of impairment. Annual impairment testings have been carried out at the end of the year. Testings did not result in impairment bookings.

During second quarter of 2020 management assessed that COVID-19 can impact liquidity of the Group's customers in short and longer term. Expected credit losses according to IFRS 9 were reassessed to include the increased risk caused by the pandemic. Although no significant risks realized during the financial year, prolonging of the pandemic can still impact customer's liquidity and therefore the provision for expected credit losses has been kept at slightly higher level.

COVID-19 impacts on the Group's cyber security consulting business has temporarily impacted profitability in certain locations leading to taxable losses in some of Group's subsidiaries. Management has assessed the capability to utilize the losses against future profits according to IAS 12 and deferred tax assets have been booked accordingly. Impacts of the pandemic on subsidiaries' profitability can be viewed as temporary.

Group's financing agreement includes a committed revolving credit facility (RCF) of EUR 23,000 thousand. In the beginning of the pandemic the management assessed that short term liquidity risk has increased and a withdrawal of EUR 10,000 thousand from the RCF was made to address the risk. As the cash position remained solid throughout the financial year, a repayment of EUR 5,000 thousand to the RCF was made in final quarter of the year.

Management judgment on significant accounting principles and use of estimates

The preparation of consolidated financial statements requires the use of estimates and assumptions as well as the use of judgment when applying accounting principles. These affect the contents of the financial statements and it is possible that actual results may differ from estimates.

Estimates made in connection with the preparation of financial statements are based on management's best knowledge at the

reporting date. Estimates build upon past experience as well as assumptions of the future development of the economic environment of the Group. Revisions in estimates and assumptions are recognized in the period they occur and in future periods if the revision affects both current and future periods.

Key sources where estimation uncertainty arises at the reporting date are: Impairment testing: Recoverable amount of goodwill from acquisitions is based on estimated future cash flows which are subject to management judgment.In addition to goodwill the intangible assets that are not yet ready for use (EUR 7.1 million) are tested annually for impairment. The recoverable amount of these assets is based on estimated future cash flows from sales and/or use of the asset.Deferred tax assets from tax losses: The Group has recognized deferred tax assets from tax losses. Biggest losses are in the UK where the deferred tax asset is EUR 2.9 million and in the US where the deferred tax asset is EUR 0.4 million. The amount of deferred tax assets is based on management estimation about future recoverability of these tax losses.Expected credit losses: Provision for expected credit losses in Group's balance sheet is EUR 2.5 million. Managements has used judgment especially in defining potential impacts of the COVID-19 pandemic on expected credit losses and provision has been adjusted accordingly.

Revenue recognition

Revenue is derived from corporate and consumer businesses. Corporate security business revenue includes cyber security products, managed services, and cyber security consulting. Cyber security products comprise endpoint protection solutions (Protection Service for Business, PSB; Business Suite, Cloud Protection for Salesforce, Cloud Protection for Microsoft Office 365), as well as solutions targeted at detecting and responding to advanced attacks (Rapid Detection and Response, RDR and F‐Secure Countercept) and vulnerability management (F‐Secure Radar and phishd). Consumer security business revenue comes through operator and direct consumer channels, and the main products include F‐Secure SAFE, F‐Secure FREEDOME, F‐Secure SENSE, F‐Secure KEY and F‐Secure ID PROTECTION.

Endpoint protection solutions and vulnerability management products

Endpoint protection security solutions (PSB, Business Suite for corporate and RDR) are sold to corporate customers by granting the customer access to use the intellectual property during the license period or as Security‐as‐a‐Service. F‐Secure delivers the product and provides continuous automated updates against new threats. The software and the accompanied services are highly interdependent and therefore treated as one performance obligation for which revenue is recognized over time on a straight‐line basis for the license period.

Consumer customer products and vulnerability management products for corporate customers (Radar and phishd) are treated as Security‐as‐a‐Service as they do not include a license of intellectual property. Revenue is accounted for as a single performance obligation and recognized over time on a straight‐line basis for the contract period.

When there is a hardware component to the solution (SENSE) the hardware is considered as a distinct performance obligation and revenue for hardware is recognized separately at point in time of delivery.

Cyber security consulting services and managed detection and response solutions

Cyber security consulting services are recognized as revenue based on the delivery of the work. For F‐Secure managed detection and response solution (F‐Secure Countercept) the software and the service are considered as single performance obligation. The customer is granted access to use the intellectual property and the service is provided by F‐Secure continuously throughout the contract period. Revenue for managed services is recognized on a straight‐line basis for the contract period.

Presenting of receivables and liabilities from contracts with customers

Receivables from contracts with customers are presented in the balance sheet as Accrued income. Liabilities from contracts with customers are presented in the balance sheet as Deferred revenue and included in Total non‐current liabilities or Total current liabilities depending on the duration of the liability.

Pensions

All of F‐Secure Group's pension arrangements are in accordance with local statutory requirements, and they are defined contribution plans. Contributions to defined contribution plans are recognized in the income statement in the period to which the contributions relate.

Leases

Leases which meet with IFRS 16 requirements are booked to balance sheet as right‐of‐use asset with corresponding lease liability. Right‐of‐use assets and lease liabilities are initially valued at the present value of the remaining lease payments. Incremental borrowing rate is applied in discounting the remaining payments. F‐Secure's incremental borrowing rate varies between 2.45% and 9.15% depending on the geographical location of the leased asset, lease period and guarantees.

F‐Secure's right‐of‐use assets comprise of rented office premises and leased cars. Short‐term contracts (remaining contract period 12 months or less) and low value assets are excluded from leases and lease expense is recognized on a straight‐line basis as permitted by IFRS 16.

Lease contracts for the Group's office premises are typically made for fixed periods of 3 to 6 years and they may contain extension options. Each office lease contract is negotiated individually and the contracts may contain wide range of different terms and conditions. Some of Group's office premises are leased with on‐going contracts where the ending date is not defined. The management assesses the probable duration for these contracts case‐by‐case and the lease liability is calculated accordingly.

Changes to the estimates are accounted for at each reporting date. Estimated duration for on-going contracts vary between 3 to 5 years and the total liability from on-going contracts is EUR 2.0 million.

In measuring the present value of the liabilities arising from leases any service related fees are excluded from the lease payment. The Group's lease contracts do not contain residual value guarantees or purchase options.

Income taxes

The income tax expense in income statement represents the sum of current taxes and deferred taxes. Current taxes are calculated on the taxable income for all Group companies in accordance with the local tax rules. Deferred taxes, resulting from temporary differences between the financial statement and the income tax basis of assets and liabilities, use the enacted tax rates in effect in the years in which the differences are expected to reverse. Deferred tax assets are recognized to the extent that it is probable that future taxable profit will be available. Deferred tax liabilities are recognized for all temporary differences.

Deferred tax assets and liabilities are offset when there is a legally enforceable right to set off current tax assets against current tax liabilities and when they relate to the same taxation authority and the Group intends to settle the assets and liabilities on a net basis.

Business combinations

Acquisition method is used for accounting the acquisitions of businesses. The consideration transferred in a business combination is measured at fair value, which is calculated as the sum of the acquisition-date fair values of assets transferred by the Group and liabilities incurred by the Group to the former owners of the acquiree. Contingent considerations related to business combinations are measured at fair value at acquisition date and included as part of the consideration transferred. Costs related to the acquisition are recognized in profit and loss statement.

The identifiable assets acquired and the liabilities assumed are recognized at fair value at the acquisition date except for deferred tax assets or liabilities which are measured in accordance with IAS 12 Income taxes. Goodwill is measured as the excess of the transferred consideration over the net amount of the acquired identifiable assets and assumed liabilities.

Changes in fair value of the contingent consideration that do not arise within one year from the acquisition from facts and circumstances that existed at the acquisition date are recognized in profit or loss.

Goodwill

Goodwill is initially recognized and measured in business combinations as set out above. Goodwill is not amortized but is instead tested for impairment at least annually and whenever there is an indication that it may be impaired. For the purpose of impairment testing goodwill has been allocated to cash generating units expected to benefit from the synergies of the combination. If the recoverable amount of the cash generating unit is less than the carrying amount of the unit, the impairment loss is allocated first to reduce the carrying amount of any goodwill allocated to the unit and then to the other assets of the unit. If an impairment loss for goodwill is recognized it will not be reversed in the subsequent periods. Goodwill is recorded at historical cost less accumulated impairment losses.

Intangible assets

Research and development expenditure

Research expenditure is recognized as an expense at the time it is incurred. Development expenditure on new products or product versions with significant new features are recognized as intangible assets when they fulfill the requirements set out in IAS 38. Amortization is recorded on a straight-line basis over the estimated useful life, which is 3--8 years for these assets.

Intangible assets acquired in business combinations

Intangible assets acquired in business combinations and recognized separately from goodwill are initially recognized at fair value on the acquisition date. Subsequent to initial recognition these assets are reported at initial value less accumulated amortization and accumulated impairment losses.

Intangible assets acquired in business combinations include technology, trademarks and customer relationships, which all have a finite useful life. Initial valuation for technology and trademarks is done based on Relief from royalty method and for customer relationships based on Excess earnings method. The estimated useful lives for intangible assets acquired in business combinations are:

Other intangible assets

Other intangible assets include intangible rights and software licenses, all with a finite useful life. Other intangible assets are recorded at historical cost less accumulated amortization and possible impairment. Amortization is recorded on a straight-line basis over the estimated useful life of an asset. The estimated useful lives of other intangible assets are as follows:

Tangible assets

Tangible assets are recorded at historical cost less accumulated depreciation and possible impairment. Depreciation is recorded on a straight-line basis over the estimated useful life of an asset. The estimated useful lives of tangible assets are as follows:

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

Other tangible assets include renovation costs of rented office space.

Gains or losses on disposal of tangible assets are shown in other operating income or expense.

Impairment of assets

At each reporting date, the Group assesses whether there is any indication that an asset may be impaired. Where an indicator of impairment exists, the Group makes a formal estimate of recoverable amount. The recoverable amount of goodwill and intangible assets that are not ready for use are estimated annually for regardless of whether any indication of impairment exists.

Where the carrying amount of an asset exceeds its recoverable amount the asset is considered impaired and the carrying amount is reduced to its recoverable amount. The recoverable amount is the fair value of an asset less costs of disposal or value in use, whichever is higher. An impairment loss is recorded in the income statement.

A previously recognized impairment loss is reversed only if there has been a change in the estimates used to determine the asset's recoverable amount since the last impairment loss was recognized. The maximum reversal of an impairment loss amounts to no more than the carrying amount of the asset if no impairment loss had been recognized, net of depreciation. Impairment losses relating to goodwill cannot be reversed in future periods.

Inventories

Inventories are valued at the lower of cost and net realizable value. Cost is determined by first-in first-out method. Net realizable value is the estimated selling price that is obtainable, less estimated costs of completion and the estimated costs necessary to make the sale.

FINANCIAL INSTRUMENTS

Financial assets

Financial assets are originally valued at fair value. Trade receivables are originally valued with transaction price and later with amortized cost reduced by expected credit loss for trade receivable. Trade receivables and other receivables are written off from the balance sheet as the rights to associated cash flows end or become transferred to the counterpart. An expected credit loss is recognized for trade receivables according to IFRS 9. The amount of expected credit loss is updated at each reporting date to reflect changes in credit risk since initial recognition of the respective financial instrument. The expected credit loss is estimated using a provision matrix where trade receivables are grouped based on historical credit loss experience and characteristics that depict the credit risk of receivables (e.g. geographical area and days past due).

Financial liabilities

F-Secure classifies loans from financial institutions, trade payables and other payables as other financial liabilities which are measured at amortized cost. Transaction costs, such as arrangement fees, are deferred over the maturity of the liability. Contingent considerations arising from acquisitions are classified as financial liabilities measured at fair value and changes in fair value are accounted through profit and loss. Contingent considerations are measured at fair value at the end of each reporting period. Financial liabilities are classified as current unless F-Secure has unconditional right to postpone their repayment by at least 12 months from the end date of the reporting period.

Derivative financial instruments and hedging

The Group uses derivative financial instruments such as forward currency contracts to hedge its risks associated with foreign currency fluctuations. Derivatives are valued at fair value. The fair value of forward currency contracts is calculated based on current forward exchange rates at the reporting date for contracts with similar maturity profiles. The gains and losses arising from the change of fair value are booked through the income statement as the Group does apply hedge accounting.

Provisions

Provisions are recognized when the Group has a present obligation (legal or constructive) as a result of a past event, the outflow of resources is probable, and a reliable estimate of the amount of the obligation can be made. The amount recognized is a best estimate of the consideration required to settle the obligation at each reporting date. Risks and uncertainties are taken into account when making the estimate.

Treasury shares

Parent company has acquired treasury shares in 2008–2011. The purchase price of the shares has been deducted from equity.

Share-based payment transactions

F-Secure provides incentives to employees in the form of equity-settled share-based instruments. Currently the Company has share-based programs.

F-Secure's share-based incentive programs are targeted to the Group's key personnel. The programs are divided into equity-settled and cash-settled part. The equity-settled part is valued at fair value at grant date, and the expense is recognized evenly in the income statement over the vesting period with the counter-entry in retained earnings. Fair value is determined using the market value of the share of F-Secure Corporation. The cash-settled part is initially valued at fair value at grant date. At each reporting date the cash-settled part is revalued to fair value and the expense is recognized in the income statement over the vesting period with the counter-entry in liabilities. The cumulative expense recognized at grant date is based on the Group's estimate of the number of shares that will ultimately vest at the end of the vesting period. If a person leaves the company before vesting, the reward is forfeited. The Group updates its estimate of the ultimate number of shares at each reporting date. These changes in the estimate are recorded in the income statement.

日

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

Presentation of expenses

Classification of the functionally presented expenses has been made by presenting direct expenses in their respective functions and by allocating other expenses to operations on the basis of average headcount in each function.

Operating result

IAS 1 Presentation of Financial Statements standard does not define the concept of Earnings before interest and taxes (EBIT). The Group has defined it as follows: EBIT is the net amount, which consists of revenue and other operating income less cost of revenue which is adjusted for changes in inventories, employee benefit costs, depreciation and amortization, possible impairment losses, and other operating expenses.

New standards and interpretations not yet effective

New or amended standards or interpretations are not expected to have an impact on the consolidated financial statements.

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

1. SEGMENT INFORMATION

The Group has one segment, data security. Segment reporting is consistent with the internal reporting submitted to the chief operating decision-maker. The Leadership Team has been appointed the chief operating decision-maker, responsible for allocating resources and assessing performance as well as making strategic decisions. For the geographical information revenue is presented based on the location of the customer and the long-term assets based on the location of the assets.

Geographical information

Geographical information about revenue is presented in note 2.

EUR 1,000	Consolidated 2020	Consolidated 2019
Long-term assets
Nordic countries	31,907	30,022
Europe excl. Nordics	67,063	74,918
North America	902	1,512
Rest of world	34,685	37,704
Total	134,557	144,156

2. REVENUE

Principles of revenue recognition are stated in accounting principles to consolidated financial statements, section Revenue recognition.

Disaggregation of revenue

EUR 1,000	Consolidated 2020	Consolidated 2019
Sales channels
Revenue from external customers
Consumer security	100,106	94,844
Corporate security	120,098	122,495
Products	74,279	72,506
Services	45,819	49,987
Total	220,204	217,338

Geographical information

Revenue from external customers
Nordic countries	70,948	72,514
Europe excl. Nordics	98,893	96,180
North America	23,242	19,732
Rest of world	27,121	28,913
Total	220,204	217,338

3. OTHER OPERATING INCOME

EUR 1,000	Consolidated 2020	Consolidated 2019
Adjustment of contingent consideration from acquisitions		12,501
Government grants	1,896	1,149
Rental revenue	18	102
Other	194	297
Total	2,108	14,049

Contingent consideration liability from MWR InfoSecurity acquisition was decreased by 12,501 thousand euros 2019 due to not achieving certain agreed business targets.

Government grants are recognized as income over those periods in which the corresponding expenses arise. Due to COVID-19 government grants have increased slightly in certain locations where governments have taken measures to support the local businesses.

Other operating income includes e.g. gain on sale of fixed assets and rent income.

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

4. LEASES

EUR 1,000	Consolidated 2020	Consolidated 2019
Decrease in Cost of Revenue	197	257
Decrease in operating expenses (lease expenses)	6,628	6,349
Increase in right-of-use asset depreciation	-6,536	-6,332
Increase in EBIT	288	274
Increase in financial expenses	-324	-340
Profit / Loss for the period	-36	-66
Short-term leases booked as rent expense	205	466
Right of use assets and liabilities
Right of use assets
Buildings	8,554	8,477
Cars	1,207	1,644
Machinery		143
Total	9,761	10,264
Lease liabilities
Buildings	8,663	8,545
Cars	1,202	1,648
Machinery		135
Total	9,865	10,329
Repayments of lease liabilities	7,278	6,457

Right of use assets related changes are stated in disclosure 13. Non-current assets.

Right of use assets related interest payments are stated in disclosure 8. Financial income and expenses.

Maturity of lease liabilities is stated in disclosure 19. Financial liabilities.

5. DEPRECIATION, AMORTIZATION, AND IMPAIRMENT

EUR 1,000	Consolidated 2020	Consolidated 2019
Depreciation and amortization of non-current assets
Other intangible assets	-1,945	-3,020
Capitalized development	-4,992	-5,894
Intangible assets	-6,937	-8,914
Machinery and equipment	-1,627	-1,752
Right of use assets	-6,536	-6,332
Other tangible assets	-659	-685
Tangible assets	-8,823	-8,770
Impairment
Goodwill		-6,001
Capitalized development	-260	-304
Total impairment	-260	-6,304
Total depreciation and amortization	-16,020	-23,988
Depreciation and amortization by function
Sales and marketing	-6,138	-6,580
Research and development	-5,957	-6,296
Administration	-3,925	-11,112
Total depreciation and amortization	-16,020	-23,988

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

PERSONNEL EXPENSES

EUR 1,000	Consolidated 2020	Consolidated 2019
Personnel expenses
Wages and salaries	-103,747	-104,399
Pension expenses – defined contribution plan	-10,710	-12,080
Share-based payments	-801	-2,169
Other social expenses	-8,280	-9,194
Total	-123,538	-127,842

Employee benefits of the management are stated in disclosure 24. Related party transactions.

Share-based payments are stated in disclosure 18. Share-based payment transactions.

Average number of personnel	1,691	1,701
Personnel by function December 31
Consulting and delivery	476	540
Sales and marketing	480	516
Research and development	535	458
Administration	187	182
Total	1,678	1,696

AUDIT FEES

EUR 1,000	Consolidated 2020	Consolidated 2019
Group auditor
Audit fees, PricewaterhouseCoopers	-308	-299
Audit related fees, PricewaterhouseCoopers		-22
Other consulting, PricewaterhouseCoopers	-38	-27
Total	-346	-348

PricewaterhouseCoopers Oy has provided non-audit services to entities of F-Secure Group in total 30 thousand euros during the financial year 2020, which are related to other services.

Other auditors
Audit fees	-58	-91
Total	-58	-91

FINANCIAL INCOME AND EXPENSES

EUR 1,000	Consolidated 2020	Consolidated 2019
Financial income
Interest income from loans and receivables	-4	70
Exchange gains	2,413	1,344
Other financial income	34	10
Total	2,443	1,424
Financial expenses
Interest expense from loans and liabilities	-536	-636
Interest expense from lease liabilities	-324	-340
Exchange losses	-4,458	-2,140
Other financial expenses	-349	-1,221
Total	-5,666	-4,337

Other financial expenses in comparative period 2019 include EUR 0.9 million from discounting MWR InfoSecurity deferred consideration to present value.

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

\leftrightarrow

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

9. INCOME TAX

EUR 1,000	Consolidated 2020	Consolidated 2019
Current income tax for the year	-5,911	-2,200
Adjustments for current tax of prior periods	267	492
Change in deferred tax	2,063	826
Total	-3,581	-882

A reconciliation of income tax expense in the income statement and income tax calculated at the parent company's country of residence income tax rate (20%):

Result before taxes	16,457	4,247
Income tax at Finnish tax rate of 20%	-3,291	-849
Effect of overseas tax rates	-349	-474
Effect of changes in tax rates		49
Non-deductible expenses/tax-exempt revenue	19	671
Recognised tax losses		-432
Unrecognised tax losses	-199	-126
Adjustments for prior period tax	267	536
Other	-27	-256
Total	-3,581	-882

10. EARNINGS PER SHARE

Basic earnings per share amounts are calculated by dividing net profit for the year attributable to ordinary equity holders of the parent by the weighted average number of ordinary shares outstanding during the year. Diluted earnings per share amounts are calculated by dividing the net profit attributable to ordinary shareholders by the weighted average number of ordinary shares outstanding during the year adjusted for the effects of dilutive options.

EUR 1,000	Consolidated 2020	Consolidated 2019
Net profit attributable to equity holders from continuing operations	12,875	3,365
Weighted average number of ordinary shares (1,000)	158,082	157,719
Adjusted weighted average number of ordinary shares for diluted earning per share	158,082	157,719
Basic and diluted earnings per share (EUR/share), continuing operations	0.08	0.02

The weighted average number of shares take into account the effect of change in treasury shares.

11. ACQUISITIONS

Group hasn't made acquisitions during 2019 or 2020.

12. GOODWILL

For impairment testing goodwill is allocated to cash-generating units (CGUs). The carrying amount of goodwill EUR 81,944 thousand is allocated to two CGUs:

EUR 1,000	Consolidated 2020	Consolidated 2019
Consulting	54,625	58,651
MDR	27,319	29,747
	81,944	88,398

Goodwill is tested for impairment annually, or more frequently if there are indications that goodwill might be impaired. The recoverable amount for each CGU is determined based on a value in use calculation which uses cash flows for the period determined for the CGU. Cash flows are based on financial budgets and forecasts approved by the Board of Directors. For Consulting forecast period of five years is used and for MDR the forecast period covers following seven years during which the business is expected to achieve steady state. Discount rate for Consulting is 9.9% before taxes and for MDR 13.4% before taxes.

Cash flows beyond forecast period have been extrapolated using steady 2% per annum growth rate for both CGUs. Markets where CGUs operate are expected to grow significantly faster than the terminal growth rate used in impairment testing. Managed detection and response (MDR) market is expected to grow at 20% annually and Consulting at 10.4% annually by 2023.

Sensitivity analysis

The Group has prepared a sensitivity analysis of the impairment tests to changes in the key assumptions which are revenue, profitability, and discount rate. Any reasonably possible changes in the key assumptions in impairment tests would not cause the aggregate carrying amounts exceeding the recoverable amounts.

COVID-19 impacts on goodwill

During second quarter of 2020 the management assessed that due to the impacts of COVID-19 pandemic on cyber security consulting business there is indication that Consulting goodwill might be impaired. Additional impairment testing was carried out at the end of second quarter based on updated long-term forecasts approved by the Board of Directors. Testing resulted in no need for impairment but showed decreased sensitivity in the key assumptions. By the end of the year the sensitivity has returned close to December 2019 level. More frequent forecasting to identify any further indications of goodwill impairment in Consulting or MDR has taken place throughout the financial year.

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

NON-CURRENT ASSETS

EUR 1,000	INTANGIBLE ASSETS					TANGIBLE ASSETS
	Other intangible	Capitalized development	Goodwill	Advance payments & incomplete development	Total	Machinery & equipment	Right of use assets	Other tangible	Total
Acquisition cost Dec 31, 2018	20,874	40,514	90,677	2,145	154,210	14,622		2,964	17,586
Impact of IFRS 16							12,774		12,774
Acquisition cost Jan 1, 2019	20,874	40,514	90,677	2,145	154,210	14,622	12,774	2,964	30,360
Translation difference	338	976	3,968		5,282	144	151	89	384
Additions	38			6,232	6,270	1,496	3,849	1,161	6,507
Transfers		2,799		-2,799				-1	-1
Disposals	-770		-6,246		-7,016	-1,481	-48	-506	-2,035
Acquisition cost Dec 31, 2019	20,481	44,289	88,399	5,579	158,747	14,780	16,727	3,708	35,215
Translation difference	-445	-1,215	-6,455		-8,115	-310	-482	-190	-982
Additions	58			5,887	5,945	1,383	6,787	155	8,325
Transfers		3,967		-3,967		172			172
Disposals	4	-520			-517	-266	-981	-75	-1,322
Acquisition cost Dec 31, 2020	20,098	46,520	81,944	7,499	156,061	15,759	22,051	3,597	41,407
Acc. depreciation Jan 1, 2019	-10,579	-14,573			-25,152	-11,048		-1,363	-12,411
Translation difference	-67	-49			-115	-79		-46	-125
Transfers								1	1
Depreciation for the period	-3,063	-5,952			-9,014	-1,777	-6,478	-683	-8,938
Depreciation of disposals	454				454	1,364	15	474	1,853
Acc. depreciation Dec 31, 2019	-13,254	-20,574			-33,828	-11,540	-6,464	-1,617	-19,620
Translation difference	189	182			371	196	158	85	439
Transfers						-171			-171
Depreciation for the period	-1,932	-4,973			-6,905	-1,616	-6,418	-647	-8,681
Depreciation of disposals	1	260			261	208	433	50	692
Acc. depreciation Dec 31, 2020	-14,996	-25,104			-40,101	-12,924	-12,290	-2,129	-27,343
Book value as at Dec 31, 2019	7,227	23,715	88,399	5,579	124,919	3,240	10,264	2,090	15,595
Book value as at Dec 31, 2020	5,102	21,416	81,944	7,499	115,960	2,835	9,761	1,468	14,064

At the end of 2020 book value of right of use assets consists of buildings EUR 8.6 million (8.5m), cars EUR 1.2 million (1.6m) and machinery EUR 0.0 million (0.1m).

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

INVENTORIES

EUR 1,000	Consolidated 2020	Consolidated 2019
Inventories	74	107

FINANCIAL ASSETS

EUR 1,000	Consolidated 2020	Consolidated 2019
Cash at bank and in hand	51,380	25,427
Trade receivables	38,088	44,222
Loan receivables	2	15
Financial assets at FVTPL	61	66
Total	89,531	69,730

Trade receivables

Ageing of trade receivables
Not fallen due	31,877	31,382
1–90 days past due	7,343	9,855
Over 90 days past due	1,378	5,360
Less provision for bad debt	-2,510	-2,375
Total	38,088	44,222

Movements in the provision for impairment of trade receivables

Book value as at Jan 1	2,375	2,603
Change for the year	806	-153
Receivables written off during the year	-670	-76
Book value as at Dec 31	2,510	2,375

COVID-19 can have an impact on F-Secure's customer's liquidity in short and long term. Although significant risks have not realized during the financial year, management has estimated that impacts may become visible only during longer period as the pandemic prolongs. Thus, expected credit losses under IFRS 9 have been reassessed during the financial year and provision increased slightly to address the increased risk.

Financial assets at FVTPL

EUR 1,000	Consolidated 2020	Consolidated 2019
Fair value as at Jan 1	66	58
Change in fair value	-5	8
Fair value as at Dec 31	61	66
Shares – unlisted	26	26
Funds	35	40
Fair value as at Dec 31	61	66

OTHER RECEIVABLES

EUR 1,000	Consolidated 2020	Consolidated 2019
Non-current receivables
Other receivables	579	573
Current receivables
Other receivables	1,250	1,614
Prepaid expenses	7,511	7,223
Accrued income	3,398	3,451
Accrued income tax	1,477	3,085
Total	13,636	15,373
Material items included in prepaid expenses
Prepaid royalty	2,765	2,826
Grant receivables	-395	-168
Other prepaid expenses	5,141	4,565
Total	7,511	7,223

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

17. SHAREHOLDERS' EQUITY

Issued and fully paid

EUR 1,000	Number of shares	Share capital	Share premium fund	Unrestricted equity reserve	Treasury shares
Dec 31, 2018	157,490,295	1,551	165	6,082	-2,772
Share based payments	296,700			91	631
Dec 31, 2019	157,786,995	1,551	165	6,172	-2,141
Share based payments	404,636			291	853
Dec 31, 2020	158,191,631	1,551	165	6,464	-1,288

The share capital amounted to 1,551,311 euro and the number of shares was 158,798,739 (including own shares 607,108) at the end of 2020. A share has no nominal value. Accountable par value is EUR 0.01.

Share premium fund

Proceeds from exercised warrants were recognized under the share capital and share premium fund until March 26, 2008.

Unrestricted equity reserve

On March 20, 2007, the shareholders' meeting decided to decrease the share premium fund. The decreased amount of 33,582 thousand euro was transferred to unrestricted equity reserve. On March 26, 2008, the shareholders' meeting decided that the total amount of the subscription prices paid for new shares issued after the date of the meeting, based on stock options under the F-Secure Stock Option Plan 2005, be recorded in Company's unrestricted equity reserve.

Translation differences

The translation difference is used to record exchange difference arising from the translation of the financial statements of foreign subsidiaries.

Dividends proposed and paid

Proposed for approval at AGM for financial year 2020 is 0.04 euro per share. For financial year 2019 company decided to not to pay any dividend. For financial year 2018 company decided to not to pay any dividend.

Treasury shares

Treasury shares contains the purchase value of own shares owned by the Group. The cost of acquisition is reported as a deduction in shareholders' equity. The shares have been acquired through public trading on NASDAQ OMX Helsinki. The parent company has not acquired treasury shares during the period. During the financial year parent company's treasury shares have been used for board remuneration according to Annual General Meeting's decision, for incentive programs and for deferred payment of the 2017 acquisition.

The total number of acquired treasury shares was 607,108 at the end of 2020. This represents 0.4% of the Company's voting power on December 31, 2020.

18. SHARE-BASED PAYMENT TRANSACTIONS

During the period Group has had two incentive plans covering the key personnel of the Group. A matching share plan available for all employees came to an end during the period. During the year a restricted share plan was established as a complementary scheme targeted to individually selected key employees.

Share-based incentive programs

During the period the Group had two share-based incentive program. The share-based incentive programs have been established as part of the key employee incentive and retention system within F-Secure Group. The programs offer for the participants a possibility to receive shares of F-Secure Corporation as an incentive reward if the Company's financial targets set for the earning period have been achieved. No reward can be given to any participating employee, whose employment has terminated before the end of the lock-up period.

The share-based incentive program 2017-2019 has been established in October 2017. The program's duration is five years and it comprises three earning periods. Each earning period lasts for three years. The program ends on December 31, 2021. The rewards will be settled in two phases so that one part is settled as equity-settled payment and one part as cash-settled payment. On the basis of the program maximum total of 10,000,000 shares and a cash payment corresponding to the registration date value of the shares shall be given as reward. The Board approves the metrics, targets and participants on annual basis for each earning period.

A new share-based incentive program 2020-2022 was established in February 2020. The program's duration is five years and it comprises three earning periods. Each earning period lasts for three years. The program ends on December 31, 2024. The rewards will be settled as equity-settled payments. The Board approves the metrics, targets and participants on annual basis for each earning period.

A restricted share plan complementing the incentive programs comprises of three earning periods: 2020-2021, 2021-2022 and 2021-2023. On the basis of earning period for 2020-2021 maximum total of shares to be given is 300,000. Maximum total shares to be given is 500,000 on the basis of earning period for 2021-2022 and 500,000 on the basis of earning period for 2021-2023.

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

The participating employee of a share-based incentive program shall be entitled to the shareholder rights of the reward shares (e.g. dividend) from the moment the shares have been entered into the participating employee's book-entry account.

Expense arising from the share-based payment transactions during the period was EUR 801 thousand (EUR 1,826 thousand euros in 2019). The costs of equity-settled transactions are measured by reference to the fair value of the F-Secure Corporation share at the date on which they are granted. Fair value for performance based programs is based on the F-Secure Corporation share price on the grant date. Fair value for market based programs is based on externally accepted valuation methods. The costs of cash-settled transactions are measured by reference to the market price of the F-Secure Corporation share on date of balance sheet. The Group updates the estimate of the number of equity instruments that will ultimately vest at each reporting date.

Matching share plan

During 2018 Group launched a matching share plan which is available to all employees. The first retention period began in February 2018 and the matching share plan was extended in November 2018 with a new retention period. Every participant was eligible to acquire shares worth maximum of 10,000 euros and after first quarter of 2020 F-Secure will give each participant one extra share for each two shares acquired through the plan.

Expense arising from matching share plan was fully booked by the end of 2019. The cost was measured by the fair value of F-Secure Corporation share at the date on which they were granted net of employee's tax obligation.

Impacts of share-based payment transactions on financial statements

EUR 1,000	Consolidated 2020	Consolidated 2019
Booked as expense during the period	801	1,826
Booked in retained earnings during the period	638	1,196
Balance sheet liability at the end of the period	1,412	1,670

19. FINANCIAL LIABILITIES

Interest-bearing liabilities

EUR 1,000	Consolidated 2020	Consolidated 2019
Unsecured liabilities at amortized cost
Bank loans	30,000	31,000
Lease liabilities	9,865	10,329
Total	39,865	41,329
Total interest-bearing liabilities	39,865	41,329
Amount due for settlement within 12 months	15,937	11,877
Amount due for settlement after 12 months	23,929	29,452
Borrowings by currency	EUR	EUR
Bank loans	30,000	31,000
	30,000	31,000

Bank loan of EUR 37,000 thousand was withdrawn on July 2, 2018. Annual repayments according to the financing agreement are EUR 6,000 thousand. Financing agreement includes a Revolving Credit Facility (RCF) for EUR 23,000 thousand. During 2020 EUR 10,000 thousand withdrawal was made from RCF to address any unexpected liquidity challenges due to COVID-19 pandemic. As the Group's cash position remained solid, a repayment of EUR 5,000 thousand was made on the RCF which is presented in short term liabilities.

The bank loans carry variable interest rates. The weighted average interest rates paid during the year were as follows:

Bank loans	1.4%	1.5%

The financing agreement is subject to conventional loan covenants related to ratio of net debt to EBITDA and equity ratio. Group complied with the covenants throughout the reporting period.

日

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

Other financial liabilities

EUR 1,000	Consolidated 2020	Consolidated 2019
Contingent consideration, current		3,680
Total		3,680
Contractual maturities of financial liabilities	Less than 1 year	1 to 2 years
---	---	---
Bank loans	11,000	6,000
Lease liabilities	4,937	2,599
Total financial liabilities	15,937	8,599

Lease liabilities consists mainly of buildings (EUR 8.7 million). Cars are totalling to EUR 1.2 million and the maturity for them is mainly less than 2 years.

20. FINANCIAL ASSETS AND LIABILITIES

Classes and categories of financial assets and liabilities and their fair values

Fair value hierarchy levels 1 to 3 are based on the degree to which the fair value is observable:

Level 1: Fair values of financial instruments are based on quoted prices in active markets for identical assets and liabilities

Level 2: Financial instruments are not subject to trading in active and liquid markets. The fair values of financial instruments can be determined based on quoted market prices and deduced valuation.

Level 3: Measurement of financial instruments is not based on verifiable market information, and information on other circumstances affecting the value of the instruments is not available or verifiable.

	Note	Carrying value					Fair value
		Financial assets		Financial liabilities		Total	Hierarchy level			Total
		FVTPL	Amortized cost	FVTPL	Amortized cost		1	2	3
Cash and bank	15		51,380			51,380
Financial assets at FVTPL	15	61				61		61		61
Bank loans	19				30,000	30,000			30,000	30,000
Trade and other payables	22				4,182	4,182		4,182		4,182

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

General

The goal of risk management is to identify risks that may hinder the Group from achieving its business objectives. The responsibility for the Company's risk management lies with the CEO, the management and ultimately with the Board of Directors. The risks related to the Group's financial instruments are mainly related to credit risks, currency risk and interest rate risk.

Credit risk

The Group trades only with recognized, creditworthy third parties. Receivable balances are monitored and collected on an ongoing basis. The maximum exposure to credit risk at the reporting date is the carrying value of trade receivables. There are no significant concentrations of credit risk within the Group. See note 15. Financial assets.

Liquidity risk

Liquidity risk arises if the Group's existing liquidity reserves, net cash flows and available additional financing are not sufficient to cover commitments falling due within next 12 months. Group manages its liquidity risk by centralizing the management of cash and liquid assets and thereby optimizing the use of liquid funds for operational and refinancing needs. Group Treasury is responsible for monitoring cash balances and cash forecasts to keep liquidity risk at manageable level. The Group has not identified any significant concentrations of liquidity risks in sources of available financing.

Cash and bank balance was at solid level throughout 2020, and at the end of the reporting period the Group held EUR 51.4 million in its bank accounts (EUR 25.4 million euro in 2019). COVID-19 impacted the liquidity risk management during second quarter, and due to unforeseeable uncertainties regarding incoming cash flows the Group withdrew EUR 10 million from its Revolving Credit Facility (RCF) to strengthen short term liquidity. As the pandemic continued and liquidity remained at solid level, a repayment of EUR 5 million was done on the RCF in October. Repayments of the term loan according to the original financing agreement were EUR 6.0 million during 2020.

Foreign currency risk

The Group operates globally and is exposed to a currency risk arising from exchange rate fluctuations against its reporting currency euro. Transaction risk is related to foreign currency transactions in sales and expenses. Translation risk arises from the Group's net investments outside euro zone.

Transaction risk

Majority of sales is invoiced in Euros. Other main currencies for invoicing are GBP, USD and JPY. Currency risk arising from sales invoicing is notably diminished by operational expenses arising in same currencies as the sales invoicing. In order to minimize the impact of the fluctuation of the exchange rates, the Group uses forward currency contracts to eliminate the currency exposure of the estimated cash flow of these currencies. At the end of the reporting period the Group did not have any open currency forward contracts.

	Consolidated 2020	Consolidated 2019
Sales in different currencies	%	%
EUR	61	61
GBP	12	13
USD	12	10
JPY	7	6
SEK	3	3
Other currencies	5	6
	100	100
Derivatives	Consolidated 2020	Consolidated 2019
---	---	---
Currency instruments
Currency forward contract
Nominal value		7,215
Fair value		-15

The carrying Euro amounts of the Group's financial assets and liabilities at the reporting date are as follows:

Financial assets	Consolidated 2020	%	Consolidated 2019	%
EUR	49,737	53	35,833	50
JPY	12,331	13	7,864	11
GBP	10,429	11	8,049	11
USD	9,709	10	9,640	13
Other currencies	11,601	13	10,531	15
	93,808	100	71,917	100
Financial liabilities	Consolidated 2020	%	Consolidated 2019	%
---	---	---	---	---
EUR	32,903	96	40,432	82
GBP	915	3	5,564	11
Other currencies	552	1	3,136	6
	34,370	100	49,133	100

The table below demonstrates how sensitive the Group's profit before taxes is to foreign exchange rate fluctuations when all other variables are held constant. The open exposure against USD, GBP and JPY arising from Group treasury, trade receivables and trade payables have an impact on Group's profit before taxes. In 2019 the contingent consideration from the acquisition of MWR InfoSecurity was also measured in GBP. The sensitivity calculation is based on a change of $10\%$ in the Euro exchange rate against the functional currencies the Group operates in.

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

EUR million	Consolidated 2020	Consolidated 2019
USD	+0.5/-0.4	+/-0.3
GBP	+/-0.1	+/-0.1
JPY	+/-0.1	+/-0.1

Translation risk

Translation risk arises from the Group's net investments in foreign currencies. Most significant translation risks arise from goodwill generated in MWR InfoSecurity acquisition. Main currencies in goodwill are GBP and ZAR. Translation differences also arise from translating Group companies' balance sheets into euros using exchange rates prevailing on the reporting date. Internal loans are granted mainly in subsidiaries' home currencies. According to current policy F-Secure Corporation does not hedge investments made in its subsidiaries.

The table below demonstrates how sensitive the Group's equity is to foreign exchange rate fluctuations when all other variables are held constant. The sensitivity calculation is based on a change of 10% in the Euro exchange rate against the main functional currencies exposing the Group to translation risk.

EUR million	Consolidated 2020
GBP	+7.2/-5.9
ZAR	+3.2/-2.6
DKK	+1.0/-0.8

Interest rate risk

The Group is exposed to interest rate risk due to the term loan withdrawn in July 2018 to finance the acquisition of MWR InfoSecurity and due to Revolving Credit Facility withdrawn in June 2020 to decrease short-term liquidity risk under pandemic. The loans carry a variable interest rate. To manage the risk of interest rate changes the Group is regularly evaluating the need for hedging. The table below demonstrates the sensitivity of Group's profit before taxes to 1% change in interest rate when all other variables are held constant.

EUR million	Consolidated 2020	Consolidated 2019
Interest bearing liabilities, bank loans	+/-0.3	+/-0.3

Capital management

The Group's shareholders' equity is managed as capital. Group's financing agreement has a covenant term related to equity ratio of the Group. The objective of the Group's capital management is to maintain an efficient capital structure that ensures the functioning of business operations, promotes shareholder value and meets with the requirements set in financing agreement. The Group's capital structure is reviewed regularly as a part of financial performance monitoring.

The capital structure can be adjusted among other things by distribution of dividends, share repurchase or capital repayment. The dividend policy of F-secure Corporation is to pay approximately half of its annual profit as dividend. Subject to circumstances, the Company may deviate from its policy.

21. DEFERRED TAX

EUR 1,000	Consolidated 2020	Consolidated 2019
Deferred tax assets relate to following:
Fixed assets	410	510
Accruals and provisions	4,493	3,247
Tax losses carried forward	3,961	2,893
Total	8,864	6,650
Offset against deferred tax liabilities	-4,910	-3,578
Net deferred tax assets	3,954	3,072
Change in deferred tax assets:
Recognized in profit or loss	-2,214	-380
Deferred tax liabilities relate to the following:
Fixed assets	3,404	4,306
Accruals and provisions	2,799	1,735
Available-for-sale financial assets
Total	6,203	6,041
Offset against deferred tax assets	-4,910	-3,578
Net deferred tax liabilities	1,294	2,463
Change in deferred tax liabilities:
Recognized in profit or loss	-162	362

At December 31, 2020 the Group had EUR 19.2 million losses carried forward that are available to be offset against future taxable profits in the companies in which the losses have been generated.

COVID-19 has impacted Group's consulting business in multiple countries generating negative taxable income temporarily in some of the subsidiaries. Management has assessed the capability to utilize the losses against future taxable profits according to the principles of IAS 12 and deferred tax asset has been booked if the criteria is met. As the impacts of COVID-19 can be viewed as temporary, the management expects the subsidiaries to return profitable in the near future and thus have the ability to utilize losses carried forward.

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

OTHER LIABILITIES

EUR 1,000	Consolidated 2020	Consolidated 2019
Non-current liabilities
Deferred tax liability	1,294	2,463
Deferred revenue	23,788	17,560
Other non-current liability	1,550	1,930
Provisions		3,041
Total	26,631	24,994
Current liabilities
Deferred revenue	57,232	56,365
Trade payables	4,182	4,124
Contingent consideration		3,680
Other liabilities	9,080	5,158
Accrued expenses	12,826	16,036
Income tax liabilities	5,656	1,522
Total	88,976	86,885
Material amounts shown under accrued expenses
Accrued personnel expenses	9,120	8,873
Deferred royalty	239	511
Other accrued expenses	3,467	6,651
Total	12,826	16,036
Provisions
Book value as at 1.1.	3,041	1,173
Arising during the year		3,041
Used during the year	-3,041	-1,173
Book value as at 31.12.	0	3,041

Provision booked in 2019 relates to company restructuring.

CONTINGENT LIABILITIES

EUR 1,000	Consolidated 2020	Consolidated 2019
Other liabilities
Others	173	146

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

\leftrightarrow

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

24. RELATED PARTY DISCLOSURES

The Group's related parties include Parent Company and subsidiaries, as well as members of the Board, CEO and members of the Leadership Team.

Compensation of key management personnel of the Group

EUR 1,000	Consolidated 2020	Consolidated 2019
Wages and other short-term employee benefits	2,473	2,562
Share-based payments	357	303
Total	2,831	2,865

Wages and other short-term employee benefits

EUR 1,000	Consolidated 2020	Consolidated 2019
CEO	541	388
Leadership Team	2,172	2,173
Members of the Boards of Directors	293	255
	3,006	2,816

Board of Directors 2020 and Managing Director

EUR 1,000	Wages	Fees	Share-based payment
Juhani Hintikka, Managing Director (1 Nov 2020–)	58
Samu Konttinen, Managing Director (1 Jan–31 Oct 2020)	366		117
Risto Siilasmaa, Chairman of the Board		80
Pertti Ervi		48
Päivi Rekonen		38
Bruce Oreck		38
Tuomas Syrjänen		38
Keith Bannister		38
Robert Bearsby		13
Total	424	293	117

Share-based payments granted to the CEO are presented at the IFRS 2 expense of the share plans. The equity-settled part is measured at the fair value of the F-Secure Corporation share on the date it was granted and cash-settled part at the fair value of the share on the reporting date. The cost is recognized over the period in which the performance conditions are fulfilled (earning period).

The CEO's retirement age and the determination of his pension conform to the standard rules specified by Finland's Employee Pension Act (TYEL). The pension cost of the CEO during the period was 66 thousand euro (67 thousand euro in year 2019). The period of notice for the CEO is six (6) months both ways and CEO is entitled to severance payment equivalent of six (6) months' salary.

SUBSIDIARIES

Name	Country of incorporation	Group (%)
Parent F-Secure Corporation, Helsinki	Finland
DF-Data Oy, Helsinki	Finland	100
F-Secure Inc., Palo Alto	United States	100
F-Secure (UK) Ltd, London	United Kingdom	100
F-Secure KK, Tokyo	Japan	100
F-Secure GmbH, Munich	Germany	100
F-Secure eStore GmbH, Munich	Germany	100
F-Secure SARL, Maisons-Laffitte	France	100
F-Secure BV, Heverlee-Leuven	Belgium	100
F-Secure AB, Stockholm	Sweden	100
F-Secure Srl, Milano	Italy	100
F-Secure SP z.o.o., Warsaw	Poland	100
F-Secure Corporation (M) Sdn Bhd, Kuala Lumpur	Malaysia	100
F-Secure Pvt Ltd, Mumbai	India	100
F-Secure B.V., Utrecht	The Netherlands	100
F-Secure Limited, Hong Kong	Hong Kong	100
F-Secure Pty Limited, Sydney	Australia	100
F-Secure Iberia SL, Barcelona	Spain	100
F-Secure do Brasil Tecnol. da Informacao Ltda, Sao Paulo	Brazil	100
F-Secure Informatica S de RL de CV, Mexico City	Mexico	100
F-Secure Software (Shanghai) Co Ltd, Shanghai	China	100
F-Secure Danmark A/S, Copenhagen	Denmark	100
F-Secure Cyber Security Services Oy, Helsinki	Finland	100
nSense Estonia OÜ, Tartu	Estonia	100
F-Secure Norge AS, Baerum	Norway	100
F-Secure Argentina S.R.L., Buenos Aires	Argentina	100
F-Secure Digital Assurance Consulting Ltd, London	United Kingdom	100
F-Secure Cyber Security Limited, Basingstoke	United Kingdom	100
F-Secure Consulting Pte. Ltd., Singapore	Singapore	100
F-Secure Cyber Security (Pty) Ltd, Johannesburg	South Africa	100
F-Secure Cyber Security Inc, Newark	United States	100
Bytegeist GmbH, Oldenburg	Germany	100

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CORPORATION

INCOME STATEMENT

JAN 1–DEC 31, 2020

EUR 1,000		FAS 2020	FAS 2019
REVENUE	(1)	152,028	140,338
Cost of revenue	(4)	-18,745	-17,642
GROSS MARGIN		133,284	122,697
Other operating income	(2)	9,517	3,705
Sales and marketing	(3, 4)	-72,321	-77,530
Research and development	(3, 4)	-39,678	-36,636
Administration	(3, 4)	-11,181	-14,068
EBIT		19,620	-1,832
Financial income and expenses	(6)	-2,156	7,315
PROFIT (LOSS) BEFORE APPROPRIATIONS AND TAXES		17,464	5,483
Appropriations	(7)	2	4,464
Income taxes	(8)	-2,655	-740
RESULT FOR THE FINANCIAL YEAR		14,810	9,207

日

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CORPORATION

BALANCE SHEET DEC 31, 2020

EUR 1,000		FAS 2020	FAS 2019
ASSETS
NON-CURRENT ASSETS
Intangible assets	(9)	17,564	16,042
Tangible assets	(9)	1,068	1,213
Investments in group companies	(10)	122,963	123,219
Total non-current assets		141,595	140,474
CURRENT ASSETS
Inventories	(12)	74	107
Long-term receivables	(13)	5,330	6,609
Short-term receivables	(13)	46,901	53,374
Deferred tax assets	(11)	3	34
Short-term investments	(14)	26	26
Cash and bank accounts	(15)	35,085	13,553
Total current assets		87,420	73,703
TOTAL ASSETS		229,015	214,177
EUR 1,000	FAS 2020	FAS 2019
---	---	---
SHAREHOLDERS' EQUITY AND LIABILITIES
SHAREHOLDERS' EQUITY (16, 17)
Share capital	1,551	1,551
Share premium	165	165
Treasury shares	-1,288	-2,141
Reserve for invested unrestricted equity	6,464	6,173
Retained earnings	68,811	60,405
Profit for the financial year	14,810	9,207
Total shareholders' equity	90,513	75,359
APPROPRIATIONS
Depreciation reserve	44	46
LIABILITIES
Long-term liabilities (19)	50,911	46,949
Short-term liabilities (19)	87,546	91,822
Total liabilities	138,458	138,771
TOTAL SHAREHOLDERS' EQUITY AND LIABILITIES	229,015	214,177

日

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CORPORATION

CASH FLOW STATEMENT JAN 1–DEC 31, 2020

EUR 1,000	FAS 2020	FAS 2019	EUR 1,000	FAS 2020	FAS 2019
Cash flow from operations			Cash flow from investments
Result for the financial year	14,810	9,207	Investments in intangible and tangible assets	-6,421	-6,726
Adjustments			Investments in subsidiary shares	-3,681
Depreciation and amortization	5,044	5,837	Proceeds from sale of intangible and tangible assets	3	27
Profit / loss on sale of fixed assets	-3	-7	Intercompany loans granted	-4,329	-9,424
Other adjustments	-1,597	317	Intercompany loans repayments	1,446	175
Financial income and expenses	2,156	-7,315	Dividends received	2,938	8,321
Income taxes	2,655	740	Proceeds from subsidiary liquidations	740
Adjustments	8,256	-429
Cash flow from operations before change in working capital	23,066	8,778	Cash flow from investments	-9,305	-7,626
Change in net working capital			Cash flow from financing activities
Current receivables, increase (-), decrease (+)	4,757	2,935	Increase in interest-bearing liabilities	5,000
Inventories, increase (-), decrease (+)	33	288	Decrease in interest-bearing liabilities	-6,000	-6,000
Non-interest bearing debt, increase (+), decrease (-)	4,086	-8,921	Group contributions		7,000
Provisions, increase (+), decrease (-)	-500		Cash flow from financing activities	-1,000	1,000
Cash flow from operations before financial items and taxes	31,442	3,082	Change in cash	21,621	-3,105
Interest expenses paid	-522	-571	Effect of exchange rate changes on cash	-88	-31
Interest income received	362	329	Cash and bank at the beginning of the period	13,553	16,689
Other financial income and expenses	-289	-325
Income taxes paid	933	1,008	Cash and bank at period end	35,085	13,553
Cash flow from operations	31,926	3,521

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

\leftrightarrow

FINANCIAL STATEMENTS F-SECURE CORPORATION

NOTES TO THE PARENT COMPANY FINANCIAL STATEMENTS

Basic information

F-Secure provides cyber security products and services globally for consumers and businesses.

F-Secure Corporation is the parent company of F-Secure Group, incorporated in Finland and domiciled in Helsinki. Company's registered address is Tammasaarenkatu 7, 00180 Helsinki. Copy of consolidated financial statements can be downloaded from www.f-secure.com or can be received from the Company's registered address.

ACCOUNTING PRINCIPLES

The financial statement of F-Secure Corporation has been prepared in accordance with Finnish Accounting Standards (FAS).

Foreign currency translation

Revenue recognition

Revenue is derived from corporate and consumer businesses. Corporate security business revenue includes cyber security products, managed services, and cyber security consulting. Cyber security products comprise endpoint protection solutions (Protection Service for Business, PSB; Business Suite, Cloud Protection for Salesforce, Cloud Protection for Microsoft Office 365), as well as solutions targeted at detecting and responding to advanced attacks (Rapid Detection and Response, RDR and F-Secure Countercept) and vulnerability management (F-Secure Radar and phishing). Consumer security business revenue comes through operator and direct consumer channels, and the main products include F-Secure SAFE, F-Secure FREEDOME, F-Secure SENSE, F-Secure KEY and F-Secure ID PROTECTION.

Endpoint protection solutions and vulnerability management products

Endpoint protection security solutions (PSB, Business Suite for corporate and RDR) are sold to corporate customers by granting the customer access to use the intellectual property during the license period or as Security-as-a-Service. F-Secure delivers the product and provides continuous automated updates against new threats. The software and the accompanied services are highly interdependent and therefore treated as one performance obligation for which revenue is recognized over time on a straight-line basis for the license period.

Consumer customer products and vulnerability management products for corporate customers (Radar and phishing) are treated as Security-as-a-Service as they do not include a license of intellectual property. Revenue is accounted for as a single performance obligation and recognized over time on a straight-line basis for the contract period.

Cyber security consulting services and managed detection and response solutions

Cyber security consulting services are recognized as revenue based on the delivery of the work. For F-Secure managed detection and response solution (F-Secure Countercept) the software and the service are considered as single performance obligation. The customer is granted access to use the intellectual property and the service is provided by F-Secure continuously throughout the contract period. Revenue for managed services is recognized on a straight-line basis for the contract period.

Pensions

Pension arrangement is a local statutory arrangement, which is a defined contribution plan. Contributions to defined contribution plans are recognized in income statement in the period to which the contributions relate. The Company recognizes the disability commitment of TyEL pension plan when disability appears.

Leases

Leases where the lessor retains substantially all the risks and benefits of ownership of the asset are classified as operating leases. Operating lease payments are recognized as an expense in the income statement on a straight-line basis over the lease term. The Company has only operating leases.

Income taxes

Current income taxes are calculated in accordance with the local tax and accounting rules.

Tangible and intangible assets

Intangible assets include intangible rights and software licenses. Tangible and intangible assets are recorded at historical cost less accumulated depreciation, amortization, and possible impairment. Depreciation and amortization is recorded on a straight-line basis over the estimated useful life of an asset. The estimated useful lives of tangible and intangible assets are as follows:

Machinery and equipment	3–8 years
Capitalized development costs	3–8 years
Intangible rights	3–8 years
Intangible assets	5–10 years

Ordinary repairs and maintenance costs are charged to the income statement during the financial period in which they are incurred. The cost of major renovations is included in the assets' carrying amount when it is probable that the Company will derive future economic benefits in excess of the originally assessed standard or performance of the existing asset. Any gain or loss arising on derecognition of the asset (calculated as the difference between the net disposal proceeds and the carrying amount of the asset) is included in the income statement in the year the asset is derecognized.

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

\leftrightarrow

FINANCIAL STATEMENTS F-SECURE CORPORATION

Research and development expenditure

Research expenditure is recognized as an expense at the time it is incurred. Development expenditures are capitalized as intangible assets.

Inventories

Financial assets and liabilities

Cash and cash equivalents in the balance sheet comprise cash at bank and in hand and other highly liquid short-term investments.

F-Secure classifies loans from financial institutions, trade payables and other payables as other financial liabilities which are measured at amortized cost. Financial liabilities are classified as current unless F-Secure has unconditional right to postpone their repayment by at least 12 months from the end date of the reporting period.

Treasury shares

The company has acquired treasury shares in 2008–2011. The purchase price of the shares has been deducted from equity.

Share-based payment transactions

F-Secure provides incentives to employees in the form of equity-settled share-based instruments. Currently the Company has share-based programs.

F-Secure's share-based incentive programs are targeted to the Group's key personnel. The programs are divided into equity-settled and cash-settled part. The cash-settled part is recognized in the income statement over the vesting period with the counter-entry in liabilities. Valuation is initially based on fair value at grant date. On each reporting date the cash-settled part is revalued to fair value and the expense is recognized in the income statement over the vesting period with the counter-entry in liabilities.

Fair value is determined using the market value of the share of F-Secure Corporation. The cumulative expense recognized at grant date is based on the company's estimate of the number of shares that will ultimately vest at the end of the vesting period. F-Secure updates estimated number of shares to be vested at each reporting date. If a person leaves the company before vesting, the reward is forfeited. Equity-settled part is recognized in the equity on vesting date.

Presentation of expenses

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←

→

FINANCIAL STATEMENTS F-SECURE CORPORATION

REVENUE

EUR 1,000	FAS 2020	FAS 2019
Geographical information
Nordic countries	52,494	50,433
Europe excl. Nordics	75,256	72,219
North America	13,005	9,837
Rest of the world	11,273	7,850
Total	152,028	140,338

OTHER OPERATING INCOME

EUR 1,000	FAS 2020	FAS 2019
Rental revenue	189	242
Government grants	1,574	1,149
Other	7,755	2,314
Total	9,517	3,705

Government grants are recognized as income over those periods in which the corresponding expenses arise.

Other operating income includes e.g. gain on sale of fixed assets and rental revenue.

Other operating income includes 1,804 thousand euro profit from liquidation of French subsidiary F-Secure SDC SAS

DEPRECIATION, AMORTIZATION AND IMPAIRMENT

EUR 1,000	FAS 2020	FAS 2019
Depreciation and amortization of non-current assets
Other intangible assets	-1,245	-1,330
Capitalized development	-3,009	-3,821
Intangible assets	-4,253	-5,151
Machinery and equipment	-531	-686
Tangible assets	-531	-686
Total depreciation	-4,784	-5,837
Reduction in value from non-current assets
Capitalized development	-260
Total reduction in value	-260
Total depreciation and amortization	-5,044	-5,837
Depreciation and amortization by function
Sales and marketing	-696	-888
Research and development	-3,954	-4,559
Administration	-394	-390
Total depreciation and amortization	-5,044	-5,837

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CORPORATION

4. PERSONNEL EXPENSES

EUR 1,000	FAS 2020	FAS 2019
Personnel expenses
Wages and salaries	-40,206	-42,344
Pension expenses	-6,369	-7,389
Other social expenses	-1,421	-1,316
Total	-47,995	-51,049
Compensation of key management personnel
Wages and other short-term employee benefits	-2,450	-2,299
Wages and other short-term employee benefits
Managing Directors	-541	-467
Members of the Board of Directors	-293	-255

Wages and other short-term employee benefits of the Board of Directors and Managing Director: see group disclosure 24. Related party disclosures.

The Managing Director's retirement age and the determination of his pension conform to the standard rules specified by Finland's Employee Pension Act (TYEL). The pension cost of the Managing Director over the period was 66 thousand euro (67 thousand euro in year 2019). The period of notice for the Managing Director is six (6) months both ways and Managing Director is entitled to severance payment equivalent of six (6) months' salary.

	FAS 2020	FAS 2019
Average number of personnel	627	625
Personnel by function Dec 31
Consulting and delivery	68	67
Sales and marketing	156	197
Research and development	338	297
Administration	86	73
Total	648	634

5. AUDIT FEES

EUR 1,000	FAS 2020	FAS 2019
Audit fees, PricewaterhouseCoopers	-147	-144
Audit related fees, PricewaterhouseCoopers		-14
Other consulting, PricewaterhouseCoopers	-30	-27
Total	-177	-185

6. FINANCIAL INCOME AND EXPENSES

EUR 1,000	FAS 2020	FAS 2019
Interest income	362	328
Interest expense	-522	-571
Other financial income	18	2
Dividends	55	8,321
Exchange gains and losses	-1,898	-564
Other financial expenses	-173	-201
Total	-2,156	7,315

7. APPROPRIATIONS

EUR 1,000	FAS 2020	FAS 2019
Change in depreciation reserve	2	464
Group contribution		4,000
Total	2	4,464

8. INCOME TAXES

EUR 1,000	FAS 2020	FAS 2019
Income tax for the year	-2,995	-1,007
Adjustments for income tax of prior periods	339	267
Total	-2,655	-740
Result before appropriations and tax	17,464	5,483

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CORPORATION

NON-CURRENT ASSETS

	INTANGIBLE ASSETS					TANGIBLE ASSETS
	Other intangible	Capitalized development	Incomplete development	Advance payments	Total	Machinery & equipment	Other tangible	Total
Acquisition cost Jan 1, 2019	14,111	19,840	2,145		36,095	9,788	5	9,794
Additions	88		6,232		6,320	406		406
Transfers		2,799	-2,799
Disposals	-19				-19	-399		-399
Acquisition cost Dec 31, 2019	14,179	22,638	5,579		42,396	9,795	5	9,801
Additions	149		5,465	422	6,036	385		385
Transfers		3,967	-3,967
Disposals		-520			-520
Acquisition cost Dec 31, 2020	14,328	26,084	7,077	422	47,911	10,180	5	10,186
Acc. depreciation Jan 1, 2019	-8,847	-12,358			-21,203	-8,299		-8,299
Depreciation for the period	-1,330	-3,821			-5,151	-686		-686
Acc. depreciation of disposals						398		398
Acc. depreciation Dec 31, 2019	-10,177	-16,179			-26,354	-8,587		-8,587
Depreciation for the period	-1,245	-3,009			-4,253	-531		-531
Acc. depreciation of disposals		260			260
Acc. depreciation Dec 31, 2020	-11,421	-18,927			-30,348	-9,118		-9,118
Book value as at Dec 31, 2019	4,003	6,460	5,579		16,042	1,208	5	1,213
Book value as at Dec 31, 2020	2,907	7,158	7,077	422	17,564	1,063	5	1,068

日

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CORPORATION

INVESTMENTS IN GROUP COMPANIES

EUR 1,000	Shares in group companies	Total
Book value as at Jan 1	123,219	123,219
Additions	44	44
Decreases	-300	-300
Book value as at Dec 31	122,963	122,963

Decrease of book value in group companies relates liquidation of F-Secure SDC SAS (France).

Name	Country of incorporation	Share of ownership (%)
Parent F-Secure Corporation, Helsinki	Finland
DF-Data Oy, Helsinki	Finland	100
F-Secure Inc., Palo Alto	United States	100
F-Secure (UK) Ltd, London	United Kingdom	100
F-Secure KK, Tokyo	Japan	100
F-Secure GmbH, Munich	Germany	100
F-Secure eStore GmbH, Munich	Germany	100
F-Secure SARL, Maisons-Laffitte	France	98
F-Secure BV, Heverlee-Leuven	Belgium	100
F-Secure AB, Stockholm	Sweden	100
F-Secure Srl, Milano	Italy	100
F-Secure SP z.o.o., Warsaw	Poland	100
F-Secure Corporation (M) Sdn Bhd, Kuala Lumpur	Malaysia	100
F-Secure Pvt Ltd, Mumbai	India	100
F-Secure B.V., Utrecht	The Netherlands	100
F-Secure Limited, Hong Kong	Hong Kong	100
F-Secure Pty Limited, Sydney	Australia	100
F-Secure Iberia SL, Barcelona	Spain	100
F-Secure Informática S. de R.L. de C.V, Mexico City	Mexico	99
F-Secure Danmark A/S, Copenhagen	Denmark	100
F-Secure Argentina SRL, Buenos Aires	Argentina	100
F-Secure Digital Assurance Consulting Ltd, London	United Kingdom	100
F-Secure CyberSecurity Limited, Basingstoke	United Kingdom	100

DEFERRED TAX

EUR 1,000	FAS 2020	FAS 2019
Deferred tax assets
Accruals and provisions	3	34
Total	3	34

INVENTORIES

EUR 1,000	FAS 2020	FAS 2019
Other inventories	74	107

日

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CORPORATION

RECEIVABLES

EUR 1,000	FAS 2020	FAS 2019
Non-current
Receivables from group companies
Loan receivables	5,330	6,609
Total	5,330	6,609
Non-current receivables total	5,330	6,609
Current receivables
Trade receivables	21,477	26,240
Loan receivables	0	6
Other receivables	72	88
Prepaid expenses and accrued income	6,398	7,523
Total	27,947	33,857
Receivables from group companies
Trade receivables	7,940	8,613
Loan receivables	9,507	5,345
Other receivables	1,507	5,559
Total	18,954	19,517
Current receivables total	46,901	53,374
Material items included in prepaid expenses and accrued income
Prepaid royalty	2,765	2,826
Grant receivables	-395	-169
Other prepaid expenses	3,486	4,396
Accrued income	542	469
Total	6,398	7,523

SHORT-TERM INVESTMENTS

EUR 1,000	FAS 2020	FAS 2019
Fair value as at Jan 1	26	26
Fair value as at Dec 31	26	26
Shares – unlisted	26	26
Fair value as at Dec 31	26	26
Original purchase price as at Dec 31	26	26

CASH AND SHORT-TERM DEPOSITS

EUR 1,000	FAS 2020	FAS 2019
Cash at bank and in hand	35,085	13,553

日

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←

→

FINANCIAL STATEMENTS F-SECURE CORPORATION

16. STATEMENT OF CHANGES IN SHAREHOLDERS' EQUITY

Parent Company FAS

EUR 1,000	Share capital	Share premium fund	Treasury shares	Unrestricted equity reserve	Retained earnings	Total equity
Equity Dec 31, 2018	1,551	165	-2,772	6,082	60,405	65,428
Result of the financial year					9,207	9,207
Other change			631	91		723
Equity Dec 31, 2019	1,551	165	-2,141	6,173	69,613	75,359
Result of the financial year					14,810	14,810
Cost of share based payments					-801	-801
Other change			853	291		1,144
Equity Dec 31, 2020	1,551	165	-1,288	6,464	83,622	90,513

17. SHAREHOLDERS' EQUITY

The Company's share capital amounted to 1,551,311 euro and the number of shares was 158,798,739 at the end of the year 2020. See group disclosure 17. Shareholders' Equity.

Treasury shares

See group disclosure 17. Shareholders' Equity.

Distributable shareholders' equity on December 31, 2020

EUR 1,000

Unrestricted equity reserve	6,464
Retained earnings	67,524
Result of the financial year	14,810
Less capitalized development expense	-14,235
Distributable shareholders' equity on December 31, 2020	74,563

18. SHARE-BASED PAYMENT TRANSACTIONS

See group disclosure 18. Share-based payment transactions.

日

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CORPORATION

LIABILITIES

EUR 1,000	FAS 2020	FAS 2019
Non-current liabilities
Deferred revenues	16,026	13,036
Interest bearing liabilities	19,000	25,000
Other liabilities	1,490	2,083
Total	36,516	40,119
Liabilities to the group companies
Cashpool	12,744	5,245
Other liabilities	1,651	1,586
Total	14,395	6,831
Total non-current liabilities	50,911	46,949
Current liabilities
Deferred revenues	39,082	40,294
Trade payables	3,751	3,851
Interest bearing liabilities	11,000	6,000
Other liabilities	2,355	5,068
Accrued expenses	16,770	17,744
Total	72,958	72,957
Liabilities to the group companies
Advance payments	3,747	7,234
Trade payables	8,918	10,791
Other liabilities	1,924	840
Total	14,589	18,865
Total current liabilities	87,546	91,822
Material amounts shown under accruals and deferred income
Accrued personnel expenses	11,048	11,766
Deferred royalty	239	511
Accrued expenses	3,143	3,054
Accrued tax	2,339	488
Restructuring		1,925
Total	16,770	17,744

FINANCIAL RISK MANAGEMENT OBJECTIVES AND POLICIES

See Group disclosure 20. Financial assets and liabilities.

OPERATING LEASE COMMITMENTS

The Group has entered into commercial leases on office space and on motor vehicles. Motor vehicle leases have an average life of three years and office space between two and five years with renewal terms included in the contracts.

Future minimum rentals payable under non-cancellable operating leases as at 31 December are as follows:

As lessee

EUR 1,000	FAS 2020	FAS 2019
Within one year	2,843	2,902
After one year but not more than five years	1,310	1,788
Total	4,153	4,690

CONTINGENT LIABILITIES

EUR 1,000	FAS 2020	FAS 2019
Guarantees for other group companies	112	112
Other liabilities
Others	61	34

Derivatives see Group disclosure 20. Financial assets and liabilities

F-Secure 2020
Board of Directors' Report
Financial statements
Corporate responsibility
Corporate governance

←→

FINANCIAL STATEMENTS F-SECURE CORPORATION

Signatures of the Board of Directors

Helsinki, February 9, 2021

Risto Siilasmaa
Chairman

Pertti Ervi
TUOMAS SYRJÄNEN

Bruce Oreck
Keith Bannister

Päivi Rekonen

Robert Bearsby

Juhani Hintikka
Managing director

Auditors' note

Our auditors' report has been issued today.

Helsinki, February 9, 2021

PricewaterhouseCoopers Oy
Authorized Public Accountants

Janne Rajalahti
Authorized Public Accountant

日

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

AUDITOR'S REPORT

To the Annual General Meeting of F-Secure Oyj

Report on the Audit of the Financial Statements

Opinion

In our opinion

the consolidated financial statements give a true and fair view of the group's financial position and financial performance and cash flows in accordance with International Financial Reporting Standards (IFRS) as adopted by the EU
the financial statements give a true and fair view of the parent company's financial performance and financial position in accordance with the laws and regulations governing the preparation of the financial statements in Finland and comply with statutory requirements.

Our opinion is consistent with the additional report to the Audit Committee.

What we have audited

We have audited the financial statements of F-Secure Oyj (business identity code 0705579-2) for the year ended 31 December 2020. The financial statements comprise:

the consolidated statement of financial position, statement of comprehensive income, statement of changes in equity, statement of cash flows and notes, including a summary of significant accounting policies
the parent company's balance sheet, income statement, cash flow statement and notes.

Basis for Opinion

We conducted our audit in accordance with good auditing practice in Finland. Our responsibilities under good auditing practice are further described in the Auditor's Responsibilities for the Audit of the Financial Statements section of our report.

We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion.

Independence

We are independent of the parent company and of the group companies in accordance with the ethical requirements that are applicable in Finland and are relevant to our audit, and we have fulfilled our other ethical responsibilities in accordance with these requirements.

To the best of our knowledge and belief, the non-audit services that we have provided to the parent company and to the group companies are in accordance with the applicable law and regulations in Finland and we have not provided non-audit services that are prohibited under Article 5(1) of Regulation (EU) No 537/2014. The non-audit services that we have provided are disclosed in note 7 to the Financial Statements.

Our Audit Approach

Overview

Overall group materiality: €1,100,000, which represents 0.5% of consolidated revenue
Audit scope: We have audited parent company and we have performed audit procedures related to three most significant subsidiaries. In addition, we have performed group level procedures over specific consolidated accounts and analytical procedures to assess unusual movements across all entities.
Revenue recognition
Valuation of goodwill
Capitalization of R&D costs

As part of designing our audit, we determined materiality and assessed the risks of material misstatement in the financial statements. In particular, we considered where management made subjective judgements; for example, in respect of significant accounting estimates that involved making assumptions and considering future events that are inherently uncertain.

Materiality

The scope of our audit was influenced by our application of materiality. An audit is designed to obtain reasonable assurance whether the financial statements are free from material misstatement. Misstatements may arise due to fraud or error. They are considered material if individually or in aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements.

Based on our professional judgement, we determined certain quantitative thresholds for materiality, including the overall group materiality for the consolidated financial statements as set out in the table below. These, together with qualitative considerations, helped us to determine the scope of our audit and the nature, timing and extent of our audit procedures and to evaluate the effect of misstatements on the financial statements as a whole.

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

AUDITOR'S REPORT

Overall group materiality €1,100,000 (previous year €1,100,000)

How we determined it

0.5% of consolidated revenue

Rationale for the materiality benchmark applied

The groups profitability has been volatile during the last years due to business combinations related integration costs and amortization, significant investments in both product development and go-to-market strategy. Therefore, we chose revenue as the benchmark because, in our view, it is the benchmark against which the performance of the Group is commonly measured by users and is a generally accepted benchmark. We chose 0.5% which is within the range of acceptable quantitative materiality thresholds in auditing standards.

How we tailored our group audit scope

We tailored the scope of our audit, taking into account the structure of the Group, the accounting processes and controls, and the industry in which the Group operates.

Group operates globally through several legal entities. Group's sales are mainly generated by the parent company and we have audited the parent company as part of our audit of the consolidated financial statements. In addition, we have performed audit procedures related to the three most significant subsidiaries. We have considered that the remaining subsidiaries don't present a reasonable risk of material misstatement for consolidated financial statements and thus our procedures have been limited to targeted audit procedures over significant balances and to analytical procedures performed at Group level.

By performing the procedures above at legal entities, combined with additional procedures at the Group level, we have obtained sufficient and appropriate evidence regarding the financial information of the Group as a whole to provide a basis for our opinion on the consolidated financial statements.

Key Audit Matters

Key audit matters are those matters that, in our professional judgment, were of most significance in our audit of the financial statements of the current period. These matters were addressed in the context of our audit of the financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters.

As in all of our audits, we also addressed the risk of management override of internal controls, including among other matters consideration of whether there was evidence of bias that represented a risk of material misstatement due to fraud.

Key audit matter in the audit of the group

Revenue recognition

Refer to note 2 to the consolidated financial statements for the related disclosures.

In the corporate and direct consumer businesses, license agreements consist of initial license agreements and periodic maintenance agreements. The software and the accompanied services are highly interdependent and therefore treated as one performance obligation for which revenue is recognized over time on a straight-line basis for the license period. In the operator business, most of the license sales are usage-based and booked based on usage reports, but there are also fixed price operator agreements. The terms of these agreements vary significantly, and their revenue recognition is therefore defined case-by-case.

Service revenue, including cyber security consulting and managed services, is recognized at the time of delivery of the service.

Due to materiality and judgment associated with the timing of revenue recognition we have considered timing of revenue recognition as key audit matter in the audit of the Group.

This matter is a significant risks of material misstatement referred to in Article 10(2c) of Regulation (EU) No 537/2014.

How our audit addressed the key audit matter

We evaluated the design and tested the operating effectiveness of certain controls over revenue recognition.

We tested sample of revenue recognized during the year.

We assessed appropriateness of the company's revenue recognition policy and tested sample of revenue agreements to ensure those have been recognized based on contractual terms and based on the company's revenue recognition policy. We have also tested deferred revenue on a sample basis to assess appropriateness of revenue recognition.

In addition, we tested sample of fixed priced agreements.

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

\leftrightarrow

AUDITOR'S REPORT

Key audit matter in the audit of the group

Valuation of goodwill

Refer to note 12 to the consolidated financial statements for the related disclosures.

Goodwill is one of the most significant balance sheet items and amounted € 81,9 million at the balance sheet date. The determination and whether an impairment charge is required involves significant management judgement, including identifying on which cash generating unit level the goodwill is tested and estimating the future performance of the business and the discount rate applied to these future cash flows.

Due to materiality and judgment associated we have considered valuation of goodwill as key audit matter in the audit of the Group.

How our audit addressed the key audit matter

Our audit focused on assessing the appropriateness of management's judgment and estimates used in the goodwill impairment analysis through the following procedures:

We tested the methodology applied in the value in use calculation by comparing it to the requirements of IAS 36, Impairment of Assets, and we tested the mathematical accuracy of calculation;

We evaluated the process by which the future cash flow forecasts are drawn up, including comparing them to the latest Board approved targets and long-term plans

We tested the key underlying assumptions for the cash flow forecasts, including sales and profitability forecasts, discount rate used and the implied growth rates beyond the forecasted period

We compared the current year actual results included in the prior year impairment model to consider whether forecasts included assumptions that, with hindsight, had been optimistic.

We tested whether the sensitivity analysis performed by the management around key assumptions of the cash flow forecast are appropriate by considering the likelihood of the movements of these key assumptions.

Key audit matter in the audit of the group

Capitalization of R&D costs

Refer to note 13 to the consolidated financial statements for the related disclosures.

Company's research and development activities have increased due to focus on the development of new products and product amendments both for corporate and consumer customers.

Capitalization of R&D costs requires use of judgment as capitalization requires estimating technical and economical feasibility of the product developed. In addition, there is judgement involved in assessing recoverability of capitalized R&D costs as future cash flows generated by these intangible assets needs to be estimated.

Due to materiality and judgment associated with capitalization of R&D costs, we have considered capitalization of R&D as key audit matter in the audit of the Group.

How our audit addressed the key audit matter

We assessed appropriateness of the company's R&D capitalization policy.

We evaluated the design and operating effectiveness of controls over R&D capitalization.

We assessed whether capitalization criteria for R&D projects are met.

We tested a sample of invoices and personnel related costs capitalized during the year.

We evaluated the relevant assumptions used in the impairment testing of intangible assets, focusing on the reasonableness of the forecasted economic information.

We tested the accuracy of the management's earlier estimates by performing subsequent review.

We have no key audit matters to report with respect to our audit of the parent company financial statements.

There are no significant risks of material misstatement referred to in Article 10(2c) of Regulation (EU) No 537/2014 with respect to the parent company financial statements.

56
AUDITOR'S REPORT

F-Secure 2020 Board of Directors' Report Financial statements Corporate responsibility Corporate governance $\leftarrow \rightarrow \leftarrow$

Responsibilities of the Board of Directors and the Managing Director for the Financial Statements

The Board of Directors and the Managing Director are responsible for the preparation of consolidated financial statements that give a true and fair view in accordance with International Financial Reporting Standards (IFRS) as adopted by the EU, and of financial statements that give a true and fair view in accordance with the laws and regulations governing the preparation of financial statements in Finland and comply with statutory requirements. The Board of Directors and the Managing Director are also responsible for such internal control as they determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error.

In preparing the financial statements, the Board of Directors and the Managing Director are responsible for assessing the parent company's and the group's ability to continue as a going concern, disclosing, as applicable, matters relating to going concern and using the going concern basis of accounting. The financial statements are prepared using the going concern basis of accounting unless there is an intention to liquidate the parent company or the group or to cease operations, or there is no realistic alternative but to do so.

Auditor's Responsibilities for the Audit of the Financial Statements

Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor's report that includes our opinion. Reasonable assurance is a high level of assurance but is not a guarantee that an audit conducted in accordance with good auditing practice will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements.

As part of an audit in accordance with good auditing practice, we exercise professional judgment and maintain professional skepticism throughout the audit. We also:

Identify and assess the risks of material misstatement of the financial statements, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control.
Obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the parent company's or the group's internal control.
Evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by management.
Conclude on the appropriateness of the Board of Directors' and the Managing Director's use of the going concern basis of accounting and based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the parent company's or the group's ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in our auditor's report to the related disclosures in the financial statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of our auditor's report. However, future events or conditions may cause the parent company or the group to cease to continue as a going concern.
Evaluate the overall presentation, structure and content of the financial statements, including the disclosures, and whether the financial statements represent the underlying transactions and events so that the financial statements give a true and fair view.
Obtain sufficient appropriate audit evidence regarding the financial information of the entities or business activities within the group to express an opinion on the consolidated financial statements. We are responsible for the direction, supervision and performance of the group audit. We remain solely responsible for our audit opinion.

We communicate with those charged with governance regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit.

We also provide those charged with governance with a statement that we have complied with relevant ethical requirements regarding independence, and to communicate with them all relationships and other matters that may reasonably be thought to bear on our independence, and where applicable, related safeguards.

From the matters communicated with those charged with governance, we determine those matters that were of most significance in the audit of the financial statements of the current period and are therefore the key audit matters. We describe these matters in our auditor's report unless law or regulation precludes public disclosure about the matter or when, in extremely rare circumstances, we determine that a matter should not be communicated in our report because the adverse consequences of doing so would reasonably be expected to outweigh the public interest benefits of such communication.

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

\leftrightarrow

57 AUDITOR'S REPORT

Other Reporting Requirements

Appointment

We were first appointed as auditors by the annual general meeting on 7 April 2016. Our appointment represents a total period of uninterrupted engagement of five years.

Other Information

The Board of Directors and the Managing Director are responsible for the other information. The other information comprises the report of the Board of Directors and the information included in the Annual Report but does not include the financial statements and our auditor's report thereon. We have obtained the report of the Board of Directors prior to the date of this auditor's report and the Annual Report is expected to be made available to us after that date.

Our opinion on the financial statements does not cover the other information.

In connection with our audit of the financial statements, our responsibility is to read the other information identified above and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the audit, or otherwise appears to be materially misstated. With respect to the report of the Board of Directors, our responsibility also includes considering whether the report of the Board of Directors has been prepared in accordance with the applicable laws and regulations.

In our opinion

the information in the report of the Board of Directors is consistent with the information in the financial statements
the report of the Board of Directors has been prepared in accordance with the applicable laws and regulations.

If, based on the work we have performed on the other information that we obtained prior to the date of this auditor's report, we conclude that there is a material misstatement of this other information, we are required to report that fact. We have nothing to report in this regard.

Helsinki 9 February 2021

PricewaterhouseCoopers Oy

Authorised Public Accountants

Janne Rajalahti

Authorised Public Accountant (KHT)

2020 Board of Directors' Report Financial statements

Corporate responsibility Corporate governance

Statement of corporate responsibility

F-SECURE EXISTS TO BUILD TRUST IN SOCIETY AND TO KEEP PEOPLE AND BUSINESSES SAFE

In the digital and connected world we currently live in, targeted online attacks and cyber crime have the ability to seriously damage global businesses, result in losses of hundreds of millions of Euros, and even cause human suffering.

2020 was not only the year of COVID-19, but also the year of cyber attacks exploiting the pandemic. In addition to costing close to 2 million lives, the COVID-19 Pandemic devastated economies and reshaped how societies and institutions operate, and even how people and companies use technology. While the pandemic was disrupting lives and organizations' operations and remote working became the new normal, cyber criminals moved quickly to capitalize on the fear and confusion it spread with phishing and ransomware attacks.

As a cyber security company, F-Secure secures the world around us. For over 30 years, we have been committed to helping people and businesses fight cyber threats. We believe that by improving our customers' security, resilience, and the sustainability of their digital lives or businesses through our core business and everyday actions we play a vital role in ensuring the functioning of the modern society, and help to maintain trust between people and organizations.

At F-Secure, we want to do what is right. Trust ensures we will succeed in our mission. Trust is earned when action matches words. Everyone working for F-Secure has a critical role in building and maintaining the trust in the eyes of each other and earning the trust of our customers.

F-Secure's Code of Conduct reflects the company's business culture for highest standards of ethical conduct, sets clear expectations on the business conduct and provides guidance for critical risk areas. It guides us on everything we do. The Code of Conduct is available at F-Secure's webpages https://www.f-secure.com/en/investors/governance

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

\leftrightarrow

\rightarrow

STATEMENT OF CORPORATE RESPONSIBILITY

F-SECURE'S BUSINESS MODEL AND VALUE CREATION

By combining sophisticated technology with machine learning and human expertise, F-Secure provides a comprehensive offering of security products and cyber security services. For businesses, we offer vulnerability scanning and management solutions, endpoint protection products, detection and response solutions, as well as comprehensive security and risk assessment services for top management, and technical consulting. For consumers, we offer security and privacy solutions for all connected devices. As proven by several independent research institutions, our products and services provide our customers best-in-class security. E.g. F-Secure's Detection and Response solutions achieved excellent scores also in the second round of MITRE ATT&CK evaluation, and the endpoint protection products for consumers and businesses have regularly gotten highest scores in AV-Test's security tests.

We offer our products and services to defend thousands of companies and millions of people around the world through our network of about 200 telecommunication operators and thousands of IT service and retail partners. With our partner-led business model, trust has always been a cornerstone of all our operations.

In our industry, it is critical that appropriate care is taken when handling customer information. Respecting customer privacy is an integral part of our company culture. All F-Secure employees commit to protecting the confidentiality of customer data.

Protecting the digital world, our employees, and sustainable growth

The three focus areas for F-Secure's corporate responsibility are:

WE VALUE OUR EMPLOYEES

Securing the right competencies and constant development

Ensuring equality, equal opportunity and diversity

Ensuring the wellbeing of employees

WE SECURE TRUST IN DIGITALITY

Protecting people against cyber threats and supporting the fight against online crime

Taking action to enhance cybersecurity in society

Protecting personal data

WE RESPECT THE PLANET

Reducing energy consumption from IT operations

Reducing energy consumption and waste in our offices

Travelling sensibly

We have always put a strong emphasis on shared core values: integrity, commitment, and excellence. These values are also driving our Corporate Responsibility and its three focus areas. We are committed to continuously improving the wellbeing of our employees, decreasing our carbon footprint through energy efficiency and other sustainable practices, and ensuring technology is not turned against the society.

There are specific F-Secure guidelines and policies for each area. The foundation of all activities is our Code of Conduct; it guides everything we do, and reflects the company's culture for highest standards of ethical conduct. F-Secure suppliers and partners are also expected to act responsibly and comply with the principles set in the Code of Conduct.

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

STATEMENT OF CORPORATE RESPONSIBILITY

SOCIAL RESPONSIBILITY AND TREATMENT OF EMPLOYEES:

We value our employees

Focus area key aspects

Securing the right competencies and constant development

Ensuring equality, equal opportunity and diversity

Ensuring the wellbeing of employees

F-Secure employs ca. 1,700 security experts, product developers, sales & marketing professionals and other experts globally. We recruit the best minds in the industry while focusing relentlessly on growing the next generation of cyber security professionals. Consultants, developers, engineers, researchers, specialists and everyone who shares our values is welcome to F-Secure. Our experts strive to disrupt the industry every day. Their research-led approach, victories in hacking contests, and key notes at conferences win respect around the globe. This gives us our edge over the competition and, more importantly, attackers.

F-Secure emphasizes the importance of fellowship and shared values. We strive to ensure employee wellbeing, a healthy work-life balance, and equality and equal opportunities for our people. In our rapidly evolving industry, the company must also be prepared to help its employees to continuously learn new skills.

People Operations & Culture team is responsible for developing people management processes, tools, and ways of working. To measure success, the company conducts a Fellow Survey, including an Employee Net Promoter Score (eNPS), among staff to measure employee loyalty, productivity and wellbeing biannually. The company's Leadership Team is responsible for following up on the results of the Fellow survey and ensuring corrective action plans are developed.

2020:

During the first half of 2020, F-Secure's overall Employee Net Promoter Score (eNPS) developed very positively (33). The Covid-19 pandemic had accelerated the adoption of several 2020 Future of Work initiatives related to more flexible working.

Key performance indicator for overall employee wellbeing

Employee Net Promoter Score

1) Key performance indicator of overall wellbeing. The Employee Net Promoter Score (eNPS) measures employee satisfaction by asking people how likely it is that they would recommend F-Secure as an employer. The score is derived by deducting the share of employees giving low scores (0 to 6, "detractors") from the share of employees giving high scores (9 to 10, "promoters"). Scores from 7 to 8 are considered neutral.

Securing the right competencies and continuous development

We constantly strive to attract candidates and retain fellows with the right skills and competences and enable professional development through on-the-job learning. We aim to create the best possible environment for our employees to thrive in regardless of whether they work at the office or remotely.

Successful talent acquisition is crucial for F-Secure's business. Our aim is to ensure that we hire the best professionals whose skills and competences that are in line with F-Secure's business objectives, culture and values. Our globally operating recruitment team guides managers to ensure consistency and equal treatment of candidates, as well as to always provide candidates a positive experience when applying for a job.

After recruitment, the responsibility for competence development lies both with the individual employees and their line managers, as well as with the management team of the employee's unit. Our

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

\leftrightarrow

\rightarrow

STATEMENT OF CORPORATE RESPONSIBILITY

internal development and training guidelines address the roles and responsibilities as well as practices related to learning and personal development.

F-Secure has a number of global and local learning and development programs available for both managers and employees including:

Leadership and managerial work development modules
Network mentoring and internal mentoring programs
Cyber security competence development
Education and development programs for sales
Country specific Graduate programs
Site-specific coaching and supporting services

2020:

Despite the challenges posed by the COVID-19 pandemic, F-Secure's Leading Performance reform has progressed as expected. The target of the process is to enable rolling objective setting and continuous feedback to create a high performance culture.

The 2020 annual voluntary attrition rate across F-Secure was 11.8%, which is on industry level both for consulting and technology companies. (13%).

Voluntary attrition rate

1) Voluntary attrition = Number of voluntary leavers over the period/average headcount over the period. In 2020, end of e.g. fixed-term contracts previously reported in "Voluntary" category were moved to a new category "Other"

Ensuring equality, equal opportunity and diversity

Treating every employee fairly and with respect is a fundamental part of the F-Secure company culture. Everyone is valued, supported and encouraged to participate. We embrace individuality and value characteristics that make people unique, without bias towards nationality, gender, age differences, sexual orientation or disabilities.

F-Secure is a very diverse workplace. We employed 74 different nationalities by the end of 2020, a significant part of which are also represented at the company headquarters.

We know that diverse mix of backgrounds, expertise and genders contribute to a more open working atmosphere, better discussion and decision making. We assess individuals based on competence, skills and achievements. Equality, non-discrimination and fairness are key principles in recruitment, compensation and advancement at F-Secure.

In South Africa's Broad-Based Black Economic Empowerment program (BBBEE), F-Secure is partnering with Masibambisane Empowerment Trust, and focusing on development projects with the Rays of Hope graduate programs on cyber and technical skills. To support gender equality in our industry, we support and promote initiatives to encourage women to pursue a career in technology and cyber security.

Share of women, of total employees

Share of women, of managers 1)

1) Including all line managers

2020:

At the end of 2020, the total headcount had decreased with 18 employees (1%) compared to year end 2019. The share and number of both female managers and female employees continued their increase; at the end of 2020, 24% of F-Secure's total workforce and 24% of managers were female.

A new global Diversity & Inclusion role was established at F-Secure, initially focusing on mapping the current situation and building a roadmap to ensure the right D&I principles are in place and aligned with F-Secure company culture.

F-Secure took part in the Plan International's global Girls Takeover campaign as one of the eight invited institutions and companies from Finland whose work can help promote equality in technology. The 2020 campaign highlighted the impact of technology on the position and future of girls.

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

\leftrightarrow

\rightarrow

STATEMENT OF CORPORATE RESPONSIBILITY

Ensuring the wellbeing of employees

We want to ensure the wellbeing of each employee and aim to continuously improve our culture where all our employees can work to their full potential, both in mind and body.

In most countries we provide at least basic health care services to employees, but practices vary locally depending on the market practices. In certain regions, employees are provided with additional sports benefits, and extended health care services according to local practices. Also, in some locations there are additional benefits such as the possibility for massage or for arranging a caretaker for a sick child.
In ensuring the wellbeing of employees, F-Secure emphasizes the importance of good leadership in addition to a preventative approach to health care. F-Secure supports flexible working hours and the possibility of working remotely, and offer voluntary wellbeing lectures and training for both employees and managers.

2020:

The COVID-19 pandemic had a big impact on how we work at F-Secure. The whole company quickly transitioned to remote working in March 2020. To reduce the physical burden of working from home, ergonomic guidance was provided and employees were able to take their work equipment, such as monitors, to their home offices.

A special employee wellbeing survey to map the effect on Covid-19 and remote work was conducted in May 2020. 84% of respondents stated their productivity had stayed the same or increased while working remotely, and 66% responded their stress levels had either stayed the same or decreased. Long term remote working can also cause wellbeing related problems. In 2020 we organized webinar series around wellbeing at work, and will keep monitoring the effects of long term remote working on our employees regularly.

F-Secure closely monitors employee sick leaves. In case of longer sick leaves, the company supports employees, and assists them in returning back to work.

2020:

The relative sick leave percentage* (3%) was about the same as in 2019 and on an industry average in Finland. Number of short sick leaves decreased dramatically: 1–3 days by 26% and 4–10 days by around 30%. The number of long, unpaid sick leaves increased significantly, but the reasons for leaves varied. Focused actions have subsequently been taken to actively support both physical and mental employee wellbeing.

Sick leave percentage is the average amount of sick days per employee. The figure includes personnel in Finland only, which represents 41% of total employees.

2020:

Wellbeing from helping others. F-Secure has traditionally supported local societies with various charity initiatives. In addition to annual donations, in 2020 we launched a global initiative where all F-Secure employees were given the opportunity to help others and spend up to one working day in a selected charity.

Focus area key policies and guidelines

Code of conduct
Recruitment Policy
Leading performance framework
Development and training guidelines
Equality plan
Harassment prevention policy

Protecting people's security and privacy with integrity

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

STATEMENT OF CORPORATE RESPONSIBILITY

←

PROTECTING HUMAN RIGHTS AND SUPPORTING THE FIGHT AGAINST ONLINE CRIME:

Securing trust in digitality

Key aspects

Protecting people against cyber threats and supporting the fight against online crime
Taking action to enhance cyber security in society
Protecting personal data

Humanity is faced with unprecedented challenges. To solve the root causes of these challenges radical technological innovation is needed. F-Secure has driven innovations in cyber security for over three decades. We secure thousands of businesses, and millions of people wake up every day knowing they can rely on our high standards and uncompromised integrity. The world's top financial institutions count on us to battle cyber-attacks. We secure factories, power grids, and vital telecommunication infrastructure.

Our sophisticated technology combines the power of machine learning with the human expertise of our world-renowned security labs. From decades of experience stopping advanced cyber-attacks, we've developed a passion for taking on the world's most potent cyber threats. This teaches us how attackers defeat defenders. With these insights, we've pioneered threat hunting and been at the forefront of the movement away from traditional forensics to continuous real-time response.

Protecting people and businesses from cyber attacks

Cyber criminals never let a global crisis go to waste. Every world event is the perfect storm when trying to create a context to trap user with the purpose of extortion or theft. COVID-19 was no exception with so many countries impacted and so much information being produced on the subject while companies were challenged to rapidly and securely enable remote work for as many employees as possible. During 2020 we witnessed COVID-19 related phishing scams, elaborate ransomware campaigns against major corporations, increased attacks against cloud infrastructure and attacks targeting COVID-19 vaccine research.

During the lockdown period in spring we also saw an increase in stalkerware, a worrying trend we want to combat. Therefore, we joined the "Coalition against Stalkerware" where we provide insights and malware analysis to advocacy groups, software developers, security firms, media and victims working to eliminate this new threat. We also provided free threat intelligence to help authorities and the healthcare sector fighting cyber attacks and

offered journalists during World Press Freedom Day free F-Secure FREEDOME VPN licenses to support the freedom of the press.

F-Secure Labs invests yearly thousands of man-days to provide free research and tools to improve products' security and businesses cyber resilience. Our research led to e.g. Microsoft implementing detection controls in Azure in direct response to a tool we published, the UK Government awarded us a research grant for autonomous vehicle security and we were invited to participate in several industry forums as well as collaborating with national authorities.

Protecting people's security and privacy with integrity

F-Secure applies strict security measures to protect the personal data of the users of our solutions. We seek to protect our users' privacy, not to sell it. All F-Secure products and services are produced independent of governmental direction.

We recognize that there is an imbalance between the defenders of fair practices and human rights, and online criminality and the offensive capabilities of nation state threat actors. To level the playing field, F-Secure refuses to introduce backdoors in our products and will detect malware no matter what the source is.

In 2020, both the first court and court of appeal in Finland made a ruling in favor of F-Secure regarding how the police can request FREEDOME data from F-Secure. Both court instances confirmed our interpretation of the law; F-Secure has helped and will continue helping law enforcement to fight against serious crimes, but will request police authorities to follow the legal way through a court warrant to obtain data. We want to protect our customers' right for privacy and protect them against illegal surveillance and are committed to our law-abiding customers – whether normal citizens, human rights activists or investigative journalists.

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

\leftrightarrow

STATEMENT OF CORPORATE RESPONSIBILITY

Operating with highest ethical standards

F-Secure exists to build trust in society and to keep people and businesses safe. Trust is earned only when action matches words. We offer our products and services to defend thousands of companies and millions of people around the world through our network of around 200 telecommunication operators and thousands of IT service and retail partners. With our partner-led business model, trust has always been a cornerstone of all our operations.

F-Secure works responsibly with malware and offensive techniques:

Clear criteria for categorizing threats and classifying potential unwanted applications.
Strict rules for handling and analyzing malicious content.
Cooperation with authorities to ensure the safety of the general public, assisting investigations into online crime that bring criminals into justice.
Security assessments are conducted only with customers' permission and within agreed scope.
In our work, we may create offensive code, but only do so with the intention to secure and benefit our customers and digital safety of the society.
Coordinated vulnerability disclosure policy and a vulnerability reward program.

Everyone at F-Secure must apply the highest standards of ethical conduct.

We do not make or accept any bribes or other improper payments.
We never engage in fraudulent practices.
We do not give or accept gifts or hospitality over the appropriate limits.
We do not endorse or provide financial support to individual political parties.
When conducting business with any governmental body, we carefully abide by all applicable regulations and ethical standards.
We do not tolerate any form of bribery, corruption or fraudulent practices by our partners or any parties acting on our behalf.

The Code of Conduct guides everyone at F-Secure to ethical conduct. We have also issued a specific Anti-Bribery Policy that applies to all employees. It defines the rules to be applied related to gifts, hospitality, travelling and accommodation, specific terms concerning governmental officials, as well as the process for escalation as needed. Ethical business practices are also emphasized in contracts and the company engages in continuing dialogue with relevant stakeholders.

2020:

F-Secure published a statement based on the UK Modern Slavery Act, setting a clear signal against slavery and servitude, forced or compulsory labor and human trafficking in its value chain.

Focus area key policies and guideline include:

Code of conduct

Cyber Security Principles

Risk Management Principles

Lifecycle security Policy

Personal data policy

Vulnerability Reward Program

Export Control Policy

Anti-Bribery policy

Modern Slavery Statement

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

\leftrightarrow

STATEMENT OF CORPORATE RESPONSIBILITY

ENVIRONMENTAL MATTERS:

Respect for the planet

Key aspects:

Reducing energy consumption from IT operations
Reducing energy consumption and waste in our offices
Travelling sensibly

F-Secure acknowledges climate change and other environmental impacts are both global as well as local concerns, and strive to minimize our environmental footprint. We are committed to working in an environmentally responsible and efficient manner, and expect our partners and suppliers to do the same.

As stated in the F-Secure Code of Conduct, our approach to environmental challenges emphasizes the importance of precaution.

We aim to continuously increase the energy efficiency of the company as well as to reduce the amount of waste and emissions produced by our operations.
We encourage the use of environmentally friendly technologies, tools and services in the research and development of our products and services.
We aim to reduce the environmental impact of our global operations by connecting people from different locations through technology and choosing environmentally friendly means of travelling.
We provide local guidelines and support for employees to move from private cars to public transportation and bicycles for their commute.

As F-Secure's business activities involve the development, production and delivery of software and professional services, our environmental footprint derives primarily from the use of electricity for office activities as well as the use of electricity from IT operations.

To evaluate our success in limiting our environmental impact, F-Secure conducts an annual energy review to estimate our total direct consumption of electricity at company level.

Reducing the energy consumption of IT operations

F-Secure uses both private servers and third-party cloud platforms to develop and run its services. With third-party cloud platforms, F-Secure mainly partners with Amazon Web Services (AWS) as well as Microsoft Azure.

The transition to third-party provided servers increased the company's overall energy efficiency and lower total consumption, as third-party providers are running the more energy-efficient servers. Consumption data for these is not available, as electricity costs are part of the overall service contract. Our main service partners Microsoft Azure and AWS have publicly committed to reducing their carbon footprints; both are committed to operating in the most environmentally friendly way possible, and estimate achieving 100% renewable energy usage in 2025.

In co-location facilities, we are able to directly measure our electricity consumption on a monthly basis. F-Secure utilizes server hardware with good energy efficiency (Energy Star), and some of the server facilities were already operating on 100% renewable energy in 2020. In 2020, the energy consumption of our servers in Finland dropped by 27% compared to 2019.

2020:

F-Secure continued outsourcing the company's server activity globally as planned, further decreasing the company's energy consumption compared to using its own servers. By the end of the year, the outsourcing was at 80% of the target level.

Reducing energy consumption and waste in our offices

F-Secure has offices in 25 locations globally. The majority of operations are concentrated in Helsinki in Finland, London in the UK, Kuala Lumpur in Malaysia, Poznan in Poland and Johannesburg in South Africa.

The company rents office facilities from local real estate providers. Typically a lease agreement includes service charges for electricity and heating, as well as handling of a limited amount of waste generated by office activities. All waste is primarily recycled according to local practices. Hazardous waste consists solely of batteries, which are disposed of at suitable recycling points. Electronic waste is recycled carefully and, as appropriate, with careful attention to ensuring that confidential waste is

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

STATEMENT OF CORPORATE RESPONSIBILITY

specifically managed. Confidential paper waste is also managed with special care.

2020:

F-Secure continued to roll out the environmental impact improvement program. In 2020, the annual office energy consumption decreased by 33%, one contributing factor being the increase in remote working.

Electricity consumption, MWh

Co-location servers 1)
Offices 2)

1) The electricity consumption includes F-Secure servers in Finland
2) The electricity consumption includes vast majority of F-Secure's offices globally. Increase in electricity consumption in 2019 was due to the fact that for the fiscal year 2019 all acquisition related offices from MWR InfoSecurity were been fully taken into account, whereas in 2018 due to the timing of the acquisition, consumption of these premises was included only for H2-2018.

Travelling sensibly

F-Secure's Travel policy aims to reduce the environmental impact of travelling, and minimizing energy consumption and emissions by choosing environmentally friendly means of travelling. The policy requires a pre-approval of employee travels, and encourages employees to use online conferencing tools when collaborating with our internal and external stakeholders. CO2 emissions from work related travelling are tracked across all European offices, covering a clear majority of the company's employees. We aim to include data from more offices as it becomes available, and look into for carbon compensation options with selected airlines in 2021.

2020:

F-Secure reacted swiftly to the COVID-19 pandemic and shifted to remote working in March 2020. Virtually all travel was also suspended. This had an immediate effect on emissions for 2020, which dropped to 413,598 Carbon CO2e (DEFRA) (kg/unit), a quarter of the 2019 level.

Focus area key policies and guidelines

Code of conduct
Travel policy
Recycling policy
Environmental friendly, country specific transportation policies

Helsinki, 9 February 2021

F-Secure Corporation
Board of Directors

Risto Siilasmaa

Pertti Ervi

Bruce Oreck

Päivi Rekonen

Tuomas Syrjänen

Keith Bannister

Robert Bearsby

President and CEO

Juhani Hintikka

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

\leftrightarrow

CORPORATE GOVERNANCE

F-SECURE'S CORPORATE GOVERNANCE STATEMENT 2020

Corporate Governance at F-Secure

F-Secure's corporate governance practices are based on applicable Finnish laws, the rules of Helsinki Stock Exchange (NASDAQ Helsinki Oy) and the regulations and guidelines of Finnish Financial Supervisory Authority as well as with the company's Articles of Association. This statement has been prepared in accordance with the Finnish Corporate Governance Code 2020 (publicly available at http://cgfinland.fi/en/) issued by the Securities Market Association of Finland.

Up-to-date information about F-Secure's governance is available on the company's website at https://www.f-secure.com/en/investors.

Governing bodies

F-Secure's highest decision-making body is the General Meeting of Shareholders which elects the members of the Board of Directors. The Board of Directors is responsible for the administration of F-Secure Corporation and appropriate organization of its operations. The Board of Directors appoints the CEO. The CEO, assisted by the Leadership Team, is responsible for managing the company's business and implementing its strategic and operational targets.

General Meeting of Shareholders

Under the Limited Liability Companies Act, shareholders exercise their decision-making power at the General Meeting.

The General Meeting is normally held once a year as an Annual General Meeting (AGM). The AGM decides on matters stipulated by the Articles of Association and the Limited Liability Companies Act, including:

adoption of the Financial Statements
distribution of profit for the year
discharging the members of the Board of Directors and the CEO from liability
selection of members of the Board the decision on the remuneration of the Board members
approval of the Remuneration Policy and the Remuneration Report
election of the auditor and the decision on the auditor's remuneration, and
other proposals submitted to General Meeting

Each share carries one vote in the General Meeting.

A shareholder may propose items to be included on the agenda provided they are within the authority of the meeting, and the Board of Directors has received the request in advance in accordance with the set schedule. The invitation to the AGM is

published as a stock exchange release and is made available on the company's website.

2020:

The AGM was held on 12 May 2020 in the company's headquarters in Helsinki.

The resolutions and the meeting minutes of the AGM are available on F-Secure's website.

Board of Directors

The Board of Directors is responsible for the administration of F-Secure Corporation and appropriate organization of its operations. The Board's operations, responsibilities and duties are based on the Finnish Companies Act and other applicable legislation and are supplemented by the Board Charter. These cover the following main areas:

approving the strategy of F-Secure, overseeing its operations and annual budgets
appointing and dismissing the CEO
approving any major investments, acquisitions, changes in corporate structure or other matters that are significant or far-reaching
ensuring that the supervision of the company's accounting and financial management is duly organized
ensuring that internal control and risk management systems are in place
approving personnel policies and rewards systems
preparing matters to be handled at the General Meeting

The Board of Directors meets as frequently as necessary and according to the Board Charter at least five times during its term. The Board of Directors has quorum when more than half of the members are present. An annual self-assessment is carried out by the Board to evaluate its operations. The Board of Directors primarily strives at unanimous decisions. If a decision cannot be made unanimously, the decision will be made by voting and

External control

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

CORPORATE GOVERNANCE

Members of the Board of Directors and the Committees

Members	Independence of the company	Independence of major shareholders	Board (Meeting attendance)	Audit Committee (Meeting attendance)	Personnel Committee (Meeting attendance)
Risto Siilasmaa	Yes	No^{1)}	Chairman (15/15)		Chairman/Member^{3)} (4/4)
Pertti Ervi	Yes	Yes	Member (15/15)	Chairman (5/5)
Bruce Oreck	Yes	Yes	Member (14/15)		Member (3/4)
Päivi Rekonen	Yes	Yes	Member (15/15)	Member (2/2)^{4)}	Chair/Member^{3)} (4/4)
Tuomas Syrjänen	Yes	Yes	Member (14/15)	Member (4/5)
Keith Bannister (as of 12 May 2020)	Yes	Yes	Member (10/10)	Member (3/3)
Robert Bearsby (as of 12 May 2020)	No^{2)}	Yes	Member (10/10)	Member (3/3)
Matti Aksela (until 12 May 2020)	No^{2)}	Yes	Member (5/5)	Member (2/2)

1) Risto Siilasmaa is the founder of F-Secure and on 31 December 2020 owned 37,79% of F-Secure shares.
2) Robert Bearsby was elected from among F-Secure Corporation's personnel, according to the process described above in 2020.
3) Matti Aksela was elected from among F-Secure Corporation's personnel, according to the same process in 2019.
4) Päivi Rekonen was a member of the Audit Committee until 12 May 2020.
5) Päivi Rekonen has been the Chair to the Personnel Committee starting from the meeting held in November 2020.

with single majority. If the votes are even, the Chairman's vote is decisive.

In accordance with F-Secure's Articles of Association, the Board of Directors comprises three to seven members, who are elected at the Annual General Meeting for a period of office that extends to the subsequent AGM. The Board of Directors represents all shareholders.

Diversity is an essential part of F-Secure's success. According to Diversity Principles established by the Board of Directors, an optimal mix of diverse backgrounds, expertise and experience strengthens the Board's performance and promotes creation of long-term shareholder value. The Diversity Principles of the Board of Directors aim to strive towards appropriately balanced gender distribution. Both genders are represented in the Board of Directors.

To create openness, one member of the Board of Directors is elected from among F-Secure's personnel. An election is arranged annually for F-Secure personnel and each permanent F-Secure employee is eligible to stand as a candidate. The Personnel Committee interviews three persons who have obtained the highest number of votes in the elections, and chooses a candidate

from amongst them to be proposed for election as a member of the Board by the Annual General Meeting. Robert Bearsby was appointed to the Board of Directors through this process in 2020.

The majority of Board members are independent from the company and from its major shareholders. For a detailed description of the members of the Board of Directors and their shareholdings see the end of this statement.

2020:

In 2020 the Board of Directors convened 15 times, Audit Committee 5 times and Personnel Committee 4 times.

Board Committees

In 2020, the Board established two committees: Audit Committee and Personnel Committee (nomination and remuneration matters). The Board of Directors appoints from among itself the members and the Chairman of the committee. Each committee must have at least three members. The Board of Directors confirms the main duties and operating principles of each committee. The duties of each committee are defined in the committee charters which are available on F-Secure's website at https://www.f-secure.com/en/investors.

Audit Committee

The Audit Committee monitors and evaluates risk management, internal controls, IT strategy and practices, financial reporting as well as auditing of the accounts. The Audit Committee also prepares a proposal for the election of auditor to the Board of Directors and regularly considers the need for a separate internal audit function. Members of the Audit Committee must have broad business knowledge, as well as an adequate expertise and experience with respect to the committee's area of responsibility and the mandatory tasks relating to auditing. The majority of members of the Audit Committee shall be independent from F-Secure Corporation and at least one member shall be independent of the company's significant shareholders. The Audit Committee calls in experts to its meetings when necessary for the issues to be discussed. Materials of the Audit Committee meetings are made available for all members of the Board of Directors.

The Audit Committee convenes at least four (4) times a year as notified by the Chairman of the Committee. Members of the Audit Committee are listed in the table above.

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

CORPORATE GOVERNANCE

Personnel Committee

The Personnel Committee prepares material and instructs with issues related to the composition of the Board of Directors and compensation of the company's management as well as remuneration and incentives of key personnel. The Committee also prepares the proposals for the Board composition and remuneration for the Annual General Meeting of Shareholders. The Personnel Committee calls in experts to its meetings when necessary for the issues to be discussed. Materials of Personnel Committee meetings are made available for all members of the Board of Directors.

The Personnel Committee convenes at least two (2) times a year as notified by the Chairman of the Committee. Members of the Personnel Committee are listed in the table above.

President and CEO

The Board of Directors appoints and may dismiss the CEO and decides upon the CEO's remuneration and other benefits in accordance with the Remuneration Policy. The CEO is responsible for the day-to-day management of the company. The CEO's main duties include:

managing the business according to the instructions issued by the Board of Directors
presenting the matters to be handled in the Board of Directors' meetings
implementing the decisions made by the Board of Directors
other duties determined in the Limited Liability Companies Act

2020:

In 2020, Samu Konttinen acted as F-Secure's President and CEO until 31 October 2020. Juhani Hintikka was appointed as the President and CEO of F-Secure, effective 1 November 2020.

The biographical details of the CEO including the shareholdings are specified later in this report. The remuneration of the CEO is specified in F-Secure's Remuneration Policy and Report.

Leadership Team

The Leadership Team supports the CEO in the daily operative management of the company.

2020:

Current information on the F-Secure Leadership Team can be found on our website: https://www.f-secure.com/en/investors.

For descriptions of all members of the Leadership Team during 2020 and their roles, respective membership periods and shareholdings, see the end of this statement.

Internal control and risk management

Risk Management

Risk management and internal control processes at F-Secure seek to ensure that risks related to the business operations of the company are properly identified, evaluated, monitored and reported in compliance with the applicable regulations.

F-Secure's Board of Directors defines the principles of risk management and internal controls which are followed within the company. The Audit Committee assists the Board in the supervision of F-Secure's risk management function. The CEO is accountable for ensuring that the risk management principles are implemented and applied constantly and consistently across the organization.

The primary goal of F-Secure's risk management principles is to empower the organization to identify and manage risks more effectively. The potential negative impact and probability of different situations arising from our business operations on the company, its customers, or its partners are monitored as part of the risk management process.

F-Secure promotes continuous risk evaluation by the company's personnel. The relevant operational risks identified through the risk management process are regularly reviewed by the CEO and Leadership Team and the company's statutory auditor. Risk Management is an integrated part of F-Secure's governance and management, and the risk management process is aligned with the ISO-31000 standard. The Audit Committee regularly evaluates the effectiveness of the risk management system.

Internal Control

The purpose of Internal Control is to ensure that operations are effective and aligned with the strategy, and that financial reporting and management information is reliable and in compliance with applicable regulations and operating principles.

Internal control consists of all the guidelines, policies, processes, practices and relevant information about organizational structure that help ensure that the business conduct is in compliance with all applicable regulations. The purpose of internal control is also to ensure that accounting and financial information provides a true and accurate reflection of the activities and financial situation of the company. Actual performance is monitored against sales and cost targets by operative reporting systems on a daily, weekly, or monthly basis.

The company constantly monitors its key financial processes linked to sales, revenue, costs and profitability as well as incoming and outgoing payment transactions. If any inconsistencies appear, the issues are handled without delay. The company's finance department is responsible for the consistency and reliability of internal control methods. The finance team works in close cooperation with the CFO and businesses, providing relevant data for business planning purposes and sales estimates. The team also regularly assesses and monitors the reliability of estimates and revenue recognition.

Internal audit

Audit Committee considers the need for and appropriateness of a separate Internal Audit function on a regular basis. To date, the Audit Committee has concluded that, due to the size, organizational structure and largely centrally controlled financial management of the company, a separate Internal Audit function is not necessary.

In the absence of an Internal Audit function, attention is paid to periodical review of the written guidelines and policies concerning accounting, reporting, documentation, authorization, risk management, internal control and other relevant matters in all departments. Related controls are also tested from time to time. The guidelines and policies are coordinated by the company's finance department with active involvement by the legal department.

The absence of a separate Internal Audit function is considered when defining the scope of the company's external audit. Where necessary, the Internal Audit services will be purchased from an external service provider.

To facilitate transparency and exchange of information on Internal Audit related matters, the financial management team has frequent meetings with the auditors. The Audit Committee also meets regularly with the auditors.

The company has taken into use a whistleblowing line for any employees to notify the Board and Leadership Team of any compliance concerns.

Related party transactions

The Audit Committee defines the principles for monitoring and assessing F‐Secure's related party transactions. The definition of the related parties is based on IAS 24 standard. F‐Secure collects information about its related parties on regular basis. The Board of Directors decides on related party transactions that are not conducted in the ordinary course of business of the company or are not implemented under arm's‐length terms. Related party transactions are disclosed as part of financial statements according to the applicable legislation.

Insider management

F‐Secure complies with the applicable legislation, including EU Market Abuse Regulation (MAR), the regulations of the Finnish Financial Supervisory Authority as well as Nasdaq Helsinki's Guidelines for Insiders. F‐Secure has established its own insider policy to complement the regulation and guidelines above.

F‐Secure maintains a list of all persons who have regular access to company's financial data. Due to the sensitive nature of financial information, persons having access to financial information before publication of an interim financial report or a year‐end report shall be subject to a thirty (30) day trading restriction prior to publication of such report.

In addition, F‐Secure maintains a project‐specific insider list of any projects and events which, if realized, would be likely to have a significant effect on the value of F‐Secure's shares or other financial instruments, and which have been subject to delaying of disclosure in accordance with MAR.

F‐Secure has decided not to include any persons as permanent insiders. All persons with inside information regarding a project will be included in the project specific insider list.

Persons discharging managerial responsibilities comprise the Board of Directors, the CEO and other members of the Leadership Team. These persons have a duty to notify F‐Secure and the Finnish Financial Supervisory Authority of every transaction in their own account relating to Financial Instruments of F‐Secure within three business days. The company publishes these notifications as a stock exchange release, as specified by MAR. All releases published on managers' transactions are available on the company's website.

Auditors

The auditor is elected by the Annual General Meeting for a term of service ending at the close of the next Annual General Meeting. The auditor is responsible for auditing the consolidated and parent company financial statements and accounting. The auditor reports to the Board of Directors or the Audit Committee at least once a year.

F‐Secure has been audited by PricewaterhouseCoopers with Janne Rajalahti, Authorized Public Accountant, as the responsible auditor.

F‐Secure paid the auditor EUR 147,000 in audit fees (2019: EUR 144,000), and EUR 30,000 (2019: EUR 41,000) for non‐audit services.

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

\leftrightarrow

CORPORATE GOVERNANCE

BOARD OF DIRECTORS

In this section are the biographies of the Members of the Board of Directors during 2020. Shareholdings are listed as of 31 December 2020 unless otherwise stated.

RISTO SIILASMAA

Chairman of the Board of Directors since 2006
Born 1966, M.Sc. (Engineering)

Main employment history:

Founder, President and CEO, Member of the Board, F-Secure Corporation, 1988-2006

Chairman of the Board 2012-2020, Member of the Board 2008-2012, Interim CEO 2013-2014, Nokia Corporation

Member of the Board 2007-2019, Chairman of the Board 2016-2018, Vice-Chairman of the Board 2013-2015, The Federation of Finnish Technology Industries

Current board memberships and public duties:

Chairman, Ministry of Finance - Technology Advisory Board, 2020-

Member of the Board, Picosun Oy, 2020-

Member of the Board, Futurice Corporation, 2018-
Senior Advisor, Boston Consulting Group, 2020-
Member, International Advisory Board IESE, 2020-
Member, Global Advisory Board of Yonsei University School of Business, 2020-

Member, Komatsu International Advisory Board, 2020-

Member, Global Tech Panel, an initiative of EU High Representative Federica Mogherini, 2018-

Holdings: number of shares 60,003,037, holding 37.79%

PERTTI ERVI

Board member since 2003

Chairman of the Audit Committee

Born 1957, B.Sc. (Electronics)

Main employment history:

Currently an independent management consultant and professional board member

Chairman of the Board 2017-2020, Member of the Board 2009-2017, Teleste Corporation

Co-CEO, Member of the Executive Board, Computer 2000 AG, 1995-2000

Co-founder, Managing Director, Computer 2000

Finland Corporation, 1983-1995

Current board memberships and public duties:

Chairman of the Board 2011-, Member of the Board 2008-, Efecte Corporation

Chairman of the Board, Mintly, 2017-

Holdings: number of shares 62,921

BRUCE ORECK

Board member since 2016

Born 1953, LL.M. (Taxation)

Main employment history:

CEO, The Train Factory Oy, 2018-

Executive in Residence, Aalto University, 2016-

Ambassador to Finland, United States, 2009-2015

Founding and managing partner, Oreck, Bradley, Crighton, Adams & Chase, 2005-2009

Executive Vice-President and General Counsel, Oreck Corporation, 1993-2003

Holdings: number of shares 23,865

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

PÄIVI REKONEN

Member of the Board since 2017

Chair to the Personnel Committee

Born 1969, M.Sc. (Economics), M.Sc. (Social Sciences)

Main employment history:

Independent strategy advisor and professional board member, 2018-

Managing Director, Group Technology, UBS, 2014–2018

Senior Vice President, Global Head of Digital Strategy, Adecco Group, 2011–2012

Head of IT, Credit Suisse, 2007–2009

Various leadership positions, Cisco Systems, 1998–2007

Various leadership positions, Nokia Corporation, 1990–1998

Current board memberships and public duties:

Chair to the Board of Directors, SEBA Bank AG, 2020–

Member of the Board, Alma Media Corporation, 2018–

Member of the Board, Efecte Corporation, 2018–

Member of the Board, Konecranes Corporation, 2018–

Member of the Strategy Advisory Board, UNOPS, 2018–

Holdings: number of shares 18,572

TUOMAS SYRJÄNEN

Member of the Board since 2019

Born 1976, M.Sc. (Engineering)

Main employment history:

CEO, Futurice Corporation, 2008–2018

Head of Business Unit, Futurice Corporation, 2003–2008

Business Development, Futurice Corporation, 2001–2002

Current board memberships and public duties:

Member of the Board, Vaisala Corporation, 2019–

Member of the Board, Futurice Corporation, 2018–

Member of the Board, Aito Intelligence Corporation, 2018–

Member of the Board, Taaleri Corporation, 2017–

Member of the Board, Fira Group Corporation, 2015–

Holdings: number of shares 21,622

KEITH BANNISTER

Board member since 2020

Born 1966, B.Sc. (Hons) (Mathematics and Computer Science)

Chartered Accountant (Fellow of ICAEW)

Non-Executive Director – FT Advanced Professional Diploma

Main employment history:

KPMG LLP, London UK, 1987–2018

KPMG LLP, Partner, 2000–2018

Current board memberships and public duties:

Member of the Board of Governors, Bridewell Royal Hospital, 2020–

Holdings: number of shares 5,467

ROBERT BEARSBY

Board member since 2020

Born 1988, B.Sc. (Audio & Music Technology)

Main employment history:

Senior Security Consultant, F-Secure Consulting, 2019–

Security Consultant, MWR InfoSecurity / F-Secure Consulting 2018–2019

Junior Security Consultant, MWR InfoSecurity 2016–2018

Holdings: number of shares 1,822

NON-CURRENT MEMBERS

MATTI AKSELA

Board member since March 2019 until May 2020

Holdings: number of shares 15,054

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

CORPORATE GOVERNANCE

LEADERSHIP TEAM

In this section are the biographies of all the members of the Leadership Team during 2020. Shareholdings are listed as of 31 December 2020 unless otherwise stated.

JUHANI HINTIKKA

President and Chief Executive Officer
Born 1966, M.Sc. (Technology)
Member of the Leadership Team since 2020

Main employment history:
President and CEO, F-Secure, 2020–
Investor, advisor, 2018–2020
President and CEO, Comptel Corporation, 2011–2017
Various leadership positions, Nokia Networks and Nokia Siemens Networks, 1999–2010
Various leadership positions, Konecranes Corporation, 1993–1999

Holdings: number of shares 0

JUHA KIVIKOSKI

Executive Vice President, Business Security
Born 1970, M.Sc. (Econ.)
Member of the Leadership Team since 2018

Main employment history:
EVP, Business Security, F-Secure, 2019–
EVP, Enterprise & Channel Sales, F-Secure, 2018–2019
Managing Director, Dustin Finland, 2015–2017
Vice President, Sales, McAfee/Intel Security, 2013–2015
Chief Operating Officer, Stonesoft, 2009–2013
Vice President, Stonesoft, 2004–2008
Holdings: number of shares 11,804

KRISTIAN JÄRNEFELT

Executive Vice President, Consumer Security
Born 1965, M.Sc. (Economics)
Member of the Leadership Team since 2016

Main employment history:
EVP, Consumer Security, F-Secure, 2016–
Director, Sales, Fujitsu Finland Corporation, 2014–2015
CEO and partner, Miradore Corporation, 2010–2014
CEO and partner, Concilio Networks Corporation, 2006–2009
Various leadership positions, Hewlett-Packard, 1994–2006

Holdings: number of shares 38,356

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

EDWARD PARSONS

Executive Vice President, Cyber Security Consulting

Born 1981, B.Sc. (History)

Member of the Leadership Team since 2020

Main employment history:

EVP, Cyber Security Consulting, F-Secure, 2020–

Managing Director, F-Secure Consulting (UK), 2018–2020

Director, MWR InfoSecurity, 2016–2018

Senior Manager, KPMG, 2013–2016

Civil Servant, 2006–2013

Consultant, Accenture, 2003–2006

Holdings: number of shares 5,348

TIM ORCHARD

Executive Vice President, Managed Detection & Response

Born 1976, B.Sc. (Psychology)

Member of the Leadership Team since 2019

Main employment history:

EVP, Managed Detection & Response, F-Secure, 2019–

Chief Operating Officer, Countercept, 2018–2019

Various leadership positions, BAE Systems

Applied Intelligence, 2012–2018

Technical Director, Activity Info Management Ltd., 2007–2012

Holdings: number of shares 0

ERIKKA SÖDERSTRÖM

Chief Financial Officer

Born 1968, M.Sc. (Econ.)

Member of the Leadership Team since 2017

Main employment history:

CFO, F-Secure, 2017–

CFO, KONE Corporation, 2013–2016

CFO, Vacon Corporation, 2009–2012

CFO, Nautor Corporation, 2008

Various finance leadership positions, Nokia Networks and Nokia Siemens Networks, 1994–2007

Current Board memberships:

Member of the Board, Bekaert, 2020–

Member of the Board, Valmet Corporation, 2017–

Chairman of the Audit Committee, Valmet Corporation, 2018–

Holdings: number of shares 61,804

JARI STILL

Chief Information Officer

Born 1965, B.Sc. (Information processing science)

Member of the Leadership Team since 2012

Main employment history:

CIO, F-Secure, 2016–

Vice President, R&D Operations, F-Secure, 2012–2016

Head of R&D, Mobile Business Unit, F-Secure, 2000–2012

CEO and Co-founder, Modera Point Corporation, 1991–2000

Current Board Memberships:

Member of the Board, Dimecc Oy, 2020–

Member of the Board, Oulu Chamber of Commerce, 2019–

Member, Innovation Working Group, The Federation of Finnish Technology Industries, 2018–

Holdings: number of shares 139,013

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

JYRKI TULOKAS

Chief Technology Officer

Born 1975, M.Sc. (Economics)

Member of the Leadership Team since 2016

Main employment history:

CTO, F-Secure, 2019–

EVP, Cyber Security Products & Services, F-Secure, 2018–2019

EVP, Strategy and Corporate Development, F-Secure, 2016–2018

Various leadership positions in product management, marketing, strategy and business development, F-Secure, 2007–2016

Head of Business Development, Suunto Corporation, 2005–2007

Holdings: number of shares 34,162

ANTTI HOVILA

Executive Vice President; Strategy, Brand & Communications

Born 1981, M.Sc. (Technology), MBA

Member of the Leadership Team since 2019

Main employment history:

EVP, Strategy, Brand & Communications, F-Secure, 2019–2021

EVP, Strategy and Corporate Development, F-Secure, 2019

Associate Director, Strategy & Planning, Fidelity International, 2017–2019

Equity Research Analyst, Fidelity International, 2010–2017

Business Development Manager, Nokia Corporation, 2006–2008

Management Consultant, McKinsey & Company, 2005–2006

Holdings: number of shares 0

EVA TUOMINEN

Executive Vice President, People Operations & Culture

Born 1976, M.Sc. (Econ.)

Member of the Leadership Team since 2019

Main employment history:

EVP, People Operations & Culture, F-Secure, 2019–

Director, Human Capital Consulting, Deloitte Finland, 2014–2019

Consulting Director, Nordic Region, NGA Human Resources, 2010–2014

Business Unit Manager, NGA Human Resources, 2003–2010

Holdings: number of shares 0

CHANGES IN LEADERSHIP TEAM COMPOSITION AFTER PERIOD-END

In February 2021, Ari Vänttinen started as Chief Marketing Officer. Consequently, Antti Hovila is now Executive Vice President, Strategy & Portfolio.

NON-CURRENT MEMBERS

SAMU KONTTINEN

President and CEO – until end of October 2020

IAN SHAW

Executive Vice President, Cyber Security Consulting – until end of October 2020

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

\leftrightarrow

REMUNERATION STATEMENT

REMUNERATION REPORT

Introduction

The reporting and transparency requirements for listed companies increased as the new EU Shareholder Rights Directive (SHRD) and Finnish Corporate Governance Code 2020 were implemented. F-Secure's Remuneration Policy was renewed to comply with these regulations, and it was approved in the Annual General Meeting in May 2020. The Remuneration Report is now updated in accordance with the SHRD and Finnish Corporate Governance Code and it provides a comprehensive picture of the remuneration of the company's governing bodies for the financial year 2020.

Remuneration principles at F-Secure

According to F-Secure's Remuneration Policy, the company's remuneration is designed to promote the business objectives and long-term profitability of the company. The company's objective is to reward for performance and competencies. The remuneration is designed to be competitive compared to the relevant peer groups, increase commitment and work engagement and to be consistent across the organization. These principles have been taken into account in the company's remuneration in the financial year 2020.

The President and CEO's remuneration follows the same principles as for all other employees. A significant portion of the President and CEO's remuneration package is based on performance, on target level the short-term and long-term incentives comprise 57% of the total remuneration. The short- and long-term incentive plans are based on company's financial performance to ensure a strong link between company's performance and CEO remuneration. The President and CEO is also expected to build and maintain a shareholding corresponding to at least one year's base salary in the company to align management's interests with those of shareholders.

Remuneration in 2020

The Personnel Committee regularly reviews executive remuneration in F-Secure compared to the peer groups to ensure competitiveness and alignment with market practices. During 2020, the Committee conducted a benchmark study to analyze CEO compensation against peer companies. The study showed that the President and CEO's base salary is at market median, while the short-term and long-term incentive earning opportunities are slightly above the market median.

During 2020, F-Secure renewed the long-term incentive plans and introduced a Performance Share Plan as the main share-based long-term incentive plan and a Restricted Share Plan as a complementary plan. The purpose of all share-based long-term incentive plans are to retain, motivate and reward individually selected key employees as well as to align their interests with those of the Company's shareholders by creating a long-term equity interest for these individuals.

In November 2020, Juhani Hintikka was appointed as the new President and CEO, and due to this change in leadership, an exception to the Remuneration Policy was done as a one-time allocation of restricted shares was granted to the new President and CEO under the Restricted Share Plan. According to F-Secure's Remuneration Policy, the Board of Directors may temporarily deviate from the Remuneration Policy in exceptional circumstances, such as in connection with the appointment of a new CEO. There are no financial performance criteria attached to the Restricted Share Plan and the shares vest after the three-year restriction period in 2024, given that the employment continues without interruption until the payment. The annual base salary was defined to be EUR 350,000 for the President and CEO. Otherwise,

the pay mix and the target and maximum levels of short- and long-term incentives for the President and CEO continue as they have been defined in the Remuneration Policy.

For President and CEO Samu Konttinen, total earned remuneration in 2020 was EUR 482,863 (EUR 466,780 in 2019), of which EUR 172,442 (EUR 171,192 in 2019) was in the form of variable pay. For Juhani Hintikka total earned remuneration in 2020 was EUR 58,374.

At the end of 2020, the President and CEO Juhani Hintikka held no F-Secure's shares.

日

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

\leftrightarrow

\rightarrow

REMUNERATION STATEMENT

Remuneration of the Executives

F-Secure has been focusing on growth in the past years which is visible in the company's revenue development since 2016. The COVID-19 affected the markets heavily during 2020 and as a result, the revenue growth slowed down. At the same time, the company's profitability has improved significantly during 2019 and 2020.

Over the same period, the compensation of executives has developed modestly. The remuneration of Board of Directors was brought closer to market median levels in 2018 and it has stayed on the same level since. The total remuneration of the President and CEO has varied year over year as a significant part of the remuneration is tied to company's financial performance.

Average annual remuneration (EUR)	2016	2017	2018	2019	2020
President and CEO 1)	630,912	407,070	616,361	466,780	482,863
Chairman of the Board	69,000	55,000	80,000	80,000	80,000
Other Board Members 2)	40,400	32,000	40,500	40,500	40,000
Average employee 2)	65,521	69,860	62,279	62,650	61,832

1) Paid remuneration during the calendar year, including base salary as well as short- and long-term incentives.
2) Average of the remuneration paid to the Board Members, excluding the employee representative.
3) The total paid wages and salaries during the calendar year / average headcount during the year in all countries.

Revenue development 2016–2020

- Revenue, MEUR
- Revenue development, year over year %

Value of theoretical investment of 100 EUR done in 2016

Share price development, paid dividends re-invested to share

- F-Secure
- OMX TECH
- HACK

Source: FactSet

Adjusted EBITDA development 2016–2020

- Adjusted EBITDA, MEUR
- EBITDA Development, year over year %

日

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

REMUNERATION STATEMENT

Remuneration of the Board of Directors

The Annual General Meeting on 12 May 2020 decided that the Board of Directors be paid fixed annual compensation for the term ending at the end of the next Annual General Meeting. Approximately 40% of the annual remuneration is paid in F-Secure's shares. No additional meeting fees are paid to members of the Board of Directors. The company will pay any applicable asset transfer tax arising from remuneration paid in shares on Board Members' behalf.

For Members of the Board of Directors, changes in the holdings of the company shares and rewards paid in shares are reported according to the Market Abuse Regulation. Related stock exchange releases are available on the company's web pages.

The fixed annual fee for Chairman of the Board is EUR 80,000, for the Committee Chairmen EUR 48,000, for Members of the Board EUR 38,000 and for Board Member belonging to the personnel of the company EUR 12,667.

The travel expenses and other costs directly related to the board work of the members of the Board of Directors are paid in accordance with the company's compensation policy in force at any given time. In addition, the Chairman of the Board of Directors is offered assistant and administrative services.

The Board of Directors Remuneration in 2020

Member	Remuneration paid in cash	Remuneration paid in shares, EUR	Remuneration paid in shares, pcs	Total
Risto Siilasmaa	EUR 47,772	EUR 32,228	11 510	EUR 80,000
Pertti Ervi	EUR 28,663	EUR 19,337	6 906	EUR 48,000
Bruce Oreck	EUR 22,692	EUR 15,308	5 467	EUR 38,000
Päivi Rekonen	EUR 22,692	EUR 15,308	5 467	EUR 38,000
Tuomas Syrjänen	EUR 22,692	EUR 15,308	5 467	EUR 38,000
Keith Bannister 1)	EUR 22,692	EUR 15,308	5 467	EUR 38,000
Robert Bearsby 1)	EUR 7,565	EUR 5,102	1 822	EUR 12,667
Total	EUR 174,770	EUR 117,897	42,106	EUR 292,667

1) Since 12 May 2020

日

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

←→

REMUNERATION STATEMENT

Remuneration of the President and CEO in 2020

Salaries and financial benefits paid in and accrued based on 2020 are described in the table below.

President and CEO Samu Konttinen

	Payments in 2020	Accrued based on 2020
Base salary, including fringe benefits	EUR 310,421	–
Supplement Pension / Other financial benefits	–
Short-term incentive (STI)
Earning period 2019	EUR 13,303
Earning period 2020	EUR 41,874	EUR 91,503
Long-term incentive (LTI) EUR/shares
LTI 2017–2019	EUR 117,265
LTI 2018–2020		21,600 shares
Total	EUR 482,863	EUR 91,503 / 21,600 shares

President and CEO Juhani Hintikka

	Payments in 2020	Accrual based on 2020
Base salary, including fringe benefits	EUR 58,374	–
Pension / Other financial benefits	–	–
Short-term incentive (STI)
Earning period 2019	–	–
Earning period 2020	–	EUR 25,083
Long-term incentive (LTI) €/shares
LTI 2017–2019	–	–
LTI 2018–2020	–	–
Total	EUR 58,374	EUR 25,083

CEO and President Samu Konttinen

Paymix, 2020 actual payments

Base salary
STI
LTI

CEO and President Juhani Hintikka

Paymix, 2020 actual payments

Base salary

三

F-Secure 2020

Board of Directors' Report

Financial statements

Corporate responsibility

Corporate governance

\leftrightarrow

REMUNERATION STATEMENT

Rolling structure of long-term incentive plans

Short-term incentive payments are done bi-annually. The short-term incentive rewards paid in 2020 comprise of the reward for the 2nd half of 2019 and the reward for the 1st half of 2020. The STI Plan 2019 for the President and CEO Samu Konttinen was based on F-Secure's revenue growth with 70% weight and adjusted EBITDA with 30% weight of total. The overall performance for these two criteria in the 2nd half of 2019 was 33,0% and the corresponding reward was paid in March 2020.

The STI Plan 2020 for the President and CEO Samu Konttinen was based on F-Secure's revenue with 60% weight and adjusted EBITDA with 40% weight of total. The overall performance for these two criteria was 86.0% and the corresponding reward is paid in two instalments in August 2020 and February 2021.

The STI Plan 2020 for the President and CEO Juhani Hintikka was based on F-Secure's revenue with 60% weight and adjusted EBITDA with 40% weight of total. The overall performance for these two criteria was 86.0% and the corresponding reward is paid in February 2021. The reward is pro-rated according to the employment time with the company.

Long-term incentive paid in 2020 was based on the LTI Plan 2017-2019. The performance criterion for this plan was F-Secure Revenue in 2019 and the achievement was 56.7% and the corresponding reward was paid to the President and CEO Samu Konttinen in April 2020 partly in shares and partly in cash.

The LTI Plan 2018-2020 will be paid in 2021 and the performance criterion for this plan was F-Secure Revenue in 2020. The achievement for this plan is estimated to be 30.0% and the corresponding gross reward of 21,600 shares will be paid to the former President and CEO Samu Konttinen in March 2021 partly in shares and partly in cash.

F-Secure 2020
Board of Directors' Report
Financial statements
Corporate responsibility
Corporate governance

INFORMATION FOR SHAREHOLDERS

Contact information
Eriikka Söderström, CFO, F-Secure

Henri Kiili, Investor Relations and Corporate Finance Director, F-Secure
+358 40 840 5450
[email protected]

Financial calendar

During the year 2021, F-Secure Corporation will publish financial information as follows:

Interim report January–March 2021, April 29, 2021
Half year financial report January–June 2021, July 15, 2021
Interim report January–September 2021, October 21, 2021

Annual General Meeting

The Annual General Meeting is scheduled for
Wednesday, March 24, 2021 at 14:00 EET. More information is available at
https://www.f-secure.com/en/investors/governance?a=annual-general-meeting.

content F-Secure
design and layout Kreab
photographs F-Secure

F-Secure 2020
Board of Directors' Report
Financial statements
Corporate responsibility
Corporate governance

F-Secure

F-Secure Corporation
Tammasaarenkatu 7
P.O. Box 24, 00181 Helsinki
Tel. +358 9 2520 0700
[email protected]
www.f-secure.com

AI assistant

F-Secure Oyj — Annual Report 2020

3268_rns_2021-02-10_66bfb1c2-78fa-45bb-b299-a0c4576b56cb.pdf

ANNUAL REPORT 2020

WE EXIST TO BUILD TRUST IN SOCIETY AND TO KEEP PEOPLE AND BUSINESSES SAFE

CONTENTS

F-SECURE 2020

BOARD OF DIRECTORS' REPORT

FINANCIAL STATEMENTS

NON-FINANCIAL INFORMATION

CORPORATE GOVERNANCE

INFORMATION FOR SHAREHOLDERS

KEY FIGURES 2020

Revenue & profitability

Key figures

BUSINESS MODEL: SCALABLE SOFTWARE COMPLEMENTED BY SERVICES

F-SECURE'S WAY OF OPERATING

Corporate Security Products

Cyber Security Consulting

Consumer Security Products

PRODUCTS AND SERVICES

Corporate security

Detection & Response solutions (EDR & MDR)

Prevention solutions

Prediction solutions

Cyber security services

Consumer security

SOFTWARE BUSINESSES SHOWED THEIR RESILIENCE

Cyber criminals took advantage of the increased attack surface after the COVID-19 outbreak

BOARD OF DIRECTORS' REPORT 2020

Financial performance and key figures

Corporate security

Products

Cyber security consulting

Consumer security

Operators

Direct sales

Gross margin

Operating expenses

Profitability

Cash flow

Acquisitions and financing arrangements

Changes in group structure

Capital structure

Capital expenditure

Research and development

Organization and leadership

Personnel

Leadership team

Shares, Shareholders' Equity, Own Shares

Risks and uncertainties

COVID-19 pandemic

Cyber security incident

Endpoint protection market disruption

Market consolidation

Risks relating to launch of new technologies

Attracting and retaining talent

Geopolitical risks

Currency fluctuations

The Annual General Meeting

Market overview

Outlook

Dividend proposal

Events after period-end

KEY FIGURES

CALCULATION OF KEY RATIOS

STATEMENT OF CHANGES IN EQUITY

NOTES TO THE FINANCIAL STATEMENTS

ACCOUNTING PRINCIPLES FOR THE CONSOLIDATED FINANCIAL STATEMENTS

Basic information

ACCOUNTING PRINCIPLES

Principles of consolidation

Transactions in foreign currency

New and amended IFRS Standards that are effective for 2020

COVID-19 impacts on financial reporting during 2020

Management judgment on significant accounting principles and use of estimates

Revenue recognition

Endpoint protection solutions and vulnerability management products

Cyber security consulting services and managed detection and response solutions

Presenting of receivables and liabilities from contracts with customers

F-Secure Oyj Annual Report 2020