F-Secure Oyj - Annual Report 2021

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

ANNUAL REPORT 2021

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

F-SECURE 2021

F-SECURE 2021

Key figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 03 Business model . . . . . . . . . . . . . . . . . . . . . . . . . . . . 04 Portfolio in Corporate Security . . . . . . . . . . . . . . 05

Value proposition in Consumer Security . . . . . . 06 Products and services . . . . . . . . . . . . . . . . . . . . . . 07 CEO’s letter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 08

BOARD OF DIRECTORS’ REPORT

Board of Directors’ Report . . . . . . . . . . . . . . . . . . 10 Key figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Calculation of key ratios . . . . . . . . . . . . . . . . . . . . 17

FINANCIAL STATEMENTS

F-SECURE CONSOLIDATED. . . . . . . . . . . . . . . . . . 20 Statement of comprehensive income . . . . . . . . 20 Statement of financial position . . . . . . . . . . . . . . 21 Statement of cash flows . . . . . . . . . . . . . . . . . . . . 22 Statement of changes in equity . . . . . . . . . . . . . . 23 Notes to the Financial Statements. . . . . . . . . . . . 24

NON-FINANCIAL INFORMATION

Statement of Corporate responsibility . . . . . . . . 60 F-Secure’s business model and value creation . 61

CORPORATE GOVERNANCE

F-Secure’s CorporateGovernance Statement . . 69 Board of Directors . . . . . . . . . . . . . . . . . . . . . . . . . 73 Leadership team . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Remuneration report . . . . . . . . . . . . . . . . . . . . . . . 79

INFORMATION FOR SHAREHOLDERS

Information for shareholders . . . . . . . . . . . . . . . . 84

F-SECURE CORPORATION . . . . . . . . . . . . . . . . . . 42 Income statement . . . . . . . . . . . . . . . . . . . . . . . . . 42 Balance sheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Cash flow statement . . . . . . . . . . . . . . . . . . . . . . . 44 Notes to the parent company Financial Statements . . . . . . . . . . . . . . . . . . . . . . . 45 Auditor’s Report . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Nobody knows cyber security like F-Secure. For three decades, F-Secure has driven innovations in cyber security, defending over 100,000 companies and millions of people. With unsurpassed experience in endpoint protection as well as detection and response, F-Secure shields enterprises and consumers against everything from advanced cyber attacks and data breaches to widespread ransomware infections. F-Secure’s sophisticated technology combines the power of machine learning with the human expertise of its world-renowned security labs. F-Secure’s security experts perform incident response and forensic investigations on four continents, and its products are sold all over the world by around 200 broadband and mobile operators and thousands of resellers. Founded in 1988, F-Secure is listed on the Nasdaq Helsinki.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

F-SECURE 2021

KEY FIGURES 2021

GROWING IN ALL BUSINESSES

Key facts

Revenue 236 MEUR

Adjusted EBITDA 36.5 MEUR

Adjusted EBITDA margin 15.4%

Revenue development and adjusted EBITDA, MEUR

==> picture [224 x 158] intentionally omitted <==

----- Start of picture text -----

236
217 220
191 130
170 123 120
96
36
72 36
23
18 17
98 95 95 100 106
2017 2018 2019 2020 2021
----- End of picture text -----

Corporate security revenue
Consumer security revenue
Adjusted EBITDA

Sales from 100+ countries

Cybersecurity insights for 30+ years

Employees representing 74 nationalities with cultural diversity

Revenue split by business, %

Revenue split by region, %

==> picture [248 x 135] intentionally omitted <==

----- Start of picture text -----

Consumer security Corporate security
products 45% 35% products
20%
Cyber security
consulting
----- End of picture text -----

==> picture [229 x 123] intentionally omitted <==

----- Start of picture text -----

North America 10%
Rest of the world 13%
44% Rest of Europe
Nordic 33%
----- End of picture text -----

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

F-SECURE 2021

BUSINESS MODEL: MONETIZING THROUGH SOFTWARE AND SOLUTIONS – TWO BUSINESSES AND THREE PLAYBOOKS

==> picture [742 x 304] intentionally omitted <==

----- Start of picture text -----

SOFTWARE TO CONSUMERS SOFTWARE TO MIDMARKET SOLUTIONS TO ENTERPRISES
MAINLY VIA CHANNEL BUSINESSES VIA CHANNEL DIRECTLY
INNOVATIONS | THREAT INSIGHTS | RESEARCH | AI | MACHINE LEARNING
DETECTION & RESPONSE TECHNOLOGY
COMMON SOFTWARE TECHNOLOGY
TECHNOLOGY IS THE KEY TO IMPROVE PROFITABILITY
1. Standardized partner integration 1. Automate business processes 1. Scale MDR with D&R technology
2. Upsell new products 2. Modular SaaS offering 2. Productize standard services
3. Land and expand
----- End of picture text -----

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

F-SECURE 2021

PORTFOLIO IN CORPORATE SECURITY

“ F-Secure ELEMENTS is a modular, cloud-native platform that enables customers to choose between standalone solutions and the full suite of endpoint products. This platform meets the need for the servitization of cyber security and is an easy way for our customers to deploy new solutions”, says Juhani Hintikka, President & CEO.

Our portfolio for businesses

==> picture [742 x 267] intentionally omitted <==

----- Start of picture text -----

SOFTWARE SOLUTIONS
ELEMENTS
ENDPOINT CLOUD MANAGED
ENDPOINT DETECTION AND COLLABORATION VULNERABILITY PROTECTION FOR DETECTION AND CYBER SECURITY
PROTECTION RESPONSE PROTECTION MANAGEMENT SALESFORCE RESPONSE CONSULTING
SERVITIZE
PRODUCTIZE
ARTIFICIAL INTELLIGENCE AND MACHINE LEARNING BLACKFIN
RESEARCH AND THREAT INTELLIGENCE
DATA
----- End of picture text -----

Reported as:

Corporate Security Products
Cyber Security Consulting

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

F-SECURE 2021

VALUE PROPOSITION IN CONSUMER SECURITY

“

We want to be the most desired partner in cyber security. It’s not good enough to provide just some software, it also has to work very well,” says Timo Laaksonen, SVP Consumer Security.

Our value proposition – service provider success

==> picture [531 x 316] intentionally omitted <==

----- Start of picture text -----

Award-winning portfolio to protect devices,
privacy, identity and the connected home
PROTECTING CONSUMERS’
CONNECTED LIVES
Ensure partner success Platforms for partners
BUSINESS MODEL INTEGRATION
FLEXIBILITY
SUPPORT BUSINESS
INTELLIGENCE
ENGAGE
D E
N N
E A
T B
X L
E E
----- End of picture text -----

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

07 F-SECURE 2021

PRODUCTS AND SERVICES

Corporate security

In corporate security F-Secure provides a broad range of cyber security products, managed detection and response solutions and cyber security consulting to companies globally with a focus on the mid-market and local enterprises.

F-Secure Elements – one cloud-native platform for chosen cyber security solutions

F-Secure Elements is a flexible platform that allows our partners to choose from a traditional annual license, a monthly subscription or the pay-as-you-go model.

F-Secure Elements Endpoint Protection – Cloud-native endpoint security

F-Secure Elements Endpoint Detection and Response – Customer- or partner-managed software solution to protect against targeted attacks

F-Secure Elements Vulnerability Management – Automated vulnerability scanning and management platform

Independent cyber security solutions

MDR: F-Secure Countercept – Advanced threat hunting and continuous response capabilities against targeted attacks delivered as a managed service

F-Secure Cloud Protection for Salesforce – Cloud-hosted contentlevel security for Salesforce customers
F-Secure Business Suite – On-site deployed endpoint security phishd – Anti-phishing behavior management platform

Cyber security services

F-Secure provides premium consultancy services for all areas of cyber security on four continents, including services such as:
F-Secure Cyber Incident & Resilience Services
F-Secure Security Assessments
F-Secure Red Team Testing
F-Secure Cyber Risk Management

==> picture [207 x 156] intentionally omitted <==

F-Secure Elements for Microsoft 365 – Advanced protection for online exchange of content

Consumer security

In consumer security the company provides a comprehensive range of endpoint protection, privacy and password management solutions, and security for all the connected devices at home, both separately and as a bundled premium offering (F-Secure TOTAL).

The majority of consumer sales comes from the sale of endpoint protection products through the operator channel, but the company also sells consumer products through various retail partners, as well as the company’s own web shop.

F-Secure SAFE

– Easy to use antivirus and internet security, including Family rules to let you set healthy boundaries for your children’s device use

F-Secure SENSE

– A software-based solution integrated in operators’ broadband routers to secure all devices and the entire connected home against online threats

F-Secure ID PROTECTION

– Combines personal information monitoring against data breaches with password manager

F-Secure FREEDOME

VPN that ensures anonymous and secure internet browsing

F-Secure KEY

– A light and easy password manager, allowing you to store your passwords securely and access them from any device

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

CEO LETTER

A YEAR OF STRATEGY CLARIFICATION – PAVING THE WAY FOR THE SEPARATION OF CONSUMER SECURITY BUSINESS

==> picture [499 x 333] intentionally omitted <==

==> picture [101 x 83] intentionally omitted <==

CEO’S LETTER Juhani Hintikka

==> picture [114 x 79] intentionally omitted <==

==> picture [104 x 73] intentionally omitted <==

==> picture [74 x 51] intentionally omitted <==

==> picture [59 x 51] intentionally omitted <==

The COVID-19 pandemic impacted the global economy and our operations also in 2021. The digital leap of societies and increased remote working supported the positive development of our businesses. The accelerating growth of our Managed Detection and Response (MDR) solutions and continuing strong customer demand for our Cloud Protection for Salesforce software and cloud-native Elements platform showed their strength over the course of the year.

In 2021, the most important target for our corporate security business was the growth of our SaaS (Security as a Service) offering and riding on its strong growth. In our consulting business, we were impacted by the COVID-19 pandemic and high attrition during the year. However, I am very happy that by the end of the year the attrition rate had already improved, and things look positive for the future of our consulting business as well. On the consumer security side, we focused on maintaining our high profitability, while investing in our ability to grow.

As a result, our revenue increased by 7% to EUR 236.3 million (220.2m), especially driven by the excellent growth of Managed Detection and Response (MDR) solutions as well as business security software. Our adjusted EBITDA grew to EUR 36.5 million (35.7m), i.e. 15.4% of revenue. I am also satisfied with the development of our annual recurring revenue (ARR) during the year. At the end of December, the annual recurring revenue (ARR) of our corporate security’s Cloud-based Solutions was over EUR 60 million, growing by 34% year-on-year. This shows we are making good progress in transitioning towards a SaaS company. I want to express my sincere thanks to our personnel for their dedication and hard work during these exceptional of times. Without their extraordinary contribution, this would not have been possible.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

CEO LETTER

Award-winning security

The role of F-Secure is to build and sustain trust in digital society. In the light of the several severe ransomware and supply chain attacks that took place in 2021, this role is more important than ever.

I strongly believe that no one, let alone our customers, should experience a serious loss from a cyber attack. That is why R&D is in such an important role in our company. One of the underlying principles is that security should be an integral part of products and processes, not a separate component to be added later on.

In 2021, the quality of our products was once again proven, when our Detection and Response solutions continued their excellent performance in the 3rd MITRE Engenuity ATT&CK® evaluation and when F-Secure SAFE product received top scores in the independent AV-TEST Institute’s tests.

The most important product launch of the year was the launch of F-Secure ELEMENTS, a modular, cloud-native platform that enables customers to choose between standalone solutions and the full suite of endpoint products. This platform meets the need for the servitization of cyber security and helps our customers to deploy new solutions easily.

Clarification of strategy

Year 2021 was also a year of clarifying our strategy. We recognize we operate in three very different markets. Each of these markets requires its own playbook. Our business security software focuses on the mid-market segment through an extensive partner network, whereas the enterprise customers are served directly by our outcome-based solution portfolio and our consulting business. In consumer security, we are aiming for growth while partnering with service providers.

In the new strategy, we have put good partnerships at the core of our business. Our clear goal is to be the most desired partner in cyber security. This applies both to our corporate security and consumer security businesses.

In 2021, we also started a review and evaluation of different strategic options for our consumer security business. In February 2022, we announced the outcome of that review. We will now pursue towards the separation of our consumer security business. The plan is to transfer the consumer security business into a new independent company that will be named F-Secure Corporation. The current F-Secure will carry on its corporate security business and is planning to change its name to WithSecure Corporation.

The demerger would enable us to serve our end customers even better through two separate companies, which are more focused on the differing customer needs. These companies would also have different financial profiles, that would support shareholder value creation in the long term. I believe the demerger would create two even more successful companies and offer new, exciting opportunities also for our employees.

I look forward to the year 2022 with great enthusiasm. Both our corporate security and consumer security businesses are in an excellent position to grow and prosper as separate companies as the world is moving towards a new normal.

Juhani Hintikka

“ I want to thank all our stakeholders – customers, partners, investors and especially our personnel – for believing in us in 2021. We have an exciting journey ahead of us.“

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

BOARD OF DIRECTORS’ REPORT

==> picture [549 x 381] intentionally omitted <==

BOARD OF DIRECTORS’ REPORT 2021

The COVID-19 pandemic impacted the global economy and F-Secure’s operations also in 2021. The digital leap of societies and increased remote working supported the positive development of company’s corporate security products and consumer security business. The accelerating growth of F-Secure’s Managed Detection and Response (MDR) solutions and continuing strong customer demand for Cloud Protection for Salesforce software and cloud-native Elements platform proved the strength of our offering. As a result, F-Secure’s revenue increased by 7% to EUR 236.3 million (220.2m) and adjusted EBITDA grew to EUR 36.5 million (35.7m).

In 2021, F-Secure’s corporate security business continued its strong performance. In corporate security products, the growth came especially from Managed Detection and Response (MDR) solution, Endpoint Detection and Response (EDR) and Cloud Protection products, while Endpoint Protection Platform (EPP) still accounted for a significant share of the revenue. In cyber security consulting, COVID-19 pandemic still impacted F-Secure’s operations especially in the beginning of the year. At the same time, as remote working

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

BOARD OF DIRECTORS’ REPORT

has now become a new norm, F-Secure can better utilize its global pool of experts and deliver cyber security consulting services more remotely and globally, thus mitigating the lack of highly specialized experts to meet the strong customer demand in some regions.

In F-Secure’s consumer security business, both service provider channel and direct business grew. In the service provider channel, the whole portfolio contributed to the growth. In direct sales to consumers, the growth was driven by the increasing share of our bundled solution, F-Secure TOTAL.

Financial performance and key figures

The company’s total revenue in January–December increased by 7% year-on-year to EUR 236.3 million (220.2m). The share of corporate security of total revenue was 55% (55%).

Corporate security

Revenue from corporate security increased by 8% year-on-year and was EUR 130.0 million (120.1m) as corporate security products grew by 11% and cyber security consulting by 3%. In the end of December 2021, the annual recurring revenue (ARR) of corporate security’s cloud-based Solutions was EUR 60.9 million (45.5m), growing by 34% year-on-year.

Products

Revenue from business security software grew year-on-year. The growth was driven by the cloud-native Elements platform, its EDR (Endpoint Detection and Response) software as well as Cloud Protection for Salesforce software, while EPP (Endpoint Protection Platform) still accounts for a significant share of the revenue. The sales of EDR and Cloud Protection products grew across all the key regions.

The orders of F-Secure’s business security software in 2021 were all-time high, mainly driven by the successful launch of the Elements platform in May 2021, renewed licensing models as well as the systematic and close co-operation with partners in productizing the EDR offering.

Revenue from Managed Detection and Response (MDR) solutions (F-Secure Countercept) grew year-on-year. In 2021, several important deals were signed for example with customers from key enterprise verticals i.e in manufacturing, technology, media and financial services sectors.

Cyber security consulting

Revenue from cyber security consulting increased by 3% year-onyear to EUR 47.2 million (45.8m).

Especially in the beginning of the year, the COVID-19 pandemic impacted the cyber security consulting operations. Towards the end of the year, the impact of pandemic decreased, but the attrition of consultants in some regions negatively impacted the consulting business. However, during the fourth quarter the attrition rate improved.

Due to pandemic, remote working has become a new norm. This enables F-Secure to better utilize its global pool of experts and deliver cyber security consulting services more remotely and globally, independent of customer’s physical location.

In December, F-Secure divested its UK public sector consulting team through a management buy-out (MBO) to increase focus on enterprise clients. In 2021, revenue of the divested operations was EUR 3.7 million and it employed some 20 consultants.

Consumer security

Revenue from consumer security increased by 6% year-on-year and was EUR 106.3 million (100.1m) as both service provider channel and direct business grew.

Service Providers (previously Operators)

Revenue from the service provider channel grew year-on-year driven by the sale of core endpoint protection solutions in addition to partners expanding their offering to F-Secure’s new consumer products. In 2021, the majority of revenue came from the F-Secure SAFE product.

Direct sales

Revenue from direct sales to consumers grew year-on-year, which was driven by the increasing share of our bundled solution, F-Secure TOTAL. The overall renewal performance continued at a good level.

Gross margin

Gross margin increased by EUR 13.5 million to EUR 185.7 million (172.2m) was 78.6% of revenue (78.2%). The increase in gross margin was due to increased revenue in scalable product businesses and improved performance in cyber security consulting.

Operating expenses

Operating expenses excluding depreciation and amortization, and items affecting comparability (IAC) increased by EUR 13.0 million to EUR 151.5 million (138.5m). During the comparative period, operative expenses were at an unusually low level due to the COVID-19 pandemic. Sales and marketing costs grew year-onyear due to an increase in marketing activities and higher sales commissions. Research and development costs grew year-on-year due to a headcount increase. In addition, the company has experienced salary inflation in several markets. Items affecting comparability (IAC) totaled EUR 4.3 million and consisted of costs related to strategic reviews.

Depreciation and amortization were EUR 15.1 million (16.0m), where PPA amortization from acquisitions was EUR 2.8 million (3.2m) and the impairment was EUR 1.0 million.

Profitability

Adjusted EBITDA was EUR 36.5 million and 15.4% of revenue (35.7m, 16.2%) and adjusted EBIT was EUR 25.3 million and 10.7% of revenue (22.9m, 10.4%).

EBITDA was EUR 32.8 million and 13.9% of revenue (35.7m, 16.2%). EBIT was EUR 17.7 million and 7.5% of revenue (19.7m, 8.9%), including EUR 2.8 million of PPA amortization (3.2m), EUR 1.0 million impairment and EUR 3.7 million of IAC items. Strategy

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

BOARD OF DIRECTORS’ REPORT

related costs of EUR 4.3 million were partially offset by a preliminary capital gain of EUR 0.5 million from divesting UK public sector consulting team through a local management buy-out. The final capital gain is dependent on deferred consideration based on the future performance of the divested business and it will be measured at fair value quarterly.

Cash flow

Cash flow from operating activities before financial items and taxes decreased by EUR 9.6 million and was EUR 38.7 million (48.3m). Changes in net working capital due primarily to an increase in current receivables had a negative impact on operative cash flows. Cash flow from operations decreased by EUR 15.9 million and was EUR 30.7 million (46.7m). In addition to net working capital, residual taxes for 2020 and increase in advance taxes impacted the cash flow negatively.

Acquisitions and financial arrangements

F-Secure did not carry out acquisitions during 2021.

Company did not enter new financing agreements during 2021. Bank loan repayments were made according to the schedule. Total repayments for term loan during 2021 were EUR 6.0 million. Company’s financing agreement includes a committed revolving credit facility (RCF) of EUR 23.0 million to decrease short-term liquidity risk. Remaining term loan at the end of the financial year was EUR 19.0 million while RCF was undrawn. During next 12 months EUR 6.0 million of remaining term loan will be paid according to the financing agreement.

The financing agreement includes conventional loan covenants related to ratio of net debt to EBITDA and equity ratio. F-Secure complied with the covenants throughout the reporting period.

Changes in the group structure

Following changes have occurred in the Group structure during the financial year:

F-Secure Pty Limited in Australia was liquidated during second quarter of 2021.

Capital structure

The financial position remained solid. The company has liquid assets of EUR 53.0 million (51.4m) and interest- bearing bank debt of EUR 19.0million (30.0m). Gearing was negative –25.8% due to strong liquidity.

The next repayment (3.0m) of the term loan is due in June 2022. To guarantee liquidity, F-Secure has EUR 23.0 million committed revolving credit facility that was undrawn at the end of the year.

Research and development

F-Secure’s research and development expenditure amounted to EUR 46.6 million in 2021, representing 19.7% of revenue (EUR 41.9m, 19%). Capitalized development expenses were EUR 5.6 million (EUR 5.5 million).

F-Secure is a cyber security technology company for which the ability to innovate is crucial. The company has consistently earned top marks in third-party technology evaluations for providing the best protection, advanced detection & effective response capabilities and high customer satisfaction. This was once more demonstrated in April, when F-Secure’s Detection and Response solutions continued their excellent performance in the 3rd MITRE Engenuity ATT&CK® evaluation.

During the year, both F-Secure’s corporate security and consumer security products won many awards, e.g. the Best Protection Awards from AV-TEST for home and business users and a Best Performance award for home users. In autumn, an important milestone was reached when, for the first time, F-Secure SAFE product received top scores in all three categories (Protection, Performance, Usability) in all three operating systems (Windows, MacOS, Android) in the independent AV-TEST Institute’s tests.

In 2021, F-Secure also received the Artificial Intelligence Excellence Award for its Project Blackfin, a multi-year research effort aimed at investigating how to apply collective intelligence in the cyber

security domain. The research, which is being led by F-Secure’s Artificial Intelligence Centre of Excellence, is a company-wide effort involving F-Secure’s engineers, researchers data scientists, and academic partners. The goals of the project are for example to develop new, more generic methods for detecting adversarial actions, further improve and automate threat intelligence gathering capabilities and understand how to implement and improve automated response actions.

The most important product launch of the year was the launch of F-Secure ELEMENTS in the second quarter. F-Secure ELEMENTS is a modular, cloud-native platform that enables customers to choose between standalone solutions and the full suite of endpoint products. The combines endpoint protection, endpoint detection and response, vulnerability management, and collaboration protection for cloud services such as Microsoft Office 365. It also meets the need for the servitization of cyber security and is an easy way for our customers to deploy new solutions, which helps us to implement the Land and Expand strategy.

Organization and leadership

Personnel

At the end of the year, F-Secure had 1,656 employees, which shows a net decrease of 22 employees (–1%) since the beginning of the year (1,678 on 31 December 2020).

Leadership team

In February 2021, Ari Vänttinen started as Chief Marketing Officer. Consequently, Antti Hovila became Executive Vice President, Strategy & Portfolio.

In September 2021, Tom Jansson started as CFO of F-Secure Corporation and a member of company’s Leadership team as the former CFO, Eriikka Söderström left the company.

In September 2021, Tiina Sarhimaa was appointed as Chief Legal Officer (CLO) and she became a member of F-Secure’s Leadership team.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

BOARD OF DIRECTORS’ REPORT

On 1 October 2021, F-Secure renewed the composition of its Leadership Team to reflect its updated strategy. Going forward, Chief Information Officer will report to Antti Koskela (CPO) and Strategy and Portfolio team will report to Tom Jansson (CFO). As an outcome, Jari Still (former CIO) and Antti Hovila (former EVP, Strategy & Portfolio) left the Leadership Team.

At the end of the year, the composition of the Leadership Team was the following:

Juhani Hintikka (CEO & President), Tom Jansson (CFO), Christine Bejerasco (CTO), Antti Koskela (CPO), Ari Vänttinen (CMO), Timo Laaksonen (EVP, Consumer Security), Juha Kivikoski (EVP, Business Security), Edward Parsons (EVP, Cyber Security Consulting), Tim Orchard (EVP, Managed Detection & Response), Charlotte Guillou (EVP, People Operations & Culture) and Tiina Sarhimaa (CLO).

After the reporting period, on January 1, 2022, F-Secure changed its management structure and combined its Managed Detection and Response unit and Cyber Security Consulting unit under one Solutions unit, led by Tim Orchard as Executive Vice President, Solutions.

Shares, Shareholders’ Equity, Own Shares

The total number of company shares is currently 158,798,739. The company’s registered shareholders’ equity is EUR 1,551,311.18. The company held 411,358 of its own shares at the end of the quarter.

The company holds its own shares to be used in the incentive compensation plans, for making acquisitions or implementing other arrangements related to the company’s business, to improve the company’s financial structure or to be otherwise assigned or cancelled.

In January–December, 20,164,500 (22,752,704) of F-Secure’s shares were traded on the Helsinki Stock Exchange. The highest trading price was EUR 5.53 (4.14) and the lowest price was EUR 3.66 (2.04). The volume weighted average price of F-Secure’s shares in 2021 was EUR 4.39 (3.10).

The share’s closing price on the last trading day of the year, 30 December 2021, was EUR 4.97 (3.84). Based on that closing price, the market value of the company’s shares, excluding the treasury shares held by the company, was EUR 786 million (607m).

The company currently has performance- and market-based long-term share-based incentive programs for key employees.

Risks and uncertainties

The following risks and uncertainties can adversely impact F-Secure’s sales, profitability, financial condition, market share, reputation, share price or the achievement of the company’s shortand long-term objectives. The matters described here should not be construed as an exhaustive list. The most significant risks are:

COVID-19 pandemic

Cyber security consulting and the new sales of Managed Detection and Response (MDR) service are negatively affected by the COVID-19 pandemic. Slowdown in the new sales of software products and Managed Detection and Response (MDR) solutions may occur if the situation prolongs.

Goodwill is tested for impairment annually and whenever there is indication that it might be impaired. The annual impairment testing of Consulting and MDR goodwill was carried out at the end of 2021 and indicated no impairment although long-term forecasts continue to include a higher level of uncertainty due to the prolonged pandemic. Management continues to assess the need for updated testing regularly.

Under the pandemic an increase in credit losses and delayed customer payments may occur. To date, significant risks have not realized, but the impacts of the pandemic on customers may arise in the longer term. As part of the quarterly assessment of allowances for expected credit losses under IFRS 9, a slight increase in the calculation of expected credit losses was maintained.

Cyber security incident

Cyber security attacks threaten the confidentiality, integrity and availability of F-Secure’s products, services and the enterprise. F-Secure builds cyber resilience by continually improving its capability to identify, protect, detect and respond to relevant threats.

Endpoint protection market disruption

Endpoint security market is highly competitive. Operating system manufacturers have increased their focus to built-in security features and at the same time new vendors and technologies have emerged. F-Secure has to succeed in maintaining in-depth understanding of cyber security threat landscape, hacker techniques and technologies used as well as continue to innovate in defense technologies.

Market consolidation

The cyber security market is consolidating due to economies of scale. F-Secure has to succeed in finding the right acquisition targets, as well as successfully integrating the target companies.

Risks relating to launch of new technologies

In a rapidly evolving industry, it is vital to keep products and services relevant to customers while introducing new technologies to the market on-time. F-Secure is driving technology simplification and R&D effectivization initiatives as well as investments in artificial intelligence to ensure a competitive product portfolio.

Attracting and retaining talent

Competition for capable personnel is increasing and there is structural undersupply of talent in the cyber security industry. F-Secure is continuously developing and adopting new ways of recruitment, building its own talent and knowledge pools and investing in training and development of personnel.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

BOARD OF DIRECTORS’ REPORT

Geopolitical risks

F-Secure operates globally in different countries, and local regulation is exposing the company to geopolitical risks, including, for instance, unfavorable tax matters or export controls. Changes in regulations or their application, applicable to current or new technologies or services, may adversely affect F-Secure’s business operations.

Currency fluctuations

Increased amount of operations and sites outside the Eurozone in different currencies exposes F-Secure to an increased risk related to currency fluctuations.

Annual General Meeting

The Annual General Meeting of F-Secure Corporation was held on 24 March 2021. The Meeting confirmed the financial statements for the financial year 2020 and reviewed the remuneration policy and remuneration report for governing bodies. The members of the Board and the President and CEO were discharged from liability.

The Annual General meeting approved the proposal of the Board of Directors that a dividend of EUR 0.04 per share shall be paid from the parent company’s distributable funds to shareholders who are registered in the Company’s shareholders’ register maintained by Euroclear Finland Oy on the dividend record date, 26 March 2021. The dividend was paid on 8 April 2021.

The Annual General Meeting decided that the annual remuneration of the Board of Directors remain unchanged: EUR 80,000 for the Chairman of the Board of Directors, EUR 48,000 for the Committee Chairmen, EUR 38,000 for the members of the Committees, and EUR 12,667 for a member of the Board of Directors belonging to the personnel of the Company. Approximately 40% of the annual remuneration will be paid as company shares.

The Annual General Meeting decided that the number of Board members shall be seven. The following current Board members were re-elected: Risto Siilasmaa, Keith Bannister, Pertti Ervi, Päivi

Rekonen and Tuomas Syrjänen. Åsa Riisberg and Robin Wikström, who belongs to the personnel of F-Secure Corporation, were elected as new members of the Board of Directors.

The Board elected Risto Siilasmaa as the Chairman of the Board. Päivi Rekonen was nominated as the Chair to the Personnel Committee and Risto Siilasmaa and Tuomas Syrjänen as members of the Personnel Committee. Pertti Ervi was nominated as the Chairman of the Audit Committee and Keith Bannister, Åsa Riisberg and Robin Wikström were nominated as members of the Audit Committee.

It was decided that the Auditor’s fee will be paid against approved invoice. PricewaterhouseCoopers Oy was elected as the Group’s auditor. APA, Mr. Janne Rajalahti acts as the responsible partner.

The Board of Directors was authorized to resolve to repurchase a maximum of 10,000,000 shares in the Company. Shares may be repurchased also otherwise than in proportion to the shareholders’ holding in the Company. The authorization to repurchase the Company’s own shares shall be valid until the conclusion of the next Annual General Meeting, in any case until no later than 30 June 2022.

The Board of Directors was authorized to decide on the issuance of a maximum of 15,879,874 shares in total through a share issue or by issuing special rights entitling to shares pursuant to chapter 10, section 1 of the Companies Act in one or several tranches. The proposed maximum number of the shares corresponds to approximately 10% of the Company’s registered number of shares. The authorization entitles the Board of Directors to decide on all terms related to the share issue as well as the issuance of options and other special rights entitling to shares. The issuance of shares may be carried out in deviation from the shareholders’ pre-emptive subscription right (directed issue). The authorization is valid until the conclusion of the next Annual General Meeting, in any case until no later than 30 June 2022.

Market overview

The growing number and variety of connected devices as well as digital services continues to create security challenges for both businesses and individuals. Combined with the increasing complexity of IT systems, tightening regulation and increasing significance of geopolitics, these trends are driving demand for security products and services. While advanced cyber-attacks are becoming more common and persistent, criminals are targeting companies of all sizes along with consumers by taking advantage of vulnerabilities in popular software, both traditional and new connected devices as well as online services. Apart from pure criminal activity, governments and hacktivists use vulnerabilities and malware for things including espionage and surveillance.

Attacks against corporations often go undetected for months. As most companies lack relevant capabilities for detection and response, it is estimated that the demand for both Endpoint Detection and Response (EDR) solutions and Managed Detection and Response (MDR) will continue to increase rapidly. The new detection and response capabilities are supplementing existing endpoint protection solutions (EPP), causing the EPP market to be in transition. Overall, as organizations are increasingly adopting cloud services, they seek managed security services and cloudbased delivery to help them maintain control of their security.

The consumer security software market continues to be impacted by the changing device landscape, app stores and online sales overall. On the whole, the number of connected smart home devices is growing very rapidly, and as a result, telecommunication operators are investing heavily in upgrading connectivity and introducing new security related services into their offerings. As consumers become increasingly aware of the threats to their privacy and security, they seek to buy more comprehensive solutions to secure their digital lives.

Outlook

F-Secure will share outlook for 2022 later when the demerger process has progressed further.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

BOARD OF DIRECTORS’ REPORT

Medium term financial targets

Medium term financial targets for consumer security business:

[Growth target: High single digit organic revenue growth]
[Profitability target: After initial growth investments, adjusted ] EBITA margin of above 42%

Medium term financial targets for corporate security business:

[Growth target: To double revenue organically by the end of ] 2025
[Profitability target: Adjusted EBITDA breakeven by the end of ] 2023 and adjusted EBITDA margin of some 20% by 2025

Board of Directors’ proposal for the distribution of profit

The company’s dividend policy is to pay approximately half of its profits as dividends. On December 31, 2021, F-Secure Oyj’s distributable funds totaled EUR 81.4 million of which net profit for the period was EUR 15.7 million. No material changes have taken place in the company’s financial position after the balance sheet date.

F-Secure’s Board of Directors proposes that no dividend will be paid for 2021 due to the planned demerger of consumer security business.

More information about the planned demerger can be found from the demerger plan, published on February 17, 2022, that is available from company’s website at www.f-secure.com.

Events after period-end

After the reporting period, in February 2022, F-Secure sold its shares in its F-Secure Cyber Security (PTY) Limited in South Africa through a local management buy-out (MBO). Impacts of the divestment to financial reporting will be disclosed in the first quarter of 2022 Interim Report.

of F-Secure Corporation has decided to pursue towards the separation of the company’s consumer security business through a partial demerger. It is planned that the consumer security business will be transferred into a new independent company to be named F-Secure Corporation to be established in connection with the demerger. The current F-Secure Corporation will carry on its corporate security business and it is planned to be renamed as WithSecure Corporation. The planned completion date is June 30, 2022. The trading in the new consumer security company’s shares on Nasdaq Helsinki is expected to commence on July 1, 2022 or as soon as possible thereafter.

Helsinki, 16 February 2022

F-Secure Corporation Board of Directors

Risto Siilasmaa

Pertti Ervi

Päivi Rekonen

Tuomas Syrjänen

Keith Bannister

Åsa Riisberg

Robin Wikström

President and CEO Juhani Hintikka

On February 17, 2022, F-Secure announced the outcome of the strategic review and evaluation of different strategic options for company’s consumer security business. The Board of Directors

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

KEY FIGURES

F-Secure has applied new IFRS16 standard from January 1, 2019 onwards with modified approach and comparatives are not restated. IFRS 15 and IFRS 9 standards have been applied from January 1, 2018 onwards and 2017 financials are restated retrospectively.

==> picture [740 x 257] intentionally omitted <==

----- Start of picture text -----

IFRS IFRS IFRS IFRS IFRS IFRS IFRS IFRS IFRS IFRS
Economic indicators 2021 2020 2019 2018 2017 Key ratios 2021 2020 2019 2018 2017
Revenue (MEUR) 236.3 220.2 217.3 190.7 169.8 Earnings / share (EUR) 0.08 0.08 0.02 0.01 0.07
Revenue growth % 7% 1% 14% 12% 7% Earnings / share (EUR) continuing
operations 0.08 0.08 0.02 0.01 0.07
EBIT (MEUR) 17.7 19.7 7.2 4.5 11.5
% of revenue 7.5% 8.9% 3.3% 2.4% 6.8% Earnings / share diluted 0.08 0.08 0.02 0.01 0.07
Earnings / share diluted continuing
Result before taxes 17.4 16.5 4.2 1.7 12.4
operations 0.08 0.08 0.02 0.01 0.07
% of revenue 7.4% 7.5% 2.0% 0.9% 7.3% Shareholders' equity per share 0.60 0.52 0.48 0.42 0.45
ROE (%) 14.3% 16.2% 4.7% 1.2% 15.0% Dividend per share * 0.00 0.04 0.00 0.00 0.04
ROI (%) 15.6% 18.5% 4.5% 7.9% 20.0% Dividend per earnings (%) 0.0% 50.0% 0.0% 0.0% 57.1%
Equity ratio (%) 59.5% 52.5% 49.0% 42.7% 61.9% Effective dividends (%) 0.0% 1.0% 0.0% 0.0% 1.0%
Investments (MEUR) 12.7 14.3 12.8 99.8 9.3 P/E ratio 62.0 47.1 142.7 431.4 55.2
% of revenue 5.4% 6.5% 5.9% 52.3% 5.5%
Share price, lowest (EUR) 3.66 2.04 2.19 2.18 3.17
R&D costs (MEUR) 46.6 41.9 39.6 35.7 34.1 Share price, highest (EUR) 5.53 4.14 3.40 4.24 4.84
% of revenue 19.7% 19.0% 18.2% 18.7% 20.1% Share price, average (EUR) 4.39 3.10 2.68 3.03 3.94
Capitalized development (MEUR) 5.6 5.5 6.2 4.7 3.9 Share price Dec 31 4.97 3.84 3.05 2.32 3.89
Gearing % –25.8% –14.1% 20.8% 13.9% –127.8% Market capitalization (MEUR) 786.4 606.7 483.5 367.6 617.7
Wages and salaries (MEUR) 109.5 103.7 104.4 84.9 70.1 Trading volume (millions) 20.2 22.8 26.5 33.7 27.8
Personnel on average 1,678 1,691 1,701 1,364 1,067 Trading volume (%) 12.7% 14.3% 16.7% 21.2% 17.5%
Personnel on Dec 31 1,656 1,678 1,696 1,666 1,104
Board proposal
----- End of picture text -----*

Board proposal

Turnover and average share price per month 2021

					IFRS 2017 156,502,983 156,502,983 158,798,739 158,798,739
Adjusted number of shares	IFRS 2021	IFRS 2020 158,082,324 158,082,324 158,798,739 158,798,739	IFRS 2019	IFRS 2018	IFRS 2017
average duringtheperiod average duringtheperiod, diluted Dec 31 Dec 31, diluted	158,354,073		157,719,368 157,719,368 158,798,739 158,798,739	157,224,137 157,224,137 158,798,739 158,798,739	156,502,983 156,502,983 158,798,739 158,798,739
	158,354,073
	158,798,739
	158,798,739

==> picture [217 x 144] intentionally omitted <==

----- Start of picture text -----

million EUR
14 7
12 6
10 5
8 4
6 3
4 2
2 1
0 0
01 02 03 04 05 06 07 08 09 10 11 12
● Turnover EUR ● Average price
----- End of picture text -----

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

CALCULATION OF KEY RATIOS

Equity ratio, %
ROI, %
ROE, %
Gearing, %
Earnings per share, EUR
Shareholders’ equity
per share, EUR
P/E ratio
Dividend per earnings, %
Efective dividends, %
Operating expenses
EBITDA
EBITA

Total equity
� 100
Total assets – advance payments received
Result before taxes + fnancial expenses
� 100
Total assets – non-interest bearing liabilities (average)
Result for theperiod
� 100
Total equity (average)
Interest bearingliabilities – cash and bank and fnancial asset throughproft and loss
� 100
Total equity
Proft attributable to equityholders of the company
Weighted average number of outstanding shares
Equityattributable to equityholders of the company
Number of outstanding shares at the end of period
Closing price of the share, end ofperiod
Earnings per share
Dividendper share
� 100
Earnings per share
Dividendper share
� 100
Closing price of the share, end of period
Sales and marketing, research and development and administration costs
EBIT + depreciation, amortization and impairment
EBIT + amortization and impairment

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

Reconciliation between adjusted EBITDA, EBITDA, adjusted EBIT and EBIT

==> picture [364 x 241] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 Consolidated 2021 Consolidated 2020
Adjusted EBITDA 36.5 35.7
Adjustments to EBITDA
Gains and losses from sales of businesses 0.5
Costs related to strategic review –4.3
Costs related to restructuring 0.0
EBITDA 32.8 35.7
Depreciation, amortization and impairment losses –15.1 –16.0
EBIT 17.7 19.7
Adjusted EBIT 25.3 22.9
Adjustments to EBIT
Gains and losses from sales of businesses 0.5
Costs related to strategic review –4.3
PPA amortization –2.8 –3.2
Impairment –1.0
Costs related to restructuring 0.0
EBIT 17.7 19.7
----- End of picture text -----

Classification of adjusted costs in operating expenses

==> picture [742 x 175] intentionally omitted <==

----- Start of picture text -----

Operating Expenses
Operating Expenses Costs related to Expenses for for Adjusted EBITDA
2021 strategic review adjusted EBIT Depreciation Impairment PPA amortization 2021
Sales and marketing –99.2 –99.2 5.3 –93.9
Research and development –46.6 –46.6 5.2 –41.4
Administration –25.0 4.3 –20.7 0.7 1.0 2.8 –16.2
Operating expenses –170.8 4.3 –166.5 11.2 1.0 2.8 –151.5
Operating Expenses
Operating Expenses Costs related to Expenses for for Adjusted EBITDA
2020 restructuring adjusted EBIT Depreciation Impairment PPA amortization 2020
Sales and marketing –95.6 –95.6 6.2 –89.4
Research and development –41.8 –41.8 5.9 –35.9
Administration –17.1 0.0 –17.1 0.8 3.2 –13.2
Operating expenses –154.5 0.0 –154.5 12.9 3.2 –138.5
----- End of picture text -----

F-Secure 2021 Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

Shares and shareholders

Shares and share ownership distribution, 31 Dec 2021

==> picture [364 x 215] intentionally omitted <==

----- Start of picture text -----

Number of % of
Shares shareholders shareholders Total shares % of shares
1–100 8,579 30.50% 392,390 0.25%
101–1,000 15,458 54.95% 5,657,028 3.56%
1,001–50,000 4,019 14.29% 15,417,243 9.71%
50,001–100,000 28 0.10% 2,013,090 1.27%
100,001– 48 0.17% 135,318,988 85.21%
Total 28,132 100.00% 158,798,739 100.00%
Shareholders by category, 31 Dec 2021 Total shares % of shares
Corporations 4,242,598 2.67%
Financial and insurance institutions 48,786,237 30.72%
General government 16,624,370 10.47%
Non-profit organizations 1,021,796 0.64%
Households 82,701,968 52.08%
Other countries and international organizations 5,421,770 3.41%
Total 158,798,739 100.00%
----- End of picture text -----

Largest shareholders and administrative register

g g
Owner	Shares	% of shares	% of votes
Risto Siilasmaa Skandinaviska Enskilda Banken AB Nordea Nordic Small CapFund Mandatum Life Insurance Company Citibank Europe Plc Ilmarinen Mutual Pension Insurance Company Elo Mutual Pension Insurance Company The State Pension Fund Varma Mutual Pension Insurance Company Nordea Finnish Stars Fund Kaleva Mutual Insurance Company	60,011,037 19,967,015 10,557,976 6,932,171 4,277,379 4,167,860 3,998,047 3,500,000 3,470,660 2,747,964 1,836,073	37.79% 12.57% 6.65% 4.37% 2.69% 2.62% 2.52% 2.20% 2.19% 1.73% 1.16%	37.89%
			12.61%
			6.67%
			4.38%
			2.70%
			2.63%
			2.52%
			2.21%
			2.19%
			1.73%
			1.16%


Administrative register Skandinaviska Enskilda Banken AB Citibank Europe Plc Other registers Other shareholders Total Own shares F-Secure Corporation Total	Shares 19,967,015 4,277,379 1,238,997 35,682,202 158,387,381 411,358 158,798,739	% of shares 12.57% 2.69% 0.78% 22.47% 99.74% 0.26% 100.00%	% of votes
			12.61% 2.70% 0.78% 22.53%
			100.00%

Ownership of management

Ownership of management

Board of Directors	Shares	% of shares
Risto Siilasmaa	60,011,037	37.79%
Pertti Ervi	67,721	0.04%
Tuomas Syrjänen	25,422	0.02%
Päivi Rekonen	23,538	0.01%
Keith Bannister	9,267	0.01%
Åsa Riisberg	3,800	0.00%
Robin Wikström	1,926	0.00%
Total	60,142,711	37.87%


Executive team	Shares	% of shares
Juha Kivikoski	15,854	0.01%
Timo Laaksonen	7,250	0.00%
Edward Parsons	6,998	0.00%
Christine Bejerasco	2,930	0.00%
Antti Koskela	2,500	0.00%
Tiina Sarhimaa	2,250	0.00%
Juhani Hintikka
Tom Jansson
Ari Vänttinen
Tim Orchard
Charlotte Guillou
Total	37,782	0.02%
Ownershi of manaement

Ownership of management

The Board of Directors owned a total of 60,142,711 shares on December 31, 2021. This represents 37.9 percent of the Company’s shares and 38.0 percent of votes.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

STATEMENT OF COMPREHENSIVE INCOME JAN 1–DEC 31, 2021

==> picture [533 x 400] intentionally omitted <==

----- Start of picture text -----

Consolidated, Consolidated,
EUR 1,000 Note IFRS 2021 IFRS 2020
REVENUE (2) 236,265 220,204
Cost of revenue (6) –50,551 –47,996
GROSS MARGIN 185,714 172,208
Other operating income (3) 2,791 2,108
Sales and marketing (4, 5, 6) –99,215 –95,625
Research and development (4, 5, 6) –46,599 –41,891
Administration (4, 5, 6) –24,984 –17,120
EBIT 17,707 19,680
Financial income (8) 1,473 2,443
Financial expenses (8) –1,751 –5,666
PROFIT (LOSS) BEFORE TAXES 17,429 16,457
Income tax (9) –4,726 –3,581
RESULT FOR THE FINANCIAL YEAR 12,703 12,875
Other comprehensive income
Exchange difference on translation of foreign operations 3,992 –7,361
COMPREHENSIVE INCOME FOR THE YEAR 16,695 5,514
Result of the financial year is attributable to:
Equity holders of the parent 12,703 12,875
Comprehensive income for the year is attributable to:
Equity holders of the parent 16,695 5,514
Earnings per share
– basic and diluted (10) 0.08 0.08
----- End of picture text -----

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

STATEMENT OF FINANCIAL POSITION DEC 31, 2021

==> picture [742 x 349] intentionally omitted <==

----- Start of picture text -----

Consolidated, Consolidated, Consolidated, Consolidated,
EUR 1,000 Note IFRS 2021 IFRS 2020 EUR 1,000 Note IFRS 2021 IFRS 2020
ASSETS SHAREHOLDERS’ EQUITY AND LIABILITIES
NON-CURRENT ASSETS SHAREHOLDERS’ EQUITY (17)
Tangible assets (4, 13) 12,712 14,064 Share capital 1,551 1,551
Intangible assets (13) 33,034 34,016 Share premium 165 165
Goodwill (11, 12, 13) 85,143 81,944 Treasury shares –849 –1,288
Deferred tax assets (21) 4,124 3,954 Translation differences –124 –4,116
Other receivables (16) 1,860 579 Reserve for invested unrestricted equity 6,789 6,464
Total non-current assets 136,874 134,557 Retained earnings 87,831 79,554
Equity attributable to equity holders of the parent 95,363 82,330
CURRENT ASSETS
Inventories (14) 51 74 NON-CURRENT LIABILITIES
Accrued income (16) 4,714 3,398 Interest bearing liabilities, non-current (4, 19, 20) 17,577 23,929
Trade and other receivables (15, 16) 49,856 47,462 Deferred tax liabilities (21) 1,880 1,294
Income tax receivables (16) 1,740 872 Other non-current liabilities (22) 26,335 25,338
Financial asset at FVTPL (15) 61 61 Total non-current liabilities 45,792 50,560
Cash and bank accounts (15, 20) 52,940 51,380
Total current assets 109,361 103,246 CURRENT LIABILITIES
Interest bearing liabilities, current (4, 19, 20) 10,824 15,937
TOTAL ASSETS 246,235 237,803 Trade and other payables (20, 22) 29,990 26,088
Income tax liabilities (22) 4,182 5,656
Other current liabilities (22) 60,084 57,232
Total current liabilities 105,080 104,913
TOTAL SHAREHOLDERS’ EQUITY AND LIABILITIES 246,235 237,803
----- End of picture text -----

F-Secure 2021 Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

STATEMENT OF CASH FLOWS JAN 1–DEC 31, 2021

==> picture [742 x 393] intentionally omitted <==

----- Start of picture text -----

Consolidated, Consolidated, Consolidated, Consolidated,
EUR 1,000 IFRS 2021 IFRS 2020 EUR 1,000 IFRS 2021 IFRS 2020
Cash flow from operations Cash flow from investments
Result for the financial year 12,703 12,875 Investments in intangible and tangible assets –6,569 –8,139
Adjustments Proceeds from sale of intangible and tangible
assets 433 238
Depreciation and amortization 15,066 16,020
Other investments 0 6
Profit / loss on sale of fixed assets 142 58
Other adjustments 2,504 1,783 Acquisition of subsidiaries, net of cash acquired –3,681
Financial income and expenses 278 3,224
Cash flow from investments –6,135 –11,575
Income taxes 4,726 3,581
Cash flow from operations before change in
working capital 35,420 37,542 Cash flow from financing activities
Proceeds from interest-bearing liabilities 10,000
Change in net working capital Repayments of interest-bearing liabilities –11,000 –11,000
Current receivables, increase (–), Repayments of lease liabilities –5,963 –7,251
decrease (+) –4,138 6,164
Dividends paid –6,334
Inventories, increase (–), decrease (+) 23 33
Cash flow from financing activities –23,298 –8,251
Non-interest bearing debt, increase (+),
decrease (–) 7,371 5,069
Provisions, increase (+), decrease (–) –500 Change in cash 1,309 26,854
Cash flow from operations before financial items Cash and bank at the beginning of the period 51,380 25,427
and taxes 38,675 48,307
Effects of exchange rate changes 252 –902
Interest expenses paid –451 –536
Interest income received 11 –4
Cash and bank at period end 52,940 51,380
Other financial income and expenses –843 –1,017
Income taxes paid –6,652 –70
Cash flow from operations 30,741 46,680
----- End of picture text -----

F-Secure 2021 Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

STATEMENT OF CHANGES IN EQUITY

Attributable to the equity holders of the parent

==> picture [739 x 192] intentionally omitted <==

----- Start of picture text -----

Share premium Translation Unrestricted
EUR 1,000 IFRS Share capital fund Treasury shares differences equity reserve Retained earnings Total equity
Equity December 31, 2019 1,551 165 –2,141 3,245 6,172 67,166 76,158
Result of the financial year 12,875 12,875
Translation difference –7,361 –7,361
Total comprehensive income for the year –7,361 0 12,875 5,514
Cost of share based payments 853 291 –486 659
Equity December 31, 2020 1,551 165 –1,288 –4,116 6,464 79,554 82,330
Result of the financial year 12,703 12,703
Translation difference 3,992 3,992
Total comprehensive income for the year 3,992 12,703 16,695
Dividends –6,334 –6,334
Cost of share based payments 439 325 1,913 2,678
Equity December 31, 2021 1,551 165 –849 –124 6,789 87,831 95,363
----- End of picture text -----

More information in note 17. Shareholders’ equity

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

NOTES TO THE FINANCIAL STATEMENTS

ACCOUNTING PRINCIPLES FOR THE CONSOLIDATED FINANCIAL STATEMENTS

Basic information

F-Secure provides cyber security products and services globally for consumers and businesses.

The parent company of the Group is F-Secure Corporation incorporated in Finland and domiciled in Helsinki. Company’s registered address is Tammasaarenkatu 7, 00180 Helsinki. A copy of consolidated financial statements can be downloaded on www.f-secure.com or can be received from the parent company’s registered address.

These financial statements were authorized for issue by the Board of Directors on 16 February 2022. According to the Finnish Companies Act, the Annual General Meeting can confirm or reject the consolidated financial statements after publication. The Annual General Meeting can also decide to change the financial statements.

ACCOUNTING PRINCIPLES

The consolidated financial statements of F-Secure Corporation of 2021 have been prepared in accordance with International Financial Reporting Standards (IFRS), applying the IAS and IFRS standards as well as SIC and IFRIC interpretations that were in force and had been approved by the EU by 31 December 2021.

Principles of consolidation

The consolidated financial statements incorporate the financial statements of F-Secure Corporation and entities controlled by F-Secure Corporation. Consolidation is done using the acquisition method and begins when control over the subsidiary is obtained. The consolidation stops when the control ceases. The Group does not have any associated companies nor is there any non-controlling interest in the Group.

All intra-group transactions and balances, including unrealized profits arising from intra-group transactions, have been eliminated on consolidation. Where necessary, accounting policies of the

subsidiaries have been adjusted to ensure consistency with the policies adopted by the Group.

Transactions in foreign currency

The consolidated financial statements are presented in euros, which is F-Secure Corporation’s functional currency. At each reporting date for the purpose of presenting consolidated financial statements the income statements of foreign Group companies are translated at the average exchange rates for the reporting period and the balance sheets are translated using the European Central Bank’s exchange rates prevailing on the reporting date. Translation differences are recognized in shareholders’ equity and the change in other comprehensive income.

Foreign currency transactions are translated using the exchange rates prevailing at the dates of the transactions. On the reporting date, assets and liabilities denominated in foreign currencies are translated using the European Central Bank’s exchange rates prevailing at that date. Exchange rate gains and losses are recognized in financial items in the income statement.

New and amended IFRS Standards that are effective for 2021

During 2021 there were no changes in the Group’s accounting principles.

COVID-19 impacts on financial reporting during 2021

During 2021 COVID-19 pandemic has continued to impact F-Secure’s financial reporting by increasing the amount of management judgment related to certain items in the financial statements. Operationally, COVID-19 impacted the business less than in 2020 as the Group has managed to adopt new ways of working and delivering services.

During 2021 management has continued to regularly monitor any indications of goodwill impairment. During the financial year such indications have not been identified, and thus only annual

impairment testings have been carried out at the end of the year. Testings did not result in impairment bookings.

According to management’s assessment COVID-19 may have an impact on the liquidity of the Group’s customers in short and longer term. In 2020, the expected credit losses according to IFRS 9 were reassessed to include the increased risk caused by the pandemic. No significant risks realized during 2020, but the prolonging of the pandemic can still impact customers’ liquidity. Therefore, the potential impacts of the pandemic have been reassessed for 2021 and a slight risk element in the provision for expected credit losses has been maintained.

In 2020 COVID-19 temporarily impacted the Group’s cyber security consulting business’ profitability in certain locations. At year end 2020 the management assessed the Group’s capability to utilize the taxable losses generated in these locations according to IAS 12 and deferred tax assets were booked accordingly. During 2021 the Group has been able to utilize these losses against the profits generated during the financial year. No new losses in consulting locations due to the pandemic have occurred.

Group’s financing agreement includes a committed revolving credit facility (RCF) of EUR 23,000 thousand. At the end of previous financial year, the Group had EUR 5,000 thousand withdrawn from the RCF. The cash position has remained solid during 2021, and the RCF was fully repaid during the first quarter of 2021.

Management judgment on significant accounting principles and use of estimates

The preparation of consolidated financial statements requires the use of estimates and assumptions as well as the use of judgment when applying accounting principles. These affect the contents of the financial statements and it is possible that actual results may differ from estimates.

Estimates made in connection with the preparation of financial statements are based on management’s best knowledge at the reporting date. Estimates build upon past experience as well as assumptions of the future development of the economic

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

environment of the Group. Revisions in estimates and assumptions are recognized in the period they occur and in future periods if the revision affects both current and future periods.

Key sources where estimation uncertainty arises at the reporting date are:

Impairment testing: Recoverable amount of goodwill from acquisitions is based on estimated future cash flows which are subject to management judgment.
In addition to goodwill the intangible assets that are not yet ready for use (EUR 2.7 million) are tested annually for impairment. The recoverable amount of these assets is based on estimated future cash flows from sales and/or use of the asset.
Deferred tax assets from tax losses: The Group has recognized deferred tax assets from tax losses. Biggest losses are in the UK where the deferred tax asset is EUR 2.5 million The amount of deferred tax assets is based on management estimation about future profits and the recoverability of these tax losses.

– Expected credit losses: Provision for expected credit losses in Group’s balance sheet is EUR 2.1 million. Managements has used judgment in defining potential impacts of the COVID-19 pandemic on expected credit losses and provision has been adjusted accordingly.

Share-based payments: The Group’s share-based incentives programs are mainly tied to market based conditions. Management uses external valuations in determining the fair value of the shares granted under these incentive programs. The method for the valuation is Monte Carlo Simulation.
Deferred consideration sales of UK public sector consulting team: The sales price of the UK public sector consulting team divested in December 2021 includes a deferred consideration which is measured at discounted fair value on each reporting date. Management judgment is used to forecast the future performance of the divested business which is the basis for determining the deferred consideration.

Revenue recognition

Revenue is derived from corporate and consumer businesses. Corporate security business revenue includes cyber security products, managed services, and cyber security consulting. Cyber security products comprise endpoint protection solutions (F-Secure Elements Endpoint Protection, F-Secure Business Suite, F-Secure Cloud Protection for Salesforce, F-Secure Elements for Microsoft Office 365), as well as solutions targeted at detecting and responding to advanced attacks (F-Secure Elements Endpoint Detection and Response and F-Secure Countercept) and vulnerability management (F-Secure Elements Vulnerability Management and phishd). Consumer security business revenue comes through operator and direct consumer channels, and the main products include F-Secure SAFE, F-Secure FREEDOME, F-Secure SENSE, F-Secure KEY and F-Secure ID PROTECTION.

Endpoint protection solutions and vulnerability management products

Endpoint protection security solutions (F-Secure Elements Endpoint Protection, F-Secure Business Suite, F-Secure Elements Endpoint Detection and Response, F-Secure Cloud Protection for Salesforce and F-Secure Elements for Microsoft Office 365) are sold to corporate customers by granting the customer access to use the intellectual property during the license period or as Security-as-a-Service. F-Secure delivers the product and provides continuous automated updates against new threats. The software and the accompanied services are highly interdependent and therefore treated as one performance obligation for which revenue is recognized over time on a straight-line basis for the license period.

Consumer customer products and vulnerability management products for corporate customers (F-Secure Elements Vulnerability Management and phishd) are treated as Security-asa-Service as they do not include a license of intellectual property. Revenue is accounted for as a single performance obligation and recognized over time on a straight-line basis for the contract period.

When there is a hardware component to the solution (F-Secure SENSE) the hardware is considered as a distinct performance obligation and revenue for hardware is recognized separately at point in time of delivery.

Cyber security consulting services and managed detection and response solutions

Cyber security consulting services are recognized as revenue based on the delivery of the work. For F-Secure managed detection and response solution (F-Secure Countercept) the software and the service are considered as single performance obligation. The customer is granted access to use the intellectual property and the service is provided by F-Secure continuously throughout the contract period. Revenue for managed services is recognized on a straight-line basis for the contract period.

Presenting of receivables and liabilities from contracts with customers

Receivables from contracts with customers are presented in the balance sheet as Accrued income. Liabilities from contracts with customers are presented in the balance sheet as Deferred revenue and included in Total non-current liabilities or Total current liabilities depending on the duration of the liability.

Pensions

All of F-Secure Group’s pension arrangements are defined contribution plans in accordance with local statutory requirements. Contributions to defined contribution plans are recognized in the income statement in the period to which the contributions relate.

Leases

Leases which meet with IFRS 16 requirements are booked to balance sheet as right-of-use asset with corresponding lease liability. Right-of-use assets and lease liabilities are initially valued at the present value of the remaining lease payments. Incremental borrowing rate is applied in discounting the remaining payments. F-Secure’s incremental borrowing rate varies between 2.45% and

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

9.15% depending on the geographical location of the leased asset, lease period and guarantees.

F-Secure’s right-of-use assets comprise of rented ofce premises and leased cars. Short-term contracts (remaining contract period 12 months or less) and low value assets are excluded from leases and lease expense is recognized on a straight-line basis as permitted by IFRS 16.

Lease contracts for the Group’s ofce premises are typically made for fxed periods of 3 to 6 years and they may contain extension options. Each ofce lease contract is negotiated individually and the contracts may contain wide range of diferent terms and conditions. Some of Group’s ofce premises are leased with on-going contracts where the ending date is not defned. The management assesses the probable duration for these contracts case-by-case and the lease liability is calculated accordingly. Changes to the estimates are accounted for at each reporting date. Estimated duration for on-going contracts vary between 3 to 5 years and the total liability from on-going contracts is EUR 3.0 million.

In measuring the present value of the liabilities arising from leases any service related fees are excluded from the lease payment. The Group’s lease contracts do not contain residual value guarantees or purchase options.

Income taxes

The income tax expense in income statement represents the sum of current taxes and deferred taxes. Current taxes are calculated on the taxable income for all Group companies in accordance with the local tax rules. Deferred taxes, resulting from temporary diferences between the fnancial statement and the income tax basis of assets and liabilities, use the enacted tax rates in efect in the years in which the diferences are expected to reverse. Deferred tax assets are recognized to the extent that it is probable that future taxable proft will be available. Deferred tax liabilities are recognized for all temporary diferences.

Deferred tax assets and liabilities are ofset when there is a legally enforceable right to set of f current tax assets against current tax liabilities and when they relate to the same taxation authority and the Group intends to settle the assets and liabilities on a net basis.

Business combinations

Acquisition method is used for accounting the acquisitions of businesses. The consideration transferred in a business combination is measured at fair value, which is calculated as the sum of the acquisition-date fair values of assets transferred by the Group and liabilities incurred by the Group to the former owners of the acquiree. Contingent considerations related to business combinations are measured at fair value at acquisition date and included as part of the consideration transferred. Costs related to the acquisition are recognized in proft and loss statement.

The identifable assets acquired and the liabilities assumed are recognized at fair value at the acquisition date except for deferred tax assets or liabilities which are measured in accordance with IAS 12 Income taxes. Goodwill is measured as the excess of the transferred consideration over the net amount of the acquired identifable assets and assumed liabilities.

Changes in fair value of the contingent consideration that do not arise within one year from the acquisition from facts and circumstances that existed at the acquisition date are recognized in proft or loss.

Goodwill

Goodwill is initially recognized and measured in business combinations as set out above. Goodwill is not amortized but is instead tested for impairment at least annually and whenever there is an indication that it may be impaired. For the purpose of impairment testing goodwill has been allocated to cash generating units expected to beneft from the synergies of the combination. If the recoverable amount of the cash generating unit is less than the carrying amount of the unit, the impairment loss is allocated frst to reduce the carrying amount of any goodwill allocated to the unit and then to the other assets of the unit. If an impairment loss

for goodwill is recognized it will not be reversed in the subsequent periods. Goodwill is recorded at historical cost less accumulated impairment losses.

INTANGIBLE ASSETS

Research and development expenditure

Research expenditure is recognized as an expense at the time it is incurred. Development expenditure on new products or product versions with signifcant new features are recognized as intangible assets when they fulfll the requirements set out in IAS 38. Amortization is recorded on a straight-line basis over the estimated useful life, which is 3–8 years for these assets.

Intangible assets acquired in business combinations

Intangible assets acquired in business combinations and recognized separately from goodwill are initially recognized at fair value on the acquisition date. Subsequent to initial recognition these assets are reported at initial value less accumulated amortization and accumulated impairment losses.

Intangible assets acquired in business combinations include technology, trademarks and customer relationships, which all have a fnite useful life. Initial valuation for technology and trademarks is done based on Relief from royalty method and for customer relationships based on Excess earnings method. The estimated useful lives for intangible assets acquired in business combinations are:

Technology 10 years Trademark 2 years Customer relationships 6–10 years

Other intangible assets

Other intangible assets include intangible rights and software licenses, all with a fnite useful life. Other intangible assets are recorded at historical cost less accumulated amortization and possible impairment. Amortization is recorded on a straight-line

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

basis over the estimated useful life of an asset. The estimated useful lives of other intangible assets are as follows:

Intangible rights 3–8 years Other intangible assets 5–10 years

Tangible assets

Tangible assets are recorded at historical cost less accumulated depreciation and possible impairment. Depreciation is recorded on a straight-line basis over the estimated useful life of an asset. The estimated useful lives of tangible assets are as follows:

Machinery and equipment 3–8 years Other tangible assets 5–10 years

Other tangible assets include renovation costs of rented office space.

Gains or losses on disposal of tangible assets are shown in other operating income or expense.

Impairment of assets

At each reporting date, the Group assesses whether there is any indication that an asset may be impaired. Where an indicator of impairment exists, the Group makes a formal estimate of recoverable amount. The recoverable amount of goodwill and intangible assets that are not ready for use are estimated annually for regardless of whether any indication of impairment exists.

Where the carrying amount of an asset exceeds its recoverable amount the asset is considered impaired and the carrying amount is reduced to its recoverable amount. The recoverable amount is the fair value of an asset less costs of disposal or value in use, whichever is higher. An impairment loss is recorded in the income statement.

A previously recognized impairment loss is reversed only if there has been a change in the estimates used to determine the asset’s recoverable amount since the last impairment loss was recognized. The maximum reversal of an impairment loss amounts to no more than the carrying amount of the asset if no impairment loss had

been recognized, net of depreciation. Impairment losses relating to goodwill cannot be reversed in future periods.

Inventories

Inventories are valued at the lower of cost and net realizable value. Cost is determined by first-in first-out method. Net realizable value is the estimated selling price that is obtainable, less estimated costs of completion and the estimated costs necessary to make the sale.

FINANCIAL INSTRUMENTS

Financial assets

Financial assets are originally valued at fair value. Trade receivables are originally valued with transaction price and later with amortized cost reduced by expected credit loss for trade receivable. Trade receivables and other receivables are written off from the balance sheet as the rights to associated cash flows end or become transferred to the counterpart. An expected credit loss is recognized for trade receivables according to IFRS 9. The amount of expected credit loss is updated at each reporting date to reflect changes in credit risk since initial recognition of the respective financial instrument. The expected credit loss is estimated using a provision matrix where trade receivables are grouped based on historical credit loss experience and characteristics that depict the credit risk of receivables (e.g. geographical area and days past due).

Financial liabilities

F-Secure classifies loans from financial institutions, trade payables and other payables as other financial liabilities which are measured at amortized cost. Transaction costs, such as arrangement fees, are deferred over the maturity of the liability. Contingent considerations arising from acquisitions are classified as financial liabilities measured at fair value and changes in fair value are accounted through profit and loss. Contingent considerations are measured at fair value at the end of each reporting period. Financial liabilities are classified as current unless F-Secure has

unconditional right to postpone their repayment by at least 12 months from the end date of the reporting period.

Derivative financial instruments and hedging

The Group uses derivative financial instruments such as forward currency contracts to hedge its risks associated with foreign currency fluctuations. Derivatives are valued at fair value. The fair value of forward currency contracts is calculated based on current forward exchange rates at the reporting date for contracts with similar maturity profiles. The gains and losses arising from the change of fair value are booked through the income statement as the Group does apply hedge accounting.

Provisions

Provisions are recognized when the Group has a present obligation (legal or constructive) as a result of a past event, the outflow of resources is probable, and a reliable estimate of the amount of the obligation can be made. The amount recognized is a best estimate of the consideration required to settle the obligation at each reporting date. Risks and uncertainties are taken into account when making the estimate.

Treasury shares

Parent company has acquired treasury shares in 2008–2011. The purchase price of the shares has been deducted from equity.

Share-based payment transactions

F-Secure provides incentives to employees in the form of equity-settled share-based instruments. Currently the Company has share-based programs.

F-Secure’s share-based incentive programs are targeted to the Group’s key personnel. The programs are divided into equitysettled and cash-settled part. The equity-settled part is valued at fair value at grant date, and the expense is recognized evenly in the income statement over the vesting period with the counter-entry in retained earnings. In incentive programs with performance based conditions the fair value is determined using the market

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

value of the share of F-Secure Corporation. In programs with market based conditions the fair value is determined by utilizing commonly used valuation techniques. The cash-settled part is initially valued at fair value at grant date. At each reporting date the cash-settled part is revalued to fair value and the expense is recognized in the income statement over the vesting period with the counter-entry in liabilities. The cumulative expense recognized at grant date is based on the Group’s estimate of the number of shares that will ultimately vest at the end of the vesting period. If a person leaves the company before vesting, the reward is forfeited. The Group updates its estimate of the ultimate number of shares at each reporting date. These changes in the estimate are recorded in the income statement.

Presentation of expenses

Classification of the functionally presented expenses has been made by presenting direct expenses in their respective functions and by allocating other expenses to operations on the basis of average headcount in each function.

Operating result

IAS 1 Presentation of Financial Statements standard does not define the concept of Earnings before interest and taxes (EBIT). The Group has defined it as follows: EBIT is the net amount, which consists of revenue and other operating income less cost of revenue which is adjusted for changes in inventories, employee benefit costs, depreciation and amortization, possible impairment losses, and other operating expenses.

New standards and interpretations not yet effective

New or amended standards or interpretations are not expected to have an impact on the consolidated financial statements.

F-Secure 2021 Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

1. SEGMENT INFORMATION

The Group has one segment, data security. Segment reporting is consistent with the internal reporting submitted to the chief operating decision-maker. The Leadership Team has been appointed the chief operating decision-maker, responsible for allocating resources and assessing performance as well as making strategic decisions. For the geographical information revenue is presented based on the location of the customer and the long-term assets based on the location of the assets.

Geographical information

Geographical information about revenue is presented in note 2.

==> picture [364 x 98] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 Consolidated 2021 Consolidated 2020
Long-term assets
Nordic countries 34,506 31,907
Europe excl. Nordics 67,785 67,063
North America 1,308 902
Rest of world 33,276 34,685
Total 136,874 134,557
----- End of picture text -----

2. REVENUE

Principles of revenue recognition are stated in accounting principles to consolidated financial statements, section Revenue recognition.

Disaggregation of revenue

==> picture [364 x 111] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 Consolidated 2021 Consolidated 2020
Sales channels
Revenue from external customers
Consumer security 106,250 100,106
Corporate security 130,015 120,098
Products 82,773 74,279
Services 47,242 45,819
Total 236,265 220,204
----- End of picture text -----

Geographical information

Geographical information
Revenue from external customers Nordic countries Europe excl. Nordics North America Rest of world		70,948 98,893 23,242 27,121
	77,144
	104,794
	24,576
	29,751
Total	236,265	220,204

Assets and liabilities from contracts with customers

Satisfied performance obligations from contracts with customers that have not yet been invoiced on the reporting date are presented in the balance sheet as Accrued income included in trade and other receivables. The balances relate to products and services which have been delivered to the customers and recognized as revenue but not invoiced. Liabilities from contracts with customers are presented in the balance sheet as Deferred revenue and included in Total non-current liabilities or Total current liabilities depending on the duration of the liability. Prior year current deferred revenue is recognized as revenue in current period.Remaining performance obligations from contracts with customers represent contracted revenue that has not yet been recognized. These balances are presented as Deferred revenue and relate to obligations to provide software subscription services or managed services in contracts with a duration of multiple years.

==> picture [363 x 60] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 Consolidated 2021 Consolidated 2020
Accrued income 4,714 3,398
Deferred revenue, non-current 25,988 23,788
Deferred revenue, current 60,084 57,232
----- End of picture text -----

Increases in deferred revenue resulting from billing were EUR 62,285 thousand. Decreases in deferred revenue resulting from satisfying performance obligations were EUR 57,232 thousand.

3. OTHER OPERATING INCOME

3. OTHER OPERATING INCOME

EUR 1,000	Consolidated 2021	Consolidated 2020
Capitalgains from sales of operations Governmentgrants Rental revenue Other	540	1,896 18 194
	1,760

	491
Total	2,791	2,108

Capital gains from sales of operations include gain from divestment of UK public sector consulting team. Government grants are recognized as income over those periods in which the corresponding expenses arise. During 2020 and 2021 government grants have been slightly higher in certain locations where goverments have taken measures to support the local businesses under pandemic.

Other operating income includes e.g. gain on sale of fixed assets and rent income.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

4. LEASES

5. DEPRECIATION, AMORTIZATION, AND IMPAIRMENT

==> picture [739 x 293] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 Consolidated 2021 Consolidated 2020 EUR 1,000 Consolidated 2021 Consolidated 2020
Decrease in Cost of Revenue 41 197 Depreciation and amortization of non-current assets
Decrease in operating expenses (lease expenses) 6,207 6,628 Other intangible assets –1,368 –1,945
Increase in right-of-use asset depreciation –6,022 –6,536 Capitalized development –4,723 –4,992
Increase in EBIT 227 288 Intangible assets –6,091 –6,937
Increase in financial expenses –279 –324
Profit / Loss for the period 52 –36 Machinery and equipment –1,398 –1,627
Right of use assets –6,022 –6,536
Short-term leases booked as rent expense 180 205 Other tangible assets –538 –659
Tangible assets –7,958 –8,823
Right of use assets and liabilities
Right of use assets Impairment
Buildings 8,130 8,554 Capitalized development –1,016 –260
Cars 1,111 1,207 Total impairment –1,016 –260
Total 9,241 9,761
Total depreciation and amortization –15,066 –16,020
Lease liabilities
Buildings 8,279 8,663 Depreciation and amortization by function
Cars 1,122 1,202 Sales and marketing –5,352 –6,138
Total 9,401 9,865 Research and development –5,176 –5,957
Administration –4,537 –3,925
Repayments of lease liabilities 6,185 7,278 Total depreciation and amortization –15,066 –16,020
----- End of picture text -----

Right of use assets related changes are stated in disclosure 13. Non-current assets.

Right of use assets related interest payments are stated in disclosure 8. Financial income and expenses.

Maturity of lease liabilities is stated in disclosure 19. Financial liabilities.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

6. PERSONNEL EXPENSES

==> picture [364 x 98] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 Consolidated 2021 Consolidated 2020
Personnel expenses
Wages and salaries –109,550 –103,747
Pension expenses - defined contribution plan –12,907 –10,710
Share-based payments –2,672 –801
Other social expenses –8,993 –8,280
Total –134,122 –123,538
----- End of picture text -----

Employee benefits of the management are stated in disclosure 24. Related party transactions.

Share-based payments are stated in disclosure 18. Share-based payment transactions.

==> picture [363 x 98] intentionally omitted <==

----- Start of picture text -----

Average number of personnel 1,678 1,691
Personnel by function December 31
Consulting and delivery 439 476
Sales and marketing 476 480
Research and development 555 535
Administration 186 187
Total 1,656 1,678
----- End of picture text -----

8. FINANCIAL INCOME AND EXPENSES

==> picture [363 x 176] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 Consolidated 2021 Consolidated 2020
Financial income
Interest income from loans and receivables 11 –4
Exchange gains 1,452 2,413
Other financial income 10 34
Total 1,473 2,443
Financial expenses
Interest expense from loans and liabilities –451 –536
Interest expense from lease liabilities –279 –324
Exchange losses –668 –4,458
Other financial expenses –353 –349
Total –1,751 –5,666
----- End of picture text -----

7. AUDIT FEES

==> picture [364 x 72] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 Consolidated 2021 Consolidated 2020
Group auditor
Audit fees, PricewaterhouseCoopers –319 –308
Other consulting, PricewaterhouseCoopers –347 –38
Total –666 –346
----- End of picture text -----

PricewaterhouseCoopers Oy has provided non-audit services to entities of F-Secure Group in total 347 thousand euros, which are related to other services.

==> picture [363 x 46] intentionally omitted <==

----- Start of picture text -----

Other auditors
Audit fees –58 –58
Total –58 –58
----- End of picture text -----

The Finnish Patent and Registration Office Auditor Oversight has granted to PricewaterhouseCoopers Oy upon its request an exemption from the maximum amount of fees for non-audit services referred to in Chapter 5, section 4 of the Finnish Auditing Act (1141/2015).

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

9. INCOME TAX

==> picture [364 x 72] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 Consolidated 2021 Consolidated 2020
Current income tax for the year –4,357 –5,911
Adjustments for current tax of prior periods 108 267
Change in deferred tax –477 2,063
Total –4,726 –3,581
----- End of picture text -----

A reconciliation of income tax expense in the income statement and income tax calculated at the parent company’s country of residence income tax rate (20%):

==> picture [363 x 122] intentionally omitted <==

----- Start of picture text -----

Result before taxes 17,429 16,457
Income tax at Finnish tax rate of 20% –3,486 –3,291
Effect of overseas tax rates –312 –349
Non-deductible expenses/tax-exempt revenue –202 19
Unrecognised tax losses –716 –199
Adjustments for prior period tax 108 267
Other –118 –27
Total –4,726 –3,581
----- End of picture text -----

10. EARNINGS PER SHARE

Basic earnings per share amounts are calculated by dividing net profit for the year attributable to ordinary equity holders of the parent by the weighted average number of ordinary shares outstanding during the year. Diluted earnings per share amounts are calculated by dividing the net profit attributable to ordinary shareholders by the weighted average number of ordinary shares outstanding during the year adjusted for the effects of dilutive options.

==> picture [364 x 131] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 Consolidated 2021 Consolidated 2020
Net profit attributable to equity holders from
continuing operations 12,703 12,875
Weighted average number of ordinary shares
(1,000) 158,354 158,082
Adjusted weighted average number of ordinary
shares for diluted earning per share 158,354 158,082
Basic and diluted earnings per share (EUR/share),
continuing operations 0.08 0.08
----- End of picture text -----

11. ACQUISITIONS

Group hasn’t made acquisitions during 2020 or 2021.

12. GOODWILL

For impairment testing goodwill is allocated to cash-generating units (CGUs). The carrying amount of goodwill EUR 85 144 thousand is allocated to two CGUs:

goodwill EUR 85 144 thousand is allocated to two CGUs:
EUR 1,000	Consolidated 2021	Consolidated 2020
Consulting MDR	55,963	54,625 27,319
	29,181
	85,144	81,944

Goodwill is tested for impairment annually, or more frequently if there are indications that goodwill might be impaired. The recoverable amount for each CGU is determined based on a value in use calculation which uses cash flows for the period determined for the CGU. Cash flows are based on financial budgets and forecasts approved by the Board of Directors. For Consulting forecast period of five years is used and for MDR the forecast period covers following six years during which the business is expected to achieve steady state. Discount rate for Consulting is 9.8% before taxes and for MDR 13.6% before taxes.

Cash flows beyond forecast period have been extrapolated using steady 2% per annum growth rate for both CGUs. Markets where CGUs operate are expected to grow significantly faster than the terminal growth rate used in impairment testing. Managed detection and response (MDR) market is expected to grow at 16.4% annually and Consulting at 12.6% annually by 2024.

Sensitivity analysis

The Group has prepared a sensitivity analysis of the impairment tests to changes in the key assumptions which are revenue, profitability, and discount rate. Any reasonably possible changes in the key assumptions in impairment tests would not cause the aggregate carrying amounts exceeding the recoverable amounts.

COVID-19 impacts on goodwill

Due to the COVID-19 pandemic, potential impairment of goodwill is continuously being monitored by the management. During 2021 management did not identify indications of impairment which would have resulted in additional testing for either of the CGUs. The risk of impairment in goodwill due to pandemic has decreased as new ways of working and delivering services to customers have been adopted succesfully. Sensitivity to key assumptions in the impairment testings have increased slightly compared to 2020. Management continues to monitor indications of impairment through frequent forecasting processes.

The weighted average number of shares take into account the effect of change in treasury shares.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

13. NON-CURRENT ASSETS

==> picture [739 x 406] intentionally omitted <==

----- Start of picture text -----

INTANGIBLE ASSETS TANGIBLE ASSETS
Advance
payments &
Other Capitalized incomplete Machinery & Right of
EUR 1,000 intangible development Goodwill development Total equipment use assets Other tangible Total
Acquisition cost Jan 1, 2020 20,481 44,289 88,399 5,579 158,747 14,780 16,727 3,708 35,215
Translation difference –445 –1,215 –6,455 0 –8,115 –310 –482 –190 –982
Additions 58 5,887 5,945 1,383 6,787 155 8,325
Transfers 3,967 –3,967 172 172
Disposals 4 –520 –517 –266 –981 –75 –1,322
Acquisition cost Dec 31, 2020 20,098 46,520 81,944 7,499 156,061 15,759 22,051 3,597 41,407
Translation difference 399 1,214 3,199 4,813 206 320 111 637
Additions 50 5,866 5,916 658 6,111 33 6,802
Transfers 9,941 –9,941
Disposals –1,021 –1,585 –2,606 –6,103 –1,977 –465 –8,545
Acquisition cost Dec 31, 2021 19,526 56,090 85,143 3,425 164,184 10,520 26,505 3,276 40,301
Acc. depreciation Jan 1, 2020 –13,254 –20,574 –33,828 –11,540 –6,464 –1,617 –19,620
Translation difference 189 182 371 196 158 85 439
Transfers –171 –171
Depreciation for the period –1,932 –4,973 –6,905 –1,616 –6,418 –647 –8,681
Depreciation of disposals 1 260 261 208 433 50 692
Acc. depreciation Dec 31, 2020 –14,996 –25,104 –40,101 –12,924 –12,290 –2,129 –27,343
Translation difference –228 –303 –531 –140 –202 –66 –407
Transfers 10 10
Depreciation for the period –1,384 –4,761 –6,146 –1,402 –6,062 –548 –8,013
Depreciation of disposals 898 555 1,453 6,030 1,285 163 7,478
Acc. depreciation Dec 31, 2021 –15,710 –29,614 –45,324 –8,425 –17,269 –2,580 –28,275
Book value as at Dec 31, 2020 5,102 21,416 81,944 7,499 115,960 2,835 9,761 1,468 14,064
Book value as at Dec 31, 2021 3,817 26,476 85,143 3,425 118,858 2,095 9,236 697 12,026
----- End of picture text -----

At the end of 2021 book value of right of use assets consists of buildings EUR 8.1 million (8.6m) and cars EUR 1.1 million (1.2m).

F-Secure 2021 Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

14. INVENTORIES

==> picture [364 x 267] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 Consolidated 2021 Consolidated 2020
Inventories 51 74
15. FINANCIAL ASSETS
EUR 1,000 Consolidated 2021 Consolidated 2020
Cash at bank and in hand 52,940 51,380
Trade receivables 38,310 38,088
Loan receivables –1 2
Financial assets at FVTPL 61 61
Total 91,310 89,531
Trade receivables
Ageing of trade receivables
Not fallen due 32,847 31,877
1–90 days past due 5,887 7,343
Over 90 days past due 1,603 1,378
Less provision for expected credit losses –2,063 –2,510
Total 38,274 38,088
----- End of picture text -----

Movements in the provision for impairment of trade receivables

==> picture [363 x 59] intentionally omitted <==

----- Start of picture text -----

Book value as at Jan 1 2,510 2,375
Change for the year 153 806
Receivables written off during the year –601 –670
Book value as at Dec 31 2,063 2,510
----- End of picture text -----

COVID-19 can have an impact on F-Secure’s customer’s liquidity in short and long term. Although significant risks have not realized during the financial year, management has estimated that impacts may become visible only during longer period as the pandemic prolongs. Thus, expected credit losses under IFRS 9 have been reassessed during the financial year and a slight increase addressing the increased risk has been maintained.

Financial assets at FVTPL

==> picture [363 x 111] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 Consolidated 2021 Consolidated 2020
Fair value as at Jan 1 61 66
Change in fair value 0 –5
Fair value as at Dec 31 61 61
Shares – unlisted 26 26
Funds 34 35
Fair value as at Dec 31 61 61
----- End of picture text -----

16. OTHER RECEIVABLES

==> picture [363 x 215] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 Consolidated 2021 Consolidated 2020
Non-current receivables
Other receivables 1,860 579
Current receivables
Other receivables 531 1,250
Prepaid expenses 10,197 7,511
Accrued income 4,714 3,398
Accrued income tax 2,558 1,477
Total 18,001 13,636
Material items included in prepaid expenses
Prepaid royalty 2,991 2,765
Grant receivables 860 –395
Other prepaid expenses 6,346 5,141
Total 10,197 7,511
----- End of picture text -----

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

17. SHAREHOLDERS’ EQUITY

Issued and fully paid


EUR 1,000 Dec 31, 2019 Share based payments Dec 31, 2020 Share based payments	Number of shares 157,786,995 404,636 158,191,631 195,750	Share capital 1,551 1,551	Share premium fund 165 165	Unrestricted equity reserve 6,172 291 6,464 325	Treasury shares
					–2,141 853
					–1,288
					439
Dec 31, 2021	158,387,381	1,551	165	6,789	–848

The share capital amounted to 1,551,311 euro and the number of shares was 158,798,739 (including own shares 411,358) at the end of 2021. A share has no nominal value. Accountable par value is EUR 0.01.

Share premium fund

Proceeds from exercised warrants were recognized under the share capital and share premium fund until March 26, 2008.

Unrestricted equity reserve

On March 20, 2007, the shareholders’ meeting decided to decrease the share premium fund. The decreased amount of 33,582 thousand euro was transferred to unrestricted equity reserve. On March 26, 2008, the shareholders’ meeting decided that the total amount of the subscription prices paid for new shares issued after the date of the meeting, based on stock options under the F-Secure Stock Option Plan 2005, be recorded in Companys’ unrestricted equity reserve.

Translation differences

The translation difference is used to record exchange difference arising from the translation of the financial statements of foreign subsidiaries.

Dividends proposed and paid

Proposed for approval at AGM for financial year 2021 is that no dividend will be paid. Final dividend for financial year 2020 was 0.04 euro per share, paid during 2021 (6,334,277,96 euro in total). For financial year 2019 company decided to not to pay any dividend.

Treasury shares

Treasury shares contains the purchase value of own shares owned by the Group. The cost of acquisition is reported as a deduction in shareholders’ equity. The shares have been acquired through public trading on NASDAQ OMX Helsinki. The parent company has not acquired treasury shares during the period. During the financial year parent company’s treasury shares have been used for board remuneration according to Annual General Meeting’s decision, for incentive programs and for deferred payment of the 2017 acquisition.

The total number of acquired treasury shares was 411,358 at the end of 2021. This represents 0.3% of the Company’s voting power on December 31, 2021.

18. SHARE-BASED PAYMENT TRANSACTIONS

During the period Group has had two incentive plans covering the key personnel of the Group and a restricted share plan as a complementary scheme targeted to individually selected key employees.

Share-based incentive programs

During the period the Group had two share-based incentive programs. The share-based incentive programs have been established as part of the key employee incentive and retention system within F-Secure Group. The programs offer the participants a possibility to receive shares of F-Secure Corporation as an incentive reward if the Company’s financial targets set for the earning period have been achieved. No reward can be given to any participating employee, whose employment has terminated before the end of the lock-up period.

The share-based incentive program 2017–2019 has been established in October 2017. The program’s duration is five years and it comprises three earning periods. Each earning period lasts for three years. The program ended on December 31, 2021. The rewards will be settled in two phases so that one part is settled as equity-settled payment and one part as cash-settled payment. On the basis of the program maximum total of 10,000,000 shares and a cash payment corresponding to the registration date value of the shares shall be given as reward. The Board has approved the metrics, targets and participants on annual basis for each earning period.

The share-based incentive program 2020-2022 was established in February 2020. The program’s duration is five years and it comprises three earning periods. Each earning period lasts for three years. The program ends on December 31, 2024. The rewards will be settled as equity-settled payments. The Board approves the metrics, targets and participants on annual basis for each earning period.

A restricted share plan complementing the incentive programs comprises of three earning periods: 2020-2021, 2021-2022 and 2021-2023. On the basis of earning period for 2020-2021 maximum total of shares to be given is 300,000. Maximum total shares to be given is 500,000 on the basis of earning period for 2021-2022 and 500,000 on the basis of earning period for 2021-2023.

The participating employee of a share-based incentive program shall be entitled to the shareholder rights of the reward shares (e.g. dividend) from the moment the shares have been entered into the participating employee’s book-entry account.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

Expense arising from the share-based payment transactions during the period was EUR 2,672 thousand (EUR 801 thousand euros in 2020). The costs of equity-settled transactions are measured by reference to the fair value of the F-Secure Corporation share at the date on which they are granted. Fair value for performance based programs is based on the F-Secure Corporation share price on the grant date. Fair value for market based programs is based on externally accepted valuation methods. The costs of cash-settled transactions are measured by reference to the market price of the F-Secure Corporation share on date of balance sheet. The Group updates the estimate of the number of equity instruments that will ultimately vest at each reporting date.

Impacts of share-based payment transactions on financial statements

EUR 1,000	Consolidated 2021	Consolidated 2020
Booked as expense duringtheperiod Booked in retained earnings duringtheperiod Balance sheet liabilityat the end of theperiod	2,672	801
	2,558	638
	1,148	1,412

19. FINANCIAL LIABILITIES

Interest-bearing liabilities

==> picture [363 x 185] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 Consolidated 2021 Consolidated 2020
Unsecured liabilities at amortized cost
Bank loans 19,000 30,000
Lease liabilities 9,401 9,865
Total 28,401 39,865
Total interest-bearing liabilities 28,401 39,865
Amount due for settlement within 12 months 10,824 15,937
Amount due for settlement after 12 months 17,577 23,929
Borrowings by currency EUR EUR
Bank loans 19,000 30,000
19,000 30,000
----- End of picture text -----

Bank loan of EUR 37,000 thousand was withdrawn on July 2, 2018. Annual repayments according to the financing agreement are EUR 6,000 thousand. Financing agreement includes a Revolving Credit Facility (RCF) for EUR 23,000 thousand. At previous reporting date Group had EUR 5,000 thousand withdrawn from the RCF. During 2021 the RCF was fully repaid and was undrawn at the end of the financial year.

The bank loans carry variable interest rates. The weighted average interest rates paid during the year were as follows:

Bank loans 1.5% 1.4%

The financing agreement is subject to conventional loan covenants related to ratio of net debt to EBITDA and equity ratio. Group complied with the covenants throughout the reporting period.

F-Secure 2021 Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

Other financial liabilities

Other fnancial liabilities
Contractual maturities of fnancial liabilities Bank loans Lease liabilities Total fnancial liabilities	Less than 1year 6,000 4,824 10,824	1 to 2years 13,000 2,982 15,982	2 to 3years 1,173 1,173	3 to 4years 205 205	4 to 5years 123 123	Over 5years 94 94	Total contractual cash fows 19,000 9,401 28,401	Carrying amount
								19,000 9,401
								28,401

Lease liabilities consists mainly of buildings (EUR 8.3 million). Cars are totalling to EUR 1.1 million and the maturity for them is mainly less than 2 years.

20. FINANCIAL ASSETS AND LIABILITIES

Classes and categories of financial assets and liabilities and their fair values

Fair value hierarchy levels 1 to 3 are based on the degree to which the fair value is observable:

Level 1: Fair values of financial instruments are based on quoted prices in active markets for identical assets and liabilities

Level 2: Financial instruments are not subject to trading in active and liquid markets. The fair values of financial instruments can be determined based on quoted market prices and deduced valuation.

Level 3: Measurement of financial instruments is not based on verifiable market information, and information on other circumstances affecting the value of the instruments is not available or verifiable.


EUR 1,000 Note	Carrying value					Fair value
	Financial assets		~~Financial~~ liabilities	Total		Hierarchy level		Tota
	FVTPL	Amortized cost	Amortized cost		1	2	3
Cash and bank 15 Financial assets at FVTPL 15 Trade receivables 15 Bank loans 19 Trade and otherpayables 22	61	52,940 38,310	19,000 5,975	52,940 61 38,310 19,000 5,975		61	19,000
								6

								19,00

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

General

The goal of risk management is to identify risks that may hinder the Group from achieving its business objectives. The responsibility for the Group’s risk management lies with the CEO, the management and ultimately with the Board of Directors. The risks related to the Group’s financial instruments are mainly related to credit risks, currency risk and interest rate risk.

Credit risk

The Group trades only with recognized, creditworthy third parties. Receivable balances are monitored and collected on an ongoing basis. The maximum exposure to credit risk at the reporting date is the carrying value of trade receivables. There are no significant concentrations of credit risk within the Group. See note 15. Financial assets.

Liquidity risk

Liquidity risk arises if the Group’s existing liquidity reserves, net cash flows and available additional financing are not sufficient to cover commitments falling due within next 12 months. Group manages it’s liquidity risk by centralizing the management of cash and liquid assets and thereby optimizing the use of liquid funds for operational and refinancing needs. Group Treasury is responsible for monitoring cash balances and cash forecasts to keep liquidity risk at manageable level. The Group has not identified any significant concentrations of liquidity risks in sources of available financing.

Cash and bank balance was at solid level throughout 2021, and at the end of the reporting period the Group held EUR 52.9 million in it’s bank accounts (EUR 51.4 million euro in 2020). Repayments of the term loan according to the original financing agreement were EUR 6.0 million during 2021. The management continues to assess potential impacts of the COVID-19 pandemic but it is no longer considered to be a significant risk for Group’s liquidity. In case of unforeseeable short term liquidity requirements, the Group has a Revolving Credit Facility (RCF) of EUR 23 million which was undrawn at the end of the financial year.

Foreign currency risk

The Group operates globally and is exposed to a currency risk arising from exchange rate fluctuations against its reporting currency euro. Transaction risk is related to foreign currency transactions in sales and expenses. Translation risk arises from the Group’s net investments outside euro zone.

Transaction risk

Majority of sales is invoiced in Euros. Other main currencies for invoicing are GBP, USD and JPY. Currency risk arising from sales invoicing is notably diminished by operational expenses arising in same currencies as the sales invoicing. In order to minimize the impact of the fluctuation of the exchange rates, the Group uses forward currency contracts to eliminate the currency exposure of the estimated cash flow of these currencies. At the end of the reporting period the Group did not have any open currency forward contracts.


Sales in diferent currencies	Consolidated 2021 %	Consolidated 2020 %
EUR GBP USD JPY SEK Other currencies	60	61 12 12 7 3 4
	13
	11
	8
	4
	5
	100	100

The carrying Euro amounts of the Group’s financial assets and liabilities at the reporting date are as follows:

==> picture [363 x 198] intentionally omitted <==

----- Start of picture text -----

Consolidated Consolidated
Financial assets 2021 % 2020 %
EUR 53,993 58 49,737 53
USD 10,068 11 9,709 10
GBP 8,381 9 10,429 11
JPY 8,208 9 12,331 13
Other currencies 13,048 13 11,601 13
93,698 100 93,808 100
Consolidated Consolidated
Financial liabilities 2021 % 2020 %
EUR 29,975 87 38,531 87
USD 2,516 7 1,259 3
GBP 1,102 3 1,962 4
Other currencies 970 3 2,483 6
34,563 100 44,235 100
----- End of picture text -----

The table below demonstrates how sensitive the Group’s profit before taxes is to foreign exchange rate fluctuations when all other variables are held constant. The open exposure against USD, GBP and JPY arising from Group treasury, trade receivables and trade payables have an impact on Group’s profit before taxes. The sensitivity calculation is based on a change of 10% in the Euro exchange rate against the functional currencies the Group operates in.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED


EUR million	Consolidated 2021	Consolidated 2020
USD GBP JPY	+/– 0.3	+0.5/–0.4
	+/– 0.2	+/– 0.1
	+/– 0.3	+/– 0.1

Translation risk

Translation risk arises from the Group’s net investments in foreign currencies. Most significant translation risks arise from goodwill generated in MWR InfoSecurity acquisition. Main currencies in goodwill are GBP and ZAR. Translation differences also arise from translating Group companies’ balance sheets into euros using exchange rates prevailing on the reporting date. Internal loans are granted mainly in subsidiaries’ home currencies. According to current policy F-Secure Corporation does not hedge investments made in its subsidiaries.

The table below demonstrates how sensitive the Group’s equity is to foreign exchange rate fluctuations when all other variables are held constant. The sensitivity calculation is based on a change of 10% in the Euro exchange rate against the main functional currencies exposing the Group to translation risk.


EUR million	Consolidated 2021	Consolidated 2020
GBP ZAR DKK	+7.2/–5.9	+7.2/–5.9
	+3.2/–2.6	+3.2/–2.6
	+0.9/–0.7	+1.0/–0.8

Interest rate risk

The Group is exposed to interest rate risk due to the term loan withdrawn in July 2018 to finance the acquisition of MWR InfoSecurity. The loan carries a variable interest rate. To manage the risk of interest rate changes the Group is regularly evaluating the need for hedging. The table below demonstrates the sensitivity of Group’s profit before taxes to 1% change in interest rate when all other variables are held constant.

held constant.

EUR million	Consolidated 2021	Consolidated 2020
Interest bearingliabilities, bank loans	+/– 0.2	+/–0.3

21. DEFERRED TAX

==> picture [363 x 280] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 Consolidated 2021 Consolidated 2020
Deferred tax assets relate to following:
Fixed assets 278 410
Accruals and provisions 4,808 4,493
Tax losses carried forward 3,282 3,961
Total 8,368 8,864
Offset against deferred tax liabilities –4,243 –4,910
Net deferred tax assets 4,124 3,954
Change in deferred tax assets:
Recognized in profit or loss 496 –2,214
Deferred tax liabilities relate to the following:
Fixed assets 2,639 3,404
Accruals and provisions 2,799 2,799
Total 6,123 6,203
Offset against deferred tax assets –4,243 –4,910
Net deferred tax liabilities 1,880 1,294
Change in deferred tax liabilities:
Recognized in profit or loss 80 –162
----- End of picture text -----

At December 31, 2021 the Group had EUR 16.6 million losses carried forward that are available to be offset against future taxable profits in the companies in which the losses have been generated.

During 2020 COVID-19 pandemic impacted the Group’s consulting business in multiple countries, and in some of the subsidiaries taxable income was temporarily negative. During 2021 the Group has been able to utilize the losses in all of the subsidiaries where negative income was due to the pandemic.

Capital management

The Group’s shareholders’ equity is managed as capital. Group’s financing agreement has a covenant term related to equity ratio of the Group. The objective of the Group’s capital management is to maintain an efficient capital structure that ensures the functioning of business operations, promotes shareholder value and meets with the requirements set in financing agreement. The Group’s capital structure is reviewed regularly as a part of financial performance monitoring.

The capital structure can be adjusted among other things by distribution of dividends, share

repurchase or capital repayment. The dividend policy of F-secure Corporation is to pay approximately half of its annual profit as dividend. Subject to circumstances, the Company may deviate from its policy.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

22. OTHER LIABILITIES

==> picture [364 x 358] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 Consolidated 2021 Consolidated 2020
Non-current liabilities
Deferred tax liability 1,880 1,294
Deferred revenue 25,988 23,788
Other non-current liability 347 1,550
Provisions
Total 28,215 26,631
Current liabilities
Deferred revenue 60,084 57,232
Trade payables 5,975 4,182
Other liabilities 6,766 9,080
Accrued expenses 17,249 12,826
Income tax liabilities 4,182 5,656
Total 94,256 88,976
Material amounts shown under accrued expenses
Accrued personnel expenses 10,411 9,120
Deferred royalty 114 239
Other accrued expenses 6,724 3,467
Total 17,249 12,826
Provisions
Book value as at 1.1. 3,041
Arising during the year
Used during the year –3,041
Book value as at 31.12.
----- End of picture text -----

23. CONTINGENT LIABILITIES

23. CONTINGENT LIABILITIES
EUR 1,000	Consolidated 2021 Consolidated 2020
Other liabilities		173
Others	110

Provision used during 2020 relates to company restructuring in 2019.

F-Secure 2021 Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

FINANCIAL STATEMENTS F-SECURE CONSOLIDATED

24. RELATED PARTY DISCLOSURES

The Group’s related parties include Parent Company and subsidiaries, as well as members of the Board, CEO and members of the Leadership Team.

==> picture [364 x 66] intentionally omitted <==

----- Start of picture text -----

Compensation of key management personnel of the Group
EUR 1,000 Consolidated 2021 Consolidated 2020
Wages and other short-term employee benefits 2,609 2,473
Share-based payments 136 239
Total 2,745 2,713
----- End of picture text -----

Wages and other short-term employee benefits incl. share-based payments


EUR 1,000	Consolidated 2021	Consolidated 2020
CEO LeadershipTeam Members of the Boards of Directors	375	541 2,172 293
	2,369
	316
	3,060	3,006

Board of Directors 2021 and Managing Director

Board of Directors 2021 and Managing Director
EUR 1,000 Juhani Hintikka, ManagingDirector Risto Siilasmaa, Chairman of the Board Pertti Ervi Päivi Rekonen Tuomas Syrjänen Keith Bannister Åsa Riisberg Robin Wikström Total	Wages 375 375	Fees 81 50 54 38 40 39 13 316	Share- based payment

			0

Share-based payments granted to the CEO are presented at the IFRS 2 expense of the share plans. The equity-settled part is measured at the fair value of the F-Secure Corporation share on the date it was granted and cash-settled part at the fair value of the share on the reporting date. The cost is recognized over the period in which the performance conditions are fullfilled (earning period).

25. SUBSIDIARIES

==> picture [363 x 427] intentionally omitted <==

----- Start of picture text -----

Country of
Name incorporation Group (%)
Parent F-Secure Corporation, Helsinki Finland 100
DF-Data Oy, Helsinki Finland 100
F-Secure Inc., Palo Alto United States 100
F-Secure (UK) Ltd, Basingstoke United Kingdom 100
F-Secure KK, Tokyo Japan 100
F-Secure GmbH, Munich Germany 100
F-Secure eStore GmbH, Munich Germany 100
F-Secure SARL, Maisons-Laffitte France 100
F-Secure BV, Heverlee-Leuven Belgium 100
F-Secure AB, Stockholm Sweden 100
F-Secure Srl, Milano Italy 100
F-Secure SP z.o.o., Poznan Poland 100
F-Secure Corporation (M) Sdn Bhd, Kuala Lumpur Malaysia 100
F-Secure Pvt Ltd, Mumbai India 100
F-Secure B.V., Utrecht The Netherlands 100
F-Secure Limited, Hong Kong Hong Kong 100
F-Secure Iberia SL, Barcelona Spain 100
F-Secure do Brasil Tecnol. da Informãcao Ltda, Saõ Paulo Brazil 100
F-Secure Informatica S de RL de CV, Mexico City Mexico 100
F-Secure Software (Shanghai) Co Ltd, Shanghai China 100
F-Secure Danmark A/S, Copenhagen Denmark 100
F-Secure Cyber Security Services Oy, Helsinki Finland 100
nSense Estonia OÛ, Tartu Estonia 100
F-Secure Norge AS, Oslo Norway 100
F-Secure Argentina S.R.L., Buenos Aires Argentina 100
F-Secure Digital Assurance Ltd, Basingstoke United Kingdom 100
F-Secure Cyber Security Limited, Basingstoke United Kingdom 100
F-Secure Consulting Pte. Ltd., Singapore Singapore 100
F-Secure Cyber Security (Pty) Ltd, Johannesburg South Africa 100
F-Secure Cyber Security Inc, Camden United States 100
Bytegeist GmbH, Oldenburg Germany 100
----- End of picture text -----

The CEO’s retirement age and the determination of his pension conform to the standard rules specified by Finland’s Employee Pension Act (TYEL). The pension cost of the CEO during the period was 60 thousand euro (66 thousand euro in year 2020). The period of notice for the CEO is six (6) months both ways and CEO is entitled to severance payment equivalent of six (6) months’ salary.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

42 FINANCIAL STATEMENTS F-SECURE CORPORATION

INCOME STATEMENT JAN 1–DEC 31, 2021

EUR 1,000		FAS 2021	FAS 2020

REVENUE	(1)	164,897	152,028

Cost of revenue	(4)	–23,374	–18,745

GROSS MARGIN		141,523	133,284

Other operatingincome	(2)	6,603	9,517
Sales and marketing	(3, 4)	–73,529	–72,321
Research and development	(3, 4)	–43,567	–39,678
Administration	(3, 4)	–17,534	–11,181

EBIT		13,497	19,620

Financial income and expenses	(6)	2,775	–2,156

PROFIT (LOSS) BEFORE APPROPRIATIONS AND TAXES		16,272	17,464

Appropriations	(7)	2,953	2
Income taxes	(8)	–3,511	–2,655

RESULT FOR THE FINANCIAL YEAR		15,714	14,810

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CORPORATION

BALANCE SHEET DEC 31, 2021

==> picture [739 x 280] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 FAS 2021 FAS 2020 EUR 1,000 FAS 2021 FAS 2020
ASSETS SHAREHOLDERS’ EQUITY AND LIABILITIES
NON-CURRENT ASSETS SHAREHOLDERS’ EQUITY (16, 17)
Intangible assets (9) 19,508 17,564 Share capital 1,551 1,551
Tangible assets (9) 811 1,068 Share premium 165 165
Investments in group companies (10) 122,951 122,963 Treasury shares –849 –1,288
Long-term receivables (13) 5,757 5,330 Reserve for invested unrestricted equity 6,789 6,464
Total non-current assets 149,027 146,925 Retained earnings 76,871 68,811
Profit for the financial year 15,714 14,810
CURRENT ASSETS Total shareholders' equity 100,241 90,513
Inventories (12) 51 74
Trade and other receivables (13) 54,461 46,901 APPROPRIATIONS
Deferred tax assets (11) 3 Depreciation reserve 91 44
Short-term investments (14) 26 26
Cash and bank accounts (15) 39,023 35,085 LIABILITIES
Total current assets 93,561 82,090 Long-term liabilities (19) 42,423 50,911
Short-term liabilities (19) 99,834 87,546
TOTAL ASSETS 242,588 229,015 Total liabilities 142,256 138,458
TOTAL SHAREHOLDERS’ EQUITY AND LIABILITIES 242,588 229,015
----- End of picture text -----

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CORPORATION

CASH FLOW STATEMENT JAN 1–DEC 31, 2021

==> picture [739 x 396] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 FAS 2021 FAS 2020 EUR 1,000 FAS 2021 FAS 2020
Cash flow from operations Cash flow from investments
Result for the financial year 15,714 14,810 Investments in intangible and tangible assets –6,030 –6,421
Adjustments Investments in subsidiary shares 0 –3,681
Depreciation and amortization 4,228 5,044 Proceeds from sale of intangible and tangible assets 10 3
Profit / loss on sale of fixed assets 106 –3 Intercompany loans granted –440 –4,329
Other adjustments –2,504 –1,597 Intercompany loans repayments 1,271 1,446
Financial income and expenses –2,775 2,156 Dividends received 2,199 2,938
Income taxes 3,511 2,655 Proceeds from subsidiary liquidations 0 740
Adjustments 2,565 8,256
Cash flow from operations before change in working Cash flow from investments –2,990 –9,305
capital 18,280 23,066
Cash flow from financing activities
Change in net working capital Increase in interest-bearing liabilities 5,000
Current receivables, increase (–), decrease (+) –5,059 4,757
Decrease in interest-bearing liabilities –11,000 –6,000
Inventories, increase (–), decrease (+) 23 33
Intercompany loans repaid –1,651
Non-interest bearing debt, increase (+),
decrease (–) 15,422 4,086 Dividends paid –6,334
Provisions, increase (+), decrease (–) –500
Cash flow from financing activities –18,985 –1,000
Cash flow from operations before financial items and
taxes 28,666 31,442 Change in cash 3,830 21,621
Interest expenses paid –450 –522 Effect of exchange rate changes on cash 108 –88
Interest income received 358 362
Other financial income and expenses –337 –289 Cash and bank at the beginning of the period 35,086 13,553
Income taxes paid –2,432 933
Cash and bank at period end 39,023 35,086
Cash flow from operations 25,805 31,926
----- End of picture text -----

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CORPORATION

NOTES TO THE PARENT COMPANY FINANCIAL STATEMENTS

Basic information

F-Secure provides cyber security products and services globally for consumers and businesses.

F-Secure Corporation is the parent company of F-Secure Group, incorporated in Finland and domiciled in Helsinki. Company’s registered address is Tammasaarenkatu 7, 00180 Helsinki. Copy of consolidated financial statements can be downloaded from www.f-secure.com or can be received from the Company’s registered address.

ACCOUNTING PRINCIPLES

The financial statement of F-Secure Corporation has been prepared in accordance with Finnish Accounting Standards (FAS).

Foreign currency translation

Revenue recognition

Endpoint protection solutions and vulnerability management products

Endpoint protection security solutions (F-Secure Elements Endpoint Protection, F-Secure Business Suite , F-Secure Elements Endpoint Detection and Response, F-Secure Cloud Protection for Salesforce and F-Secure Elements for Microsoft Office 365) are sold to corporate customers by granting the customer access to use the intellectual property during the license period or as Security-asa-Service. F-Secure delivers the product and provides continuous automated updates against new threats. The software and the accompanied services are highly interdependent and therefore treated as one performance obligation for which revenue is recognized over time on a straight-line basis for the license period.

Consumer customer products and vulnerability management products for corporate customers (F-Secure Elements Vulnerability Management and phishd) are treated as Security-as-a-Service as they do not include a license of intellectual property. Revenue is accounted for as a single performance obligation and recognized over time on a straight-line basis for the contract period.

Cyber security consulting services and managed detection and response solutions

Presenting of receivables and liabilities from contracts with customers

Pensions

F-Secure’s pension arrangements are defined contribution plans in accordance with local statutory requirements.. Contributions to defined contribution plans are recognized in income statement in the period to which the contributions relate. The Company recognizes the disability commitment of TyEL pension plan when disability appears.

Leases

Leases where the lessor retains substantially all the risks and benefits of ownership of the asset are classified as operating leases. Operating lease payments are recognized as an expense in the income statement on a straight-line basis over the lease term. The Company has only operating leases.

Income taxes

Current income taxes are calculated in accordance with the local tax and accounting rules.

Tangible and intangible assets

Intangible assets include intangible rights and software licenses. Tangible and intangible assets are recorded at historical cost less accumulated depreciation, amortization, and possible impairment. Depreciation and amortization is recorded on a straight-line basis over the estimated useful life of an asset. The estimated useful lives of tangible and intangible assets are as follows:

Machinery and equipment 3–8 years Capitalized development costs 3–8 years Intangible rights 3–8 years Intangible assets 5–10 years

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CORPORATION

Ordinary repairs and maintenance costs are charged to the income statement during the financial period in which they are incurred. The cost of major renovations is included in the assets’ carrying amount when it is probable that the Company will derive future economic benefits in excess of the originally assessed standard or performance of the existing asset. Any gain or loss arising on derecognition of the asset (calculated as the difference between the net disposal proceeds and the carrying amount of the asset) is included in the income statement in the year the asset is derecognized.

Research and development expenditure

Research expenditure is recognized as an expense at the time it is incurred. Development expenditures are capitalized as intangible assets.

Inventories

Financial assets and liabilities

Cash and cash equivalents in the balance sheet comprise cash at bank and in hand and other highly liquid short-term investments.

Share-based payment transactions

F-Secure provides incentives to employees in the form of equity-settled share-based instruments. Currently the Company has share-based programs.

F-Secure’s share-based incentive programs are targeted to the Group’s key personnel. The programs are divided into equitysettled and cash-settled part. The cash-settled part is recognized in the income statement over the vesting period with the counterentry in liabilities. Valuation is initially based on fair value at grant date. On each reporting date the cash-settled part is revalued to fair value and the expense is recognized in the income statement over the vesting period with the counter-entry in liabilities. Fair value is determined using the market value of the share of F-Secure Corporation. The cumulative expense recognized at grant date is based on the company’s estimate of the number of shares that will ultimately vest at the end of the vesting period. F-Secure updates estimated number of shares to be vested at each reporting date. If a person leaves the company before vesting, the reward is forfeited. Equity-settled part is recognized in the equity on vesting date.

Presentation of expenses

F-Secure classifies loans from financial institutions, trade payables and other payables as other financial liabilities which are measured at amortized cost. Financial liabilities are classified as current unless F-Secure has unconditional right to postpone their repayment by at least 12 months from the end date of the reporting period.

Treasury shares

The company has acquired treasury shares in 2008–2011. The purchase price of the shares has been deducted from equity.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CORPORATION

1. REVENUE

==> picture [364 x 124] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 FAS 2021 FAS 2020
Geographical information
Nordic countries 57,011 52,494
Europe excl. Nordics 79,269 75,256
North America 13,943 13,005
Rest of the world 14,675 11,273
Total 164,897 152,028
----- End of picture text -----

2. OTHER OPERATING INCOME

2. OTHER OPERATING INCOME

EUR 1,000	FAS 2021	FAS 2020
Rental revenue Governmentgrants Other	170	189 1,574 7,755
	1,705
	4,728
Total	6,603	9,517

Government grants are recognized as income over those periods in which the corresponding expenses arise.

Other operating income includes e.g. gain on sale of fixed assets and rental revenue.

Other operating income in 2020 includes 1,804 thousand euro profit from liquidation of French subsidiary F-Secure SDC SAS.

3. DEPRECIATION, AMORTIZATION AND IMPAIRMENT

==> picture [363 x 306] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 FAS 2021 FAS 2020
Depreciation and amortization of non-current assets
Other intangible assets –1,087 –1,245
Capitalized development –2,739 –3,009
Intangible assets –3,826 –4,253
Machinery and equipment –402 –531
Tangible assets –402 –531
Total depreciation –4,228 –4,784
Reduction in value from non-current assets
Capitalized development –260
Total reduction in value –260
Total depreciation and amortization –4,228 –5,044
Depreciation and amortization by function
Sales and marketing –472 –696
Research and development –3,356 –3,954
Administration –400 –394
Total depreciation and amortization –4,228 –5,044
----- End of picture text -----

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CORPORATION

==> picture [364 x 189] intentionally omitted <==

----- Start of picture text -----

4. PERSONNEL EXPENSES
EUR 1,000 FAS 2021 FAS 2020
Personnel expenses
Wages and salaries –44,905 –40,206
Pension expenses –7,914 –6,369
Other social expenses –1,753 –1,421
Total –54,572 –47,995
Compensation of key management personnel
Wages and other short-term employee benefits –2,274 –2,450
Wages and other short-term employee benefits
Managing Directors –375 –541
Members of the Board of Directors –316 –293
----- End of picture text -----

Wages and other short-term employee benefits of the Board of Directors and Managing Director: see group disclosure 24. Related party disclosures.

The Managing Director’s retirement age and the determination of his pension conform to the standard rules specified by Finland’s Employee Pension Act (TYEL). The pension cost of the Managing Director over the period was 60 thousand euro (66 thousand euro in year 2020). The period of notice for the Managing Director is six (6) months both ways and Managing Director is entitled to severance payment equivalent of six (6) months’ salary.

payment equivalent of six (6) months’ salary.	payment equivalent of six (6) months’ salary.

	FAS 2021	FAS 2020
Average number ofpersonnel Personnel byfunction Dec 31 Consultingand delivery Sales and marketing Research and development Administration	674	627 68 156 338 86


	75
	161
	371
	82
Total	689	648

5. AUDIT FEES

5. AUDIT FEES
EUR 1,000	FAS 2021	FAS 2020
Audit fees, PricewaterhouseCoopers Other consulting, PricewaterhouseCoopers	–150	–147 –30
	–347
Total	–497	–177

6. FINANCIAL INCOME AND EXPENSES

==> picture [363 x 111] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 FAS 2021 FAS 2020
Interest income 358 362
Interest expense –450 –522
Other financial income 18
Dividends 2,199 55
Exchange gains and losses 853 –1,898
Other financial expenses –185 –173
Total 2,775 –2,156
----- End of picture text -----


7. APPROPRIATIONS EUR 1,000	FAS 2021	FAS 2020
Change in depreciation reserve Groupcontribution	–47	2
	3,000
Total	2,953	2

8. INCOME TAXES EUR 1,000	FAS 2021	FAS 2020
Income tax for theyear Adjustments for income tax ofpriorperiods	–3,506	–2,995 339
	–5
Total Result before appropriations and tax	–3,511	–2,655

	16,272	17,464

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CORPORATION

9. NON-CURRENT ASSETS

==> picture [739 x 300] intentionally omitted <==

----- Start of picture text -----

INTANGIBLE ASSETS TANGIBLE ASSETS
Capitalized Incomplete Advance Machinery &
Other intangible development development payments Total equipment Other tangible Total
Acquisition cost Jan 1, 2020 14,179 22,638 5,579 42,396 9,795 5 9,801
Additions 149 5,465 422 6,036 385 385
Transfers 3,967 –3,967
Disposals –520 –520
Acquisition cost Dec 31, 2020 14,328 26,084 7,077 422 47,911 10,180 5 10,186
Additions 18 5,607 260 5,884 146 146
Transfers 9,941 –9,941
Disposals –1,011 –1,011 –5,736 –5,736
Acquisition cost Dec 31, 2021 13,335 36,025 2,743 681 52,785 4,591 5 4,597
Acc. depreciation Jan 1, 2020 –10,177 –16,179 –26,354 –8,587 –8,587
Depreciation for the period –1,245 –3,009 –4,253 –531 –531
Acc. depreciation of disposals 260 260
Acc. depreciation Dec 31, 2020 –11,421 –18,927 –30,348 –9,118 –9,118
Depreciation for the period –1,087 –2,739 –3,826 –402 –402
Acc. depreciation of disposals 897 897 5,735 5,735
Acc. depreciation Dec 31, 2021 –11,611 –21,666 –33,277 –3,785 –3,785
Book value as at Dec 31, 2020 2,907 7,158 7,077 422 17,564 1,063 5 1,068
Book value as at Dec 31, 2021 1,723 14,360 2,743 681 19,508 806 5 811
----- End of picture text -----

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CORPORATION

10. INVESTMENTS IN GROUP COMPANIES

EUR 1,000	Shares in group companies	Total
Book value as at Jan 1 Decreases	122,963 –12	122,963 –12
Book value as at Dec 31	122,951	122,951

==> picture [365 x 323] intentionally omitted <==

----- Start of picture text -----

Country of Share of
Name incorporation ownership (%)
Parent F-Secure Corporation, Helsinki Finland
DF-Data Oy, Helsinki Finland 100
F-Secure Inc., Palo Alto United States 100
F-Secure (UK) Ltd, Basingstoke United Kingdom 100
F-Secure KK, Tokyo Japan 100
F-Secure GmbH, Munich Germany 100
F-Secure eStore GmbH, Munich Germany 100
F-Secure SARL, Maisons-Laffitte France 98
F-Secure BV, Heverlee-Leuven Belgium 100
F-Secure AB, Stockholm Sweden 100
F-Secure Srl, Milano Italy 100
F-Secure SP z.o.o., Poznan Poland 100
F-Secure Corporation (M) Sdn Bhd, Kuala Lumpur Malaysia 100
F-Secure Pvt Ltd, Mumbai India 100
F-Secure B.V., Utrecht The Netherlands 100
F-Secure Limited, Hong Kong Hong Kong 100
F-Secure Iberia SL, Barcelona Spain 100
F-Secure Informática S. de R.L. de C.V, Mexico City Mexico 99
F-Secure Danmark A/S, Copenhagen Denmark 100
F-Secure Argentina SRL, Buenos Aires Argentina 95
F-Secure Digital Assurance Ltd, Basingstoke United Kingdom 100
F-Secure Cyber Security Limited, Basingstoke United Kingdom 100
----- End of picture text -----

11. DEFERRED TAX

11. DEFERRED TAX
EUR 1,000	FAS 2021	FAS 2020
Deferred tax assets Accruals andprovisions
		3
Total		3

12. INVENTORIES

12. INVENTORIES
EUR 1,000	FAS 2021	FAS 2020
Other inventories	51	74

F-Secure 2021 Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

FINANCIAL STATEMENTS F-SECURE CORPORATION

13. RECEIVABLES

==> picture [364 x 367] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 FAS 2021 FAS 2020
Non-current
Loan receivables 5,757 5,330
Total 5,757 5,330
Non-current receivables total 5,757 5,330
Current receivables
Trade receivables 22,299 21,477
Other receivables 292 72
Prepaid expenses and accrued income 9,255 6,398
Total 31,846 27,947
Receivables from group companies
Trade receivables 7,115 7,940
Loan receivables 9,164 9,507
Other receivables 6,336 1,507
Total 22,615 18,954
Current receivables total 54,461 46,901
Material items included in prepaid expenses and
accrued income
Prepaid royalty 2,991 2,765
Grant receivables 860 –395
Other prepaid expenses 4,252 3,486
Accrued income 1,153 542
Total 9,255 6,398
----- End of picture text -----

14. SHORT-TERM INVESTMENTS

==> picture [363 x 176] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 FAS 2021 FAS 2020
Fair value as at Jan 1 26 26
Fair value as at Dec 31 26 26
Shares – unlisted 26 26
Fair value as at Dec 31 26 26
Original purchase price as at Dec 31 26 26
15. CASH AND SHORT-TERM DEPOSITS
EUR 1,000 FAS 2021 FAS 2020
Cash at bank and in hand 39,023 35,085
----- End of picture text -----

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CORPORATION

16. STATEMENT OF CHANGES IN SHAREHOLDERS’ EQUITY

==> picture [670 x 190] intentionally omitted <==

----- Start of picture text -----

Parent Company FAS
Share premium Unrestricted
EUR 1,000 Share capital fund Treasury shares equity reserve Retained earnings Total equity
Equity Dec 31, 2019 1,551 165 –2,141 6,173 69,613 75,359
Result of the financial year 14,810 14,810
Cost of share based payments –801 –801
Other change 853 291 1,144
Equity Dec 31, 2020 1,551 165 –1,288 6,464 83,622 90,513
Result of the financial year 15,714 15,714
Dividend –6,334 –6,334
Cost of share based payments –416 –416
Other change 439 325 764
Equity Dec 31, 2021 1,551 165 –849 6,789 92,586 100,241
----- End of picture text -----

17. SHAREHOLDERS’ EQUITY

18. SHARE-BASED PAYMENT TRANSACTIONS

See group disclosure 18. Share-based payment transactions.

The Company’s share capital amounted to 1,551,311 euro and the number of shares was 158,798,739 at the end of the year 2021. See group disclosure 17. Shareholders’ Equity.

Treasury shares

See group disclosure 17. Shareholders’ Equity.

==> picture [364 x 121] intentionally omitted <==

----- Start of picture text -----

Distributable shareholders’ equity on December 31, 2021
EUR 1,000
Unrestricted equity reserve 6,789
Retained earnings 76,023
Result of the financial year 15,714
Less capitalized development expense –17,103
Distributable shareholders' equity on December 31, 2021 81,424
----- End of picture text -----

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CORPORATION

19. LIABILITIES

==> picture [364 x 484] intentionally omitted <==

----- Start of picture text -----

EUR 1,000 FAS 2021 FAS 2020
Non-current liabilities
Deferred revenues 17,712 16,026
Interest bearing liabilities 13,000 19,000
Other liabilities 1,490
Total 30,713 36,516
Liabilities to the group companies
Cashpool 11,711 12,744
Other liabilities 1,651
Total 11,711 14,395
Total non-current liabilities 42,424 50,911
Current liabilities
Deferred revenues 42,385 39,082
Trade payables 5,865 3,751
Interest bearing liabilities 6,000 11,000
Other liabilities 1,790 2,355
Accrued expenses 22,978 16,770
Total 79,018 72,958
Liabilities to the group companies
Advance payments 4,654 3,747
Trade payables 14,159 8,918
Other liabilities 2,003 1,924
Total 20,816 14,589
Total current liabilities 99,834 87,546
Material amounts shown under accruals and deferred
income
Accrued personnel expenses 13,586 11,048
Deferred royalty 114 239
Accrued expenses 5,863 3,143
Accrued tax 3,415 2,339
Total 22,978 16,770
----- End of picture text -----

20. FINANCIAL RISK MANAGEMENT OBJECTIVES AND POLICIES

See Group disclosure 20. Financial assets and liabilities.

21. OPERATING LEASE COMMITMENTS

The Group has entered into commercial leases on office space and on motor vehicles. Motor vehicle leases have an average life of three years and office space between two and five years with renewal terms included in the contracts.

Future minimum rentals payable under non-cancellable operating leases as at 31 December are as follows:

==> picture [363 x 183] intentionally omitted <==

----- Start of picture text -----

As lessee
EUR 1,000 FAS 2021 FAS 2020
Within one year 2,929 2,843
After one year but not more than five years 977 1,310
Total 3,906 4,153
22. CONTINGENT LIABILITIES
EUR 1,000 FAS 2021 FAS 2020
Guarantees for other group companies 110 112
Other liabilities
Others 61
----- End of picture text -----

Derivatives see Group disclosure 20. Financial assets and liabilities

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

FINANCIAL STATEMENTS F-SECURE CORPORATION

Signatures of the Board of Directors

Helsinki, February 16, 2022

Risto Siilasmaa Pertti Ervi Päivi Rekonen Chairman Åsa Riisberg Tuomas Syrjänen Keith Bannister Robin Wikström

Juhani Hintikka Managing director

Auditors’ note

Our auditors’ report has been issued today.

Helsinki, February 16, 2022

PricewaterhouseCoopers Oy Authorized Public Accountants

Janne Rajalahti

Authorized Public Accountant

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

AUDITOR’S REPORT

AUDITOR’S REPORT

To the Annual General Meeting of F-Secure Oyj

Report on the Audit of the Financial Statements

Opinion

Our Audit Approach

Overview

In our opinion

the consolidated financial statements give a true and fair view of the group’s financial position and financial performance and cash flows in accordance with International Financial Reporting Standards (IFRS) as adopted by the EU
the financial statements give a true and fair view of the parent company’s financial performance and financial position in accordance with the laws and regulations governing the preparation of the financial statements in Finland and comply with statutory requirements.

Our opinion is consistent with the additional report to the Audit Committee.

What we have audited

We have audited the financial statements of F-Secure Oyj (business identity code 0705579-2) for the year ended 31 December 2021. The financial statements comprise:

the statement of comprehensive income, statement of financial position, statement of cash flows, statement of changes in equity and notes, including a summary of significant accounting policies
the parent company’s income statement, balance sheet, cash flow statement and notes.

Basis for Opinion

We conducted our audit in accordance with good auditing practice in Finland. Our responsibilities under good auditing practice are further described in the Auditor’s Responsibilities for the Audit of the Financial Statements section of our report.

We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion.

Independence

We are independent of the parent company and of the group companies in accordance with the ethical requirements that are applicable in Finland and are relevant to our audit, and we have fulfilled our other ethical responsibilities in accordance with these requirements.

To the best of our knowledge and belief, the non-audit services that we have provided to the parent company and to the group companies are in accordance with the applicable law and regulations in Finland and we have not provided non-audit services that are prohibited under Article 5(1) of Regulation (EU) No 537/2014. The non-audit services that we have provided are disclosed in note 7 to the Financial Statements.

Overall group materiality: €1 100 000, which represents 0.5% of consolidated revenue
Materiality – Audit scope: We have audited parent company and we have performed
Group audit procedures related to three most significant subsidiaries. In
scoping addition, we have performed group level procedures over specific consolidated accounts and analytical procedures to assess unusual movements across all entities.
Key audit matters – Valuation of goodwill
Capitalization of R&D costs

As part of designing our audit, we determined materiality and assessed the risks of material misstatement in the financial statements. In particular, we considered where management made subjective judgements; for example, in respect of significant accounting estimates that involved making assumptions and considering future events that are inherently uncertain.

Materiality

TThe scope of our audit was influenced by our application of materiality. An audit is designed to obtain reasonable assurance whether the financial statements are free from material misstatement. Misstatements may arise due to fraud or error. They are considered material if individually or in aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements.

Based on our professional judgement, we determined certain quantitative thresholds for materiality, including the overall group materiality for the consolidated financial statements as set out in the table below. These, together with qualitative considerations, helped us to determine the scope of our audit and the nature, timing and extent of our audit procedures and to evaluate the effect of misstatements on the financial statements as a whole.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

AUDITOR’S REPORT

Overall group materiality € 1,100,000 (previous year € 1,100,000)

How we determined it 0.5% of consolidated revenue

Rationale for the materiality benchmark applied

The groups profitability has been volatile during the last years due to business combinations related integration costs and amortization, significant investments in product development and go-to-market strategy. Therefore, we chose revenue as the benchmark because, in our view, it is the benchmark against which the performance of the Group is commonly measured by users and is a generally accepted benchmark. We chose 0.5% which is within the range of acceptable quantitative materiality thresholds in auditing standards.

How we tailored our group audit scope

We tailored the scope of our audit, taking into account the structure of the Group, the accounting processes and controls, and the industry in which the Group operates.

Group operates globally through several legal entities. Group’s sales are mainly generated by the parent company and we have audited the parent company as part of our audit of the consolidated financial statements. In addition, we have performed audit procedures related to the three most significant subsidiaries. We have considered that the remaining subsidiaries don’t present a reasonable risk of material misstatement for consolidated financial statements and thus our procedures have been limited to targeted audit procedures over significant balances and to analytical procedures performed at Group level.

By performing the procedures above at legal entities, combined with additional procedures at the Group level, we have obtained sufficient and appropriate evidence regarding the financial information of the Group as a whole to provide a basis for our opinion on the consolidated financial statements.

Key Audit Matters

Key audit matters are those matters that, in our professional judgment, were of most significance in our audit of the financial statements of the current period. These matters were addressed in the context of our audit of the financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters.

As in all of our audits, we also addressed the risk of management override of internal controls, including among other matters consideration of whether there was evidence of bias that represented a risk of material misstatement due to fraud.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

AUDITOR’S REPORT

Key audit matter in the audit of the group

Valuation of goodwill

Refer to accounting principles and note 12 for the consolidated financial statements.

Goodwill is one of the most significant balance sheet items and amounted € 85,1 million at the balance sheet date. The determination and whether an impairment charge is required involves significant management judgement, including identifying on which cash generating unit level the goodwill is tested and estimating the future performance of the business and the discount rate applied to these future cash flows.

Due to materiality and judgment associated we have considered valuation of goodwill as key audit matter in the audit of the Group.

Key audit matter in the audit of the group

Capitalization of R&D costsl

Refer to accounting principles and note 13 for the consolidated financial statements. Company’s research and development activities have increased due to focus on the development of new products and product amendments both for corporate and consumer customers.

Capitalization of R&D costs requires use of judgment as capitalization requires estimating technical and economical feasibility of the product developed. In addition, there is judgement involved in assessing recoverability of capitalized R&D costs as future cash flows generated by these intangible assets needs to be estimated.

Due to materiality and judgment associated with capitalization of R&D costs, we have considered capitalization of R&D as key audit matter in the audit of the Group.

How our audit addressed the key audit matter

Our audit focused on assessing the appropriateness of management’s judgment and estimates used in the goodwill impairment analysis through the following procedures:

We tested the methodology applied in the value in use calculation by comparing it to the requirements of IAS 36, Impairment of Assets, and we tested the mathematical accuracy of calculation;

We evaluated the process by which the future cash flow forecasts are drawn up, including comparing them to the latest Board approved targets and long-term plans

We tested the key underlying assumptions for the cash flow forecasts, including sales and profitability forecasts, discount rate used and the implied growth rates beyond the forecasted period

We compared the current year actual results included in the prior year impairment model to consider whether forecasts included assumptions that, with hindsight, had been optimistic

We tested whether the sensitivity analysis performed by the management around key assumptions of the cash flow forecast are appropriate by considering the likelihood of the movements of these key assumptions.

How our audit addressed the key audit matter

We assessed appropriateness of the company’s R&D capitalization policy. We evaluated the design and operating effectiveness of controls over R&D capitalization. We assessed whether capitalization criteria for R&D projects are met. We tested a sample of costs capitalized during the year.

We evaluated the relevant assumptions used in the impairment testing of intangible assets, focusing on the reasonableness of the forecasted economic information.

We have no key audit matters to report with respect to our audit of the parent company financial statements.

There are no significant risks of material misstatement referred to in Article 10(2c) of Regulation (EU) No 537/2014 with respect to the consolidated financial statements or the parent company financial statements.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

AUDITOR’S REPORT

Responsibilities of the Board of Directors and the Managing Director for the Financial Statements

The Board of Directors and the Managing Director are responsible for the preparation of consolidated financial statements that give a true and fair view in accordance with International Financial Reporting Standards (IFRS) as adopted by the EU, and of financial statements that give a true and fair view in accordance with the laws and regulations governing the preparation of financial statements in Finland and comply with statutory requirements. The Board of Directors and the Managing Director are also responsible for such internal control as they determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error.

In preparing the financial statements, the Board of Directors and the Managing Director are responsible for assessing the parent company’s and the group’s ability to continue as a going concern, disclosing, as applicable, matters relating to going concern and using the going concern basis of accounting. The financial statements are prepared using the going concern basis of accounting unless there is an intention to liquidate the parent company or the group or to cease operations, or there is no realistic alternative but to do so.

Auditor’s Responsibilities for the Audit of the Financial Statements

Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance but is not a guarantee that an audit conducted in accordance with good auditing practice will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements.

As part of an audit in accordance with good auditing practice, we exercise professional judgment and maintain professional skepticism throughout the audit. We also:

Identify and assess the risks of material misstatement of the financial statements, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control.
Evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by management.
Conclude on the appropriateness of the Board of Directors’ and the Managing Director’s use of the going concern basis of accounting and based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the parent company’s or the group’s ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in our auditor’s report to the related disclosures in the financial statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of our auditor’s report. However, future events or conditions may cause the parent company or the group to cease to continue as a going concern.
Evaluate the overall presentation, structure and content of the financial statements, including the disclosures, and whether the financial statements represent the underlying transactions and events so that the financial statements give a true and fair view.
Obtain sufficient appropriate audit evidence regarding the financial information of the entities or business activities within the group to express an opinion on the consolidated financial statements. We are responsible for the direction, supervision and performance of the group audit. We remain solely responsible for our audit opinion.

We communicate with those charged with governance regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit.

We also provide those charged with governance with a statement that we have complied with relevant ethical requirements regarding independence, and to communicate with them all relationships and other matters that may reasonably be thought to bear on our independence, and where applicable, related safeguards.

From the matters communicated with those charged with governance, we determine those matters that were of most significance in the audit of the financial statements of the current period and are therefore the key audit matters. We describe these matters in our auditor’s report unless law or regulation precludes public disclosure about the matter or when, in extremely rare circumstances, we determine that a matter should not be communicated in our report because the adverse consequences of doing so would reasonably be expected to outweigh the public interest benefits of such communication.

Obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the parent company’s or the group’s internal control.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

AUDITOR’S REPORT

Other Reporting Requirements

Appointment

We were first appointed as auditors by the annual general meeting on 7 April 2016. Our appointment represents a total period of uninterrupted engagement of six years.

Other Information

The Board of Directors and the Managing Director are responsible for the other information. The other information comprises the report of the Board of Directors and the information included in the Annual Report, but does not include the financial statements and our auditor’s report thereon. Our opinion on the financial statements does not cover the other information.

In connection with our audit of the financial statements, our responsibility is to read the other information and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the audit, or otherwise appears to be materially misstated. With respect to the report of the Board of Directors, our responsibility also includes considering whether the report of the Board of Directors has been prepared in accordance with the applicable laws and regulations.

In our opinion

the information in the report of the Board of Directors is consistent with the information in the financial statements
the report of the Board of Directors has been prepared in accordance with the applicable laws and regulations.

If, based on the work we have performed, we conclude that there is a material misstatement of the other information, we are required to report that fact. We have nothing to report in this regard.

Helsinki 16 February 2022

PricewaterhouseCoopers Oy Authorised Public Accountants

Janne Rajalahti Authorised Public Accountant (KHT)

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

STATEMENT OF CORPORATE RESPONSIBILITY

==> picture [424 x 447] intentionally omitted <==

Statement of corporate responsibility F-SECURE EXISTS TO BUILD TRUST IN SOCIETY AND TO KEEP PEOPLE AND BUSINESSES SAFE

Today, being digital is just a price of admission, but no longer a competitive advantage. Differentiation comes from applying digitality in the new powerful ways, beyond foundational adoption. Post-digital transformation requires building trust with customers, employees, business partners and communities in a responsible, sustainable and secure way. Everything that can be automated and autonomously run will be. Algorithms will make more routine decisions than human beings do. Companies are moving from the ground to the cloud and embracing new ecosystem-driven digital platforms. Remote work is here to stay, and anything-as-a-service economy is on the rise. Businesses are interconnected, intelligent and data-driven. And, unfortunately, more vulnerable. That’s where we step in.

As a cyber security company, F-Secure secures the world around us. For over 30 years, we have been committed to helping people and businesses fight cyber threats. We believe that by improving our customers’ security, resilience, and the sustainability of their digital lives or businesses through our core business and everyday actions, we play a vital role in ensuring the functioning of the modern society, and help to maintain trust between people and organizations.

At F-Secure, we want to do what is right. Trust ensures we will succeed in our mission. Trust is earned when action matches words. Everyone working for F-Secure has a critical role in building and maintaining the trust in the eyes of each other and earning the trust of our customers.

F-Secure’s Code of Conduct reflects the company’s business culture for highest standards of ethical conduct, sets clear expectations on the business conduct and provides guidance for critical risk areas. It guides us on everything we do. The Code of Conduct is available at F-Secure’s webpages https://www.f-secure.com/en/investors/governance

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

STATEMENT OF CORPORATE RESPONSIBILITY

F-SECURE’S BUSINESS MODEL AND VALUE CREATION

By combining sophisticated technology with machine learning and human expertise, F-Secure provides a comprehensive offering of security products and cyber security services. For businesses, we offer vulnerability scanning and management solutions, endpoint protection products, detection and response solutions, as well as comprehensive security and risk assessment services for top management, and technical consulting. For consumers, we offer security and privacy solutions for all connected devices. As proven by several independent research institutions, our products and services provide our customers best-in-class security. E.g. F-Secure’s Detection and Response solutions achieved excellent scores also in the third round of MITRE ATT&CK evaluation, and the endpoint protection products for consumers and businesses have regularly gotten highest scores in AV-Test’s security tests.

We offer our products and services to defend thousands of companies and millions of people around the world through our network of about 200 telecommunication operators and thousands of IT service and retail partners. With our partner-led business model, trust has always been a cornerstone of all our operations.

Protecting the digital world, our employees, and sustainable growth

The three focus areas for F-Secure’s corporate responsibility are:

Valuing our employees (social responsibility and treatment of employees)
Securing trust in digitality (protecting human rights and supporting the fight against online crime)
Respecting the planet (sustainability and environmentally responsible operations).

WE VALUE OUR EMPLOYEES

WE SECURE TRUST IN DIGITALITY

WE RESPECT THE PLANET

Protecting people against cyber threats Reducing energy consumption from and supporting the fight against IT operations online crime Reducing energy consumption and Taking action to enhance cybersecurity waste in our offices in society Travelling sensibly

Securing the right competencies and constant development

Protecting people against cyber threats and supporting the fight against

Ensuring equality, equal opportunity and diversity Ensuring the wellbeing of employees

Protecting personal data

In our industry, it is critical that appropriate care is taken when handling customer information. Respecting customer privacy is an integral part of our company culture. All F-Secure employees commit to protecting the confidentiality of customer data.

We have always put a strong emphasis on shared core values: integrity, commitment, and excellence. These values are also driving our Corporate Responsibility and its three focus areas. We are committed to continuously improving the wellbeing of our employees, decreasing our carbon footprint through energy efficiency and other sustainable practices, and ensuring technology is not turned against the society.

There are specific F-Secure guidelines and policies for each area. The foundation of all activities is our Code of Conduct; it guides everything we do, and reflects the company’s culture for highest standards of ethical conduct. F-Secure suppliers and partners are also expected to act responsibly and comply with the principles set in the Code of Conduct.

Out of the six objectives of the taxonomy, criteria for climate change mitigation and climate change adaptation have been published. The focus is on activities and sectors that have the biggest potential to contribute to the climate objectives.

F-Secure has conducted a preliminary taxonomy review based on the existing information, and concluded that its core activities are not included in the taxonomy definitions of ICT activities that have a the greatest potential in reaching the EU climate and environmental objectives through climate change mitigation and adaptation. Thus, for 2021 0% of F-Secure’s revenue, capital expenditures, and operating expenses, is taxonomy-eligible and 100% of F-Secure’s revenue, capital expenditures, and operating expenses is non-taxonomy eligible.

EU taxonomy

The new EU taxonomy aims to help low-carbon sectors to grow and decarbonise high-emitting sectors in order to reach climate neutrality by 2050.

F-Secure will keep monitoring the developments in the taxonomy reporting in 2022. You can read more about F-Secure’s activities and KPIs in reducing our carbon footprint in the Environmental matters section.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

STATEMENT OF CORPORATE RESPONSIBILITY

SOCIAL RESPONSIBILITY AND TREATMENT OF EMPLOYEES:

We value our employees

Focus area key aspects

Securing the right competencies and constant development Ensuring equality, equal opportunity and diversity Ensuring the wellbeing of employees

F-Secure employs ca. 1,700 security experts, product developers, sales & marketing professionals and other experts globally. We recruit the best minds in the industry while focusing relentlessly on growing the next generation of cyber security professionals. Consultants, developers, engineers, researchers, specialists and everyone who shares our values is welcome to F-Secure. Our experts strive to disrupt the industry every day. Their research-led approach, victories in hacking contests, and key notes at conferences win respect around the globe. This gives us our edge over the competition and, more importantly, attackers.

F-Secure emphasizes the importance of fellowship and shared values; aiming to be the most beloved place to work in cyber security is one of our moonshot goals. We strive to ensure employee wellbeing, a healthy work-life balance, and equality and equal opportunities for our people. In our rapidly evolving industry, the company must also be prepared to help its employees to continuously learn new skills.

People Operations & Culture team is responsible for developing people management processes, tools, and ways of working. To measure success, the company conducts a Fellow Survey, including an Employee Net Promoter Score (eNPS), among staff to measure employee loyalty, productivity and wellbeing biannually. The company’s Leadership Team is responsible for following up on the results of the Fellow survey and ensuring corrective action plans are developed.

2021:

In the H2/2021 survey, F-Secure’s overall Employee Net Promoter Score (eNPS) dropped slightly compared to 2020 levels. On wellbeing, 73% agree or strongly agree with the statement: I feel satisfied with my overall well-being (physical, mental, etc.) at work.

Key performance indicator for overall employee wellbeing

Employee Net Promoter Score (eNPS)[ 1)]

==> picture [103 x 113] intentionally omitted <==

----- Start of picture text -----

H1 H2
33 34
H1
H1 28
H1 26
23 H2
21
H2 H2
13 13
H1
9
2017 2018 2019 2020 2021
----- End of picture text -----

1) Key performance indicator of overall wellbeing. The Employee Net Promoter Score (eNPS) measures employee satisfaction by asking people how likely it is that they would recommend F-Secure as an employer. The score is derived by deducting the share of employees giving low scores (0 to 6, “detractors”) from the share of employees giving high scores (9 to 10, “promoters”). Scores from 7 to 8 are considered neutral.

Securing the right competencies and continuous development

Attracting the best possible candidates as well as retaining fellows with the right skills and competences is key to F-Secure’s success. On-the-job learning, mentoring an internal rotation are at the heart of our development philosophy and retention activities. We aim to create the best possible environment for our employees to thrive in regardless of location with the long-term goal of becoming the preferred cybersecurity employer.

Successful recruitment is crucial for F-Secure’s business. Our aim is to ensure that we hire the best professionals whose skills, competences and values are aligned with F-Secure’s business objectives, culture and values. Our global Talent Acquisition team sources and attracts candidates, guides managers to ensure consistency and equal treatment of candidates, as well as to always provide candidates a positive experience when applying for a job.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

STATEMENT OF CORPORATE RESPONSIBILITY

After recruitment, the responsibility for competence development lies both with the individual employees and their line managers, as well as with the global talent management team, Business HR and professional development experts. Our internal development and training guidelines address the roles and responsibilities as well as practices related to learning and personal development.

F-Secure is currently developing several global and local learning and development programs available for both managers and employees including:

Company-wide leadership and management curriculum
Network mentoring and internal mentoring programs
Cyber security competence development
Education and development programs for sales
Country specific Graduate and Apprentice programs
Site-specific coaching and supporting services

2021:

F-Secure’s Leading Performance reform has progressed as expected, and most managers and employees completed the performance management forms in the beginning of 2021. This work will be followed by two upcoming rounds of performance management in 2022. The target of the process is to enable rolling objective setting and continuous feedback to create a high-performance culture.

The 2021 annual voluntary attrition rate across F-Secure was 18.4%. The rise is attributed to the general attrition trend brought about by the COVID-19 pandemic, and there are big differences in attrition within the organization. This has been addressed in our planning and activities for 2022.

Voluntary attrition rate[1)] by year, %

==> picture [101 x 108] intentionally omitted <==

----- Start of picture text -----

18.4
15.5
11.8
2019 2020 2021
----- End of picture text -----

1) Voluntary attrition = Number of voluntary leavers over the period/average headcount over the period. In 2020, end of e.g. fixed-term contracts previously reported in “Voluntary” category were moved to a new category “Other”

Ensuring equality, equal opportunity and diversity

Treating every employee fairly and with respect is a fundamental part of the F-Secure company culture. Everyone is valued, supported and encouraged to participate. We embrace individuality and value characteristics that make people unique, without bias towards nationality, ethnicity, age, disabilities, sex, gender (including gender reassignment), sexual orientation, religion or belief, or marital status.

F-Secure has a diverse workforce and we are committed to promoting inclusion and equality within the workplace. We employed 74 different nationalities by the end of 2021, a significant part of which are also represented at the company headquarters.

We know that diverse mix of backgrounds, expertise and genders contribute to a more open working atmosphere, better discussion and decision making. We assess individuals based on competence, skills and achievements. Equality, non-discrimination and fairness are key principles in recruitment, compensation and advancement at F-Secure.

In South Africa’s Broad-Based Black Economic Empowerment program (BBBEE), F-Secure is partnering with Masibambisane Empowerment Trust, and focusing on development projects with the Rays of Hope graduate programs on cyber and technical skills. To support gender equality in our industry, we support and promote initiatives to encourage women to pursue a career in technology and cyber security.

Share of women of all employees

==> picture [103 x 109] intentionally omitted <==

----- Start of picture text -----

1,666 1,696 1,678 1,656
1,104
23% 23% 23% 24% 24%
2017 2018 2019 2020 2021
----- End of picture text -----

Share of women, of managers[ 1)]

==> picture [99 x 103] intentionally omitted <==

----- Start of picture text -----

24% 24%
23%
20%
16%
2017 2018 2019 2020 2021
----- End of picture text -----

1) Including all line managers

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

STATEMENT OF CORPORATE RESPONSIBILITY

2021:

The share of women of both total employees and of managers has stayed at the 2020 level (24%).

F-Secure has continued its membership in Women in Tech in 2021 to support our commitment to promoting diversity, equality and inclusion in technology, including attracting more women into the industry by providing access to career opportunities, mentorship and role models.

Ensuring the wellbeing of employees

We want to ensure the wellbeing of each employee and aim to continuously improve our culture where all our employees can work to their full potential, both in mind and body.

In most countries we provide access to a variety of health care services to employees. Practices vary locally; all of our employees globally have access to a program designed to provide support with work-life balance and everyday wellbeing challenges. In certain regions, employees are provided with extended wellbeing and health care services, plus additional sports benefits, and discounted gym memberships. In some locations there are additional benefits such as the possibility for massage, free and subsidized vision benefits, and trained mental health first aiders.

In ensuring the wellbeing of employees, F-Secure emphasizes the importance of good leadership in addition to a preventative approach to health care. We support flexible working hours and the possibility of working remotely and offer voluntary wellbeing lectures and training for both employees and managers.

2021:

We will keep monitoring the effects of long term remote working on our employees regularly; in the H2/21 employee survey, 73% of our employees reported being satisfied with their wellbeing at work.

To support employee wellbeing, F-Secure has offered mental wellbeing service globally to all employees since March 2021. The service helps with 1) work-life balance 2) role based challenges and worries 3) leadership challenges 4) exhaustion and de-motivation. The feedback has been very good, with users reporting decreased stress levels and increased work efficiency.

We also continued the series of wellbeing webinars on stress management, sleep, nutrition and exercise to all employees. To support our employees’ physical wellbeing, feeling of community, and to have some fun, we also offered a mobile wellbeing app globally to all fellows in H2/2021.

F-Secure closely monitors employee sick leaves. In case of longer sick leaves, the company supports employees, and assists them in returning back to work.

2021:

The relative sick leave percentage* (2.1%) went down from 2020 levels (3%). Compared to 2020, there was a significant 11% decrease in total number of paid sick leave days. Number of short sick leaves increased slightly: 1–3 days by 6% and 4–10 days by 11%.

2021:

Wellbeing from helping others. F-Secure has traditionally supported local societies with various charity initiatives organized on the ground in our global offices. In addition to donations to Plan International and WWF, F-Secure granted all employees 1 extra day’s paid leave in 2022 to recharge and do something that serves their wellbeing.

Focus area key policies and guidelines

Code of conduct

Recruitment Policy Leading performance framework Development and training guidelines Equality plan Harassment prevention policy

Sick leave percentage is the average amount of sick days per employee. The figure includes personnel in Finland only, which represents 44% of total employees.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

STATEMENT OF CORPORATE RESPONSIBILITY

PROTECTING HUMAN RIGHTS AND SUPPORTING THE FIGHT AGAINST ONLINE CRIME:

Securing trust in digitality

Key aspects

Protecting people against cyber threats and supporting the fight against online crime

Taking action to enhance cyber security in society

Protecting personal data

Humanity is faced with unprecedented challenges. To solve the root causes of these challenges radical technological innovation is needed. F-Secure has driven innovations in cyber security for over three decades. We secure thousands of businesses, and millions of people wake up every day knowing they can rely on our high standards and uncompromised integrity. The world’s top financial institutions count on us to battle cyber-attacks. We secure factories, power grids, and vital telecommunication infrastructure.

Our sophisticated technology combines the power of machine learning with the human expertise of our world-renowned security labs. From decades of experience stopping advanced cyber-attacks, we’ve developed a passion for taking on the world’s most potent cyber threats. This teaches us how attackers defeat defenders. With these insights, we’ve pioneered threat hunting and been at the forefront of the movement away from traditional forensics to continuous real-time response.

Protecting people and businesses from cyber attacks

In 2021, the fusion of the physical and digital world progressed at a fast pace increasing the complexity for companies to manage cyber security risks. 2021 will be remembered as one of the most disruptive years so far when it came to cyber-attacks. There were high profile breaches such as Solar Winds, Kasey, Colonial Pipeline and dozens of others that had significant impact on critical infrastructure and were exploiting weaknesses in supply chains. Especially in the fourth quarter, cyber-attack risks reached a peak because of the huge security implications of the Log4j vulnerability. Also, ransomware attacks continued to be one of the most prevalent threats. And while many large businesses suffered breaches, small and medium businesses were an easier target for hackers due to their lack of resources and security expertise.

F-Secure Labs invests yearly thousands of staff-hours to provide free research and tools to improve products’ security and businesses cybe r resilience. Our research led to e.g. HP fixing vulnerabilities in more than 150 printer models in 2021 ,and we were invited to participate in several industry forums as well as collaborating with national authorities.

Protecting people’s security and privacy with integrity

F-Secure applies strict security measures to protect the personal data of the users of our solutions. We seek to protect our users’ privacy, not to sell it. All F-Secure products and services are produced independent of governmental direction.

We recognize that there is an imbalance between the defenders of fair practices and human rights, and online criminality and the offensive capabilities of nation state threat actors. To level the playing field, F-Secure refuses to introduce backdoors in our products and will detect malware no matter what the source is.

Operating with highest ethical standards

F-Secure exists to build trust in society and to keep people and businesses safe. Trust is earned only when action matches

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

STATEMENT OF CORPORATE RESPONSIBILITY

words. We offer our products and services to defend thousands of companies and millions of people around the world through our network of around 200 telecommunication operators and thousands of IT service and retail partners. With our partner-led business model, trust has always been a cornerstone of all our operations.

F-Secure works responsibly with malware and offensive techniques:

Clear criteria for categorizing threats and classifying potential unwanted applications.
Strict rules for handling and analyzing malicious content.
Cooperation with authorities to ensure the safety of the general public, assisting investigations into online crime that bring criminals into justice.
Security assessments are conducted only with customers’ permission and within agreed scope.
In our work, we may create offensive code, but only do so with the intention to secure and benefit our customers and digital safety of the society.
Coordinated vulnerability disclosure policy and a vulnerability reward program.
When conducting business with any governmental body, we carefully abide by all applicable regulations and ethical standards.
We do not tolerate any form of bribery, corruption or fraudulent practices by our partners or any parties acting on our behalf.

The Code of Conduct guides everyone at F-Secure to ethical conduct. We have also issued a specific Anti-Bribery Policy that applies to all employees. It defines the rules to be applied related to gifts, hospitality, travelling and accommodation, specific terms concerning governmental officials, as well as the process for escalation as needed. Ethical business practices are also emphasized in contracts and the company engages in continuing dialogue with relevant stakeholders.

2021:

F-Secure has always strongly encouraged employees to speak up if they suspect or witness any possibly corrupt, illegal or other undesirable behavior, activities or conduct. In December 2021, F-Secure launched a new confidential and secure reporting channel operated by an external law firm, which enables open, objective and safe expression of concerns.

Focus area key policies and guideline include:

Code of conduct

Cyber Security Principles Risk Management Principles Lifecycle security Policy Personal data policy Vulnerability Reward Program Export Control Policy Anti-Bribery policy Modern Slavery Statement Whistleblowing Policy

Everyone at F-Secure must apply the highest standards of ethical conduct.

We do not make or accept any bribes or other improper payments.
We never engage in fraudulent practices.
We do not give or accept gifts or hospitality over the appropriate limits.
We do not endorse or provide financial support to individual political parties.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

STATEMENT OF CORPORATE RESPONSIBILITY

ENVIRONMENTAL MATTERS:

Respect for the planet

Key aspects:

Reducing energy consumption from IT operations Reducing energy consumption and waste in our offices Travelling sensibly

We believe in a holistic approach to sustainability and want to maximize our positive impact on society. Our greatest contribution comes from protecting people, data and societies; we also generate valuable knowledge and expertise on building secure technologies, and carry out our mission while striving to minimize our environmental footprint. We are committed to working in an environmentally responsible and efficient manner and expect our partners and suppliers to do the same.

As stated in the F-Secure Code of Conduct, our approach to environmental challenges emphasizes the importance of precaution.

We aim to continuously increase the energy efficiency of the company as well as to reduce the amount of waste and emissions produced by our operations.
We encourage the use of environmentally friendly technologies, tools and services in the research and development of our products and services.
We aim to reduce the environmental impact of our global operations by connecting people from separate locations through technology and choosing environmentally friendly means of travelling.
We provide local guidelines and support for employees to move from private cars to public transportation and bicycles for their commute.

As F-Secure’s business activities involve the development, production and delivery of software and professional services, our environmental footprint derives primarily from the use of electricity for office activities as well as the use of electricity from IT operations.

To evaluate our success in limiting our environmental impact, F-Secure conducts an annual energy review to estimate our total direct consumption of electricity at company level.

Reducing the energy consumption of IT operations

F-Secure uses both private servers and third-party cloud platforms to develop and run its services. With third-party cloud platforms, F-Secure partners primarily with Amazon Web Services (AWS) as well as Microsoft Azure.

The transition to third-party provided servers increased the company’s overall energy efficiency and lower total consumption, as third-party providers are running the more energy-efficient servers. Consumption data for these is not available, as electricity costs are part of the overall service contract. Our main service partners Microsoft Azure and AWS have publicly committed to reducing their carbon footprints; both are committed to operating in the most environmentally friendly way possible, and estimate achieving 100% renewable energy usage in 2025.

In co-location facilities, we can directly measure our monthly electricity consumption. F-Secure utilizes server hardware with good energy efficiency (Energy Star), and some of the server facilities were already operating on 100% renewable energy in 2021. In 2021, the energy consumption of our servers in Finland dropped by 56% compared to 2020.

2021:

F-Secure continued outsourcing the company’s server activity globally as planned, further decreasing the company’s energy consumption compared to using its own servers. By the end of the year, the outsourcing was at 92% of the target level. The target level is estimated to be reached during 2022.

Reducing energy consumption and waste in our offices

F-Secure has offices in 23 locations globally as of December 2021. The majority of operations are concentrated in Helsinki in Finland, London in the UK, Kuala Lumpur in Malaysia, Poznan in Poland and Johannesburg in South Africa.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

STATEMENT OF CORPORATE RESPONSIBILITY

The company rents office facilities from local real estate providers. Typically, a lease agreement includes service charges for electricity and heating, as well as handling of a limited amount of waste generated by office activities. All waste is primarily recycled according to local practices. Hazardous waste consists solely of batteries, which are disposed of at suitable recycling points. Electronic waste is recycled carefully and, as appropriate, with attention to ensuring that confidential waste is specifically managed. Confidential paper waste is also managed with exceptional care and in a certified secure manner.

2021:

F-Secure continued to roll out the environmental impact improvement program. In 2021, the annual office energy consumption further decreased by 10%, contributing factors being continued remote working, as well as some reduction in total rented office space.

Electricity consumption, MWh

==> picture [143 x 107] intentionally omitted <==

----- Start of picture text -----

1,600 1,548
1,236
1,200 1,032
905
800
1,081
773
400
568
248
0
2018 2019 2020 2021
----- End of picture text -----

Co-location servers[1)]

2021:

During 2021, new office contracts were signed for two major locations, Helsinki HQ and Poznan office in Poland, with another major location under review in London. A key factor when identifying suitable future premises is ensuring sustainability and improving our environmental footprint. Both Helsinki and Poznan developments will deliver LEED (Leadership in Energy and Environmental Design) Gold or Platinum certified premises. LEED recognizes achievements in location and planning, sustainable site development, water savings, energy efficiency, materials selection, waste reduction, indoor environmental quality, innovative strategies and attention to priority regional issues.

Travelling sensibly

F-Secure’s Travel policy aims to reduce the environmental impact of travelling, and minimizing energy consumption and emissions by choosing environmentally friendly means of travelling. The policy requires a pre-approval of employee travels, and encourages employees to use online conferencing tools when collaborating with our internal and external stakeholders. CO2 emissions from work related travelling are tracked across all European offices, covering a clear majority of the company’s employees.

2021:

Remote and hybrid working continued in 2021, with very limited travel. The 2021 travel emissions were 85,028 Carbon CO2e (DEFRA) (kg/unit), dropping further from the 2020 level of 413,598, and 95% from 2019 pre-pandemic levels.

Focus area key policies and guidelines

Code of conduct

Travel policy

Recycling policy

Environmental friendly, country specific transportation policies

Helsinki, 16 February 2022

F-Secure Corporation Board of Directors

Risto Siilasmaa

Pertti Ervi

Päivi Rekonen

Tuomas Syrjänen

Keith Bannister

Åsa Riisberg

Robin Wikström

Offices[2)]
1) The electricity consumption includes F-Secure servers in Finland
2) The electricity consumption includes vast majority of F-Secure’s offices globally. Increase in electricity consumption in 2019 was due to the fact that for the fiscal year 2019 all acquisition related offices from MWR InfoSecurity were been fully taken into account, whereas in 2018 due to the timing of the acquisition, consumption of these premises was included only for H2–2018.

President and CEO Juhani Hintikka

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

CORPORATE GOVERNANCE

F-SECURE’S CORPORATEGOVERNANCE STATEMENT 2021

Governing bodies

Corporate Governance at F-Secure

F-Secure’s highest decision-making body is the General Meeting of Shareholders which elects the members of the Board of Directors. The Board of Directors is responsible for the administration of F-Secure Corporation and appropriate organization of its operations. The Board of Directors appoints the CEO. The CEO, assisted by the Leadership Team, is responsible for managing the company’s business and implementing its strategic and operational targets.

F-Secure’s corporate governance practices are based on applicable Finnish laws, the rules of Helsinki Stock Exchange (NASDAQ Helsinki Oy) and the regulations and guidelines of Finnish Financial Supervisory Authority as well as with the company’s Articles of Association. This statement has been prepared in accordance with the Finnish Corporate Governance Code 2020 (publicly available at http://cgfinland.fi/en/) issued by the Securities Market Association of Finland.

General Meeting of Shareholders

Under the Limited Liability Companies Act, shareholders exercise their decision-making power at the General Meeting.

Up-to-date information about F-Secure’s governance is available on the company’s website at https://www.f-secure.com/en/investors.

The General Meeting is normally held once a year as an Annual General Meeting (AGM). The AGM decides on matters stipulated by the Articles of Association and the Limited Liability Companies Act, including:

adoption of the Financial Statements
distribution of profit for the year
discharging the members of the Board of Directors and the CEO from liability
selection of members of the Board the decision on the remuneration of the Board members

==> picture [487 x 119] intentionally omitted <==

----- Start of picture text -----

ExternaI control Internal control
General meeting of shareholders
Board of Directors Internal controls and
processes
Auditors Personnel committee Audit committee
Risk management
CEO
Leadership team
----- End of picture text -----

approval of the Remuneration Policy and the Remuneration Report
election of the auditor and the decision on the auditor’s remuneration, and
other proposals submitted to General Meeting

Each share carries one vote in the General Meeting.

A shareholder may propose items to be included on the agenda provided they are within the authority of the meeting, and the Board of Directors has received the request in advance in accordance with the set schedule. The invitation to the AGM is published as a stock exchange release and is made available on the company’s website.

2021:

The AGM was held on 24 March 2021 at the company’s headquarters in Helsinki.

The resolutions and the meeting minutes of the AGM are available on F-Secure’s website.

Board of Directors

The Board of Directors is responsible for the administration of

F-Secure Corporation and appropriate organization of its operations. The Board’s operations, responsibilities and duties are based on the Finnish Companies Act and other applicable legislation and are supplemented by the Board Charter. These cover the following main areas:

approving the strategy of F-Secure, overseeing its operations and annual budgets
appointing and dismissing the CEO
approving any major investments, acquisitions, changes in corporate structure or other matters that are significant or far-reaching
ensuring that the supervision of the company’s accounting and financial management is duly organized

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

CORPORATE GOVERNANCE

Members of the Board of Directors and the Committees


Members	Independence of the company	Independence of major shareholders	Board (Meeting attendance)	Audit Committee (Meeting attendance)	Personnel Committee (Meeting attendance)
Risto Siilasmaa Pertti Ervi Päivi Rekonen Tuomas Syrjänen Keith Bannister Åsa Riisberg(as of 24 March 2021) Robin Wikström (as of 24 March 2021) Bruce Oreck (until 24 March 2021) Robert Bearsby(until 24 March 2021)	Yes Yes Yes Yes Yes Yes No2) Yes No3)	No1) Yes Yes Yes Yes Yes Yes Yes Yes	Chairman (16/16) Member (16/16) Member (16/16) Member (16/16) Member (16/16) Member (9/12) Member (12/12) Member (4/4) Member (4/4)	Chairman (5/5) Member4)(1/1) Member (5/5) Member (4/4) Member (4/4) Member (1/1)	Member (7/7)

					Chair (7/7)
					Member (5/5)



					Member (1/2)

1) Risto Siilasmaa is the founder of F-Secure and on 31 December 2021 owned 37,79% of F-Secure shares.
2) Robin Wikström was elected from among F-Secure Corporation’s personnel, according to the process described below in 2021.
3) Robert Bearsby was elected from among F-Secure Corporation’s personnel, according to the same process in 2020.
4) Tuomas Syrjänen was a member of the Audit Committee until 24 March 2021.
ensuring that internal control and risk management systems are in place
approving personnel policies and rewards systems
preparing matters to be handled at the General Meeting

The Board of Directors meets as frequently as necessary and according to the Board Charter at least five times during its term. The Board of Directors has quorum when more than half of the members are present. An annual self-assessment is carried out by the Board to evaluate its operations. The Board of Directors primarily strives at unanimous decisions. If a decision cannot be made unanimously, the decision will be made by voting and with single majority. If the votes are even, the Chairman’s vote is decisive.

In accordance with F-Secure’s Articles of Association, the Board of Directors comprises three to seven members, who are elected at the Annual General Meeting for a period of office that extends to the subsequent AGM. The Board of Directors represents all shareholders.

Diversity is an essential part of F-Secure’s success. According to Diversity Principles established by the Board of Directors, an

optimal mix of diverse backgrounds, expertise and experience strengthens the Board’s performance and promotes creation of long-term shareholder value. The Diversity Principles of the Board of Directors aim to strive towards appropriately balanced gender distribution. Both genders are represented in the Board of Directors.

To create openness, one member of the Board of Directors is elected from among F-Secure’s personnel. An election is arranged annually for F-Secure personnel and each permanent F-Secure employee is eligible to stand as a candidate. The Personnel Committee interviews three persons who have obtained the highest number of votes in the elections, and chooses a candidate from amongst them to be proposed for election as a member of the Board by the Annual General Meeting. Robin Wikström was appointed to the Board of Directors through this process in 2021.

The majority of Board members are independent from the company and from its major shareholders. For a detailed description of the members of the Board of Directors and their shareholdings see the end of this statement.

2021:

In 2021 the Board of Directors convened 16 times, Audit Committee 5 times and Personnel Committee 7 times.

Board Committees

In 2021, the Board established two committees: Audit Committee and Personnel Committee (nomination and remuneration matters). The Board of Directors appoints from among itself the members and the Chairman of the committee. Each committee must have at least three members. The Board of Directors confirms the main duties and operating principles of each committee. The duties of each committee are defined in the committee charters which are available on F-Secure’s website at

https://www.f-secure.com/en/investors.

Audit Committee

The Audit Committee monitors and evaluates risk management, internal controls, IT strategy and practices, financial reporting as well as auditing of the accounts. The Audit Committee also prepares a proposal for the election of auditor to the Board of Directors and regularly considers the need for a separate internal

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

CORPORATE GOVERNANCE

audit function. Members of the Audit Committee must have broad business knowledge, as well as an adequate expertise and experience with respect to the committee’s area of responsibility and the mandatory tasks relating to auditing. The majority of members of the Audit Committee shall be independent from F-Secure Corporation and at least one member shall be independent of the company’s significant shareholders. The Audit Committee calls in experts to its meetings when necessary for the issues to be discussed. Materials of the Audit Committee meetings are made available for all members of the Board of Directors.

The Audit Committee convenes at least four (4) times a year as notified by the Chairman of the Committee. Members of the Audit Committee are listed in the table above.

Personnel Committee

The Personnel Committee prepares material and instructs with issues related to the composition of the Board of Directors and compensation of the company’s management as well as remuneration and incentives of key personnel. The Committee also prepares the proposals for the Board composition and remuneration for the Annual General Meeting of Shareholders. The Personnel Committee calls in experts to its meetings when necessary for the issues to be discussed. Materials of Personnel Committee meetings are made available for all members of the Board of Directors.

The Personnel Committee convenes at least two (2) times a year as notified by the Chairman of the Committee. Members of the Personnel Committee are listed in the table above.

President and CEO

The Board of Directors appoints and may dismiss the CEO and decides upon the CEO’s remuneration and other benefits in accordance with the Remuneration Policy. The CEO is responsible for the day-to-day management of the company. The CEO’s main duties include:

managing the business according to the instructions issued by the Board of Directors
presenting the matters to be handled in the Board of Directors’ meetings
implementing the decisions made by the Board of Directors
other duties determined in the Limited Liability Companies Act

2021:

Juhani Hintikka has been F-Secure’s President and CEO since 1 November 2020.

The biographical details of the CEO including the shareholdings are specified later in this report. The remuneration of the CEO is specified in F-Secure’s Remuneration Policy and Report.

Leadership Team

The Leadership Team supports the CEO in the daily operative management of the company.

2021:

Current information on the F-Secure Leadership Team can be found on our website: https://www.f-secure.com/en/investors.

For descriptions of all members of the Leadership Team during 2021 and their roles, respective membership periods and shareholdings, see the end of this statement.

Internal control and risk management

Risk Management

Risk management and internal control processes at F-Secure seek to ensure that risks related to the business operations of the company are properly identified, evaluated, monitored and reported in compliance with the applicable regulations.

F-Secure’s Board of Directors defines the principles of risk management and internal controls which are followed within the company. The Audit Committee assists the Board in the supervision of F-Secure’s risk management function. The CEO is accountable for ensuring that the risk management principles are implemented and applied constantly and consistently across the organization.

The primary goal of F-Secure’s risk management principles is to empower the organization to identify and manage risks more effectively. The potential negative impact and probability of different situations arising from our business operations on the company, its customers, or its partners are monitored as part of the risk management process.

F-Secure promotes continuous risk evaluation by the company’s personnel. The relevant operational risks identified through the risk management process are regularly reviewed by the CEO and Leadership Team and the company’s statutory auditor. Risk Management is an integrated part of F-Secure’s governance and management, and the risk management process is aligned with the ISO-31000 standard. The Audit Committee regularly evaluates the effectiveness of the risk management system.

Internal Control

The purpose of Internal Control is to ensure that operations are effective and aligned with the strategy, and that financial reporting and management information is reliable and in compliance with applicable regulations and operating principles.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

CORPORATE GOVERNANCE

Internal control consists of all the guidelines, policies, processes, practices and relevant information about organizational structure that help ensure that the business conduct is in compliance with all applicable regulations. The purpose of internal control is also to ensure that accounting and financial information provides a true and accurate reflection of the activities and financial situation of the company. Actual performance is monitored against sales and cost targets by operative reporting systems on a daily, weekly, or monthly basis.

The company constantly monitors its key financial processes linked to sales, revenue, costs and profitability as well as incoming and outgoing payment transactions. If any inconsistencies appear, the issues are handled without delay. The company’s finance department is responsible for the consistency and reliability of internal control methods. The finance team works in close cooperation with the CFO and businesses, providing relevant data for business planning purposes and sales estimates. The team also regularly assesses and monitors the reliability of estimates and revenue recognition.

Internal audit

Audit Committee considers the need for and appropriateness of a separate Internal Audit function on a regular basis. To date, the Audit Committee has concluded that, due to the size, organizational structure and largely centrally controlled financial management of the company, a separate Internal Audit function is not necessary.

In the absence of an Internal Audit function, attention is paid to periodical review of the written guidelines and policies concerning accounting, reporting, documentation, authorization, risk management, internal control and other relevant matters in all departments. Related controls are also tested from time to time. The guidelines and policies are coordinated by the company’s finance department with active involvement by the legal department.

The absence of a separate Internal Audit function is considered when defining the scope of the company’s external audit. Where necessary, the Internal Audit services will be purchased from an external service provider.

To facilitate transparency and exchange of information on Internal Audit related matters, the financial management team has frequent meetings with the auditors. The Audit Committee also meets regularly with the auditors.

The company has taken into use a Whistleblowing Channel for employees to report any possibly corrupt, illegal, or other undesirable conduct.

Related party transactions

The Audit Committee defines the principles for monitoring and assessing F-Secure’s related party transactions. The definition of the related parties is based on IAS 24 standard. F-Secure collects information about its related parties on regular basis. The Board of Directors decides on related party transactions that are not conducted in the ordinary course of business of the company or are not implemented under arm’s-length terms. Related party transactions are disclosed as part of financial statements according to the applicable legislation.

Insider management

F-Secure complies with the applicable legislation, including EU Market Abuse Regulation (MAR), the regulations of the Finnish Financial Supervisory Authority as well as Nasdaq Helsinki’s Guidelines for Insiders. F-Secure has established its own insider policy to complement the regulation and guidelines above.

F-Secure maintains a list of all persons who have regular access to company’s financial data. Due to the sensitive nature of financial information, persons having access to financial information before publication of an interim financial report or a year-end report shall be subject to a thirty (30) day trading restriction prior to publication of such report.

In addition, F-Secure maintains a project-specific insider list of any projects and events which, if realized, would be likely to have a significant effect on the value of F-Secure’s shares or other financial instruments, and which have been subject to delaying of disclosure in accordance with MAR.

F-Secure has decided not to include any persons as permanent insiders. All persons with inside information regarding a project will be included in the project specific insider list.

Persons discharging managerial responsibilities comprise the Board of Directors, the CEO and other members of the Leadership Team. These persons have a duty to notify F-Secure and the Finnish Financial Supervisory Authority of every transaction in their own account relating to Financial Instruments of F-Secure within three business days. The company publishes these notifications as a stock exchange release, as specified by MAR. All releases published on managers’ transactions are available on the company’s website.

Auditors

The auditor is elected by the Annual General Meeting for a term of service ending at the close of the next Annual General Meeting. The auditor is responsible for auditing the consolidated and parent company financial statements and accounting. The auditor reports to the Board of Directors or the Audit Committee at least once a year.

2021:

F-Secure has been audited by PricewaterhouseCoopers with Janne Rajalahti, Authorized Public Accountant, as the responsible auditor.

F-Secure paid the auditor EUR 150,000 in audit fees (2020: EUR 147,000), and EUR 347,000 (2020: EUR 30,000) for non-audit services.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

73 CORPORATE GOVERNANCE

BOARD OF DIRECTORS

In this section are the biographies of the Members of the Board of Directors during 2021. Shareholdings are listed as of 31 December 2021 unless otherwise stated.

RISTO SIILASMAA

Chairman of the Board of Directors since 2006 Born 1966, M.Sc. (Engineering)

Main employment history:

Founder, President and CEO, Member of the Board, F-Secure, 1988–2006

Chairman of the Board 2012–2020, Member of the Board 2008–2012, Interim CEO 2013–2014, Nokia Corporation

Chairman of the Board 2016–2018, Vice-Chairman of the Board 2013–2015, Member of the Board 2007–2019, The Federation of Finnish Technology Industries

==> picture [174 x 111] intentionally omitted <==

Current board memberships and

public duties:

Founding Partner, Chairman of the Board, First Fellow Partners, 2016–

Chairman, Ministry of Finance – Technology Advisory Board, 2020–

Member of the Board, Futurice Corporation, 2018–

Member of the Board, Pixieray Oy, 2021– Senior Advisor, Boston Consulting Group, 2020– Member, International Advisory Board IESE, 2019– Member, Global Advisory Board of Yonsei University School of Business, 2020–

Member, Komatsu International Advisory Board, 2020–

Member, Global Tech Panel, an initiative of EU High Representative for foreign affairs and security policy, 2018–

Holdings: number of shares 60,011,037, holding 37.79%

==> picture [175 x 111] intentionally omitted <==

PERTTI ERVI

Member of the Board since 2003 Chairman of the Audit Committee Born 1957, B.Sc. (Electronics)

Main employment history:

Currently an independent management consultant and professional board member Chairman of the Board 2017–2020, Member of the Board 2009–2017, Teleste Corporation Co-CEO, Member of the Executive Board, Computer 2000 AG, 1995–2000 Co-founder, Managing Director, Computer 2000 Finland Corporation, 1983–1995

Current board memberships and public duties:

Chairman of the Board 2011–, Member of the Board 2008–, Efecte Corporation Chairman of the Board, Mintly Oy, 2017– Chairman of the Board, QPR Software Corporation, 2021–

Member of the Board, Pointsharp Ab, 2021– Holdings: number of shares 67,721

==> picture [175 x 111] intentionally omitted <==

PÄIVI REKONEN

Member of the Board since 2017 Chair to the Personnel Committee Born 1969, M.Sc. (Economics), M.Sc. (Social Sciences)

Main employment history:

Independent strategy advisor and professional board member, 2018–

Managing Director, Group Technology, UBS, 2014–2018

Senior Vice President, Global Head of Digital Strategy, Adecco Group, 2011–2012 Head of IT, Credit Suisse, 2007–2009 Various leadership positions, Cisco Systems, 1998–2007

Various leadership positions, Nokia Corporation, 1990–1998

Current board memberships and public duties:

Chair to the Board, SEBA Bank AG, 2020– Member of the Board, Efecte Corporation, 2018– Member of the Board, Konecranes Corporation, 2018–

Member of the Strategy Advisory Board, UNOPS, 2018–

Holdings: number of shares 23,538

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

CORPORATE GOVERNANCE

==> picture [174 x 111] intentionally omitted <==

TUOMAS SYRJÄNEN

Member of the Board since 2019 Born 1976, M.Sc. (Engineering)

Main employment history:

Data & AI Renewal, Futurice Corporation, 2019– CEO, Futurice Corporation, 2008–2018 Head of Business Unit, Futurice Corporation, 2003–2008

Business Development, Futurice Corporation, 2001–2002

Current board memberships and

public duties:

Member of the Board, Vaisala Corporation, 2019– Member of the Board, Futurice Corporation, 2018–

Member of the Board, Aito Intelligence Corporation, 2018–

Member of the Board, Taaleri Corporation, 2017– Member of the Board, Fira Group Corporation, 2015–

Holdings: number of shares 25,422

==> picture [174 x 111] intentionally omitted <==

KEITH BANNISTER

Member of the Board since 2020 Born 1966, B.Sc. (Hons) (Mathematics and Computer Science) Chartered Accountant (Fellow of ICAEW) Non-Executive Director – FT Advanced Professional Diploma

Main employment history:

Various leadership positions, KPMG LLP, London UK, 1987–2018

Partner, KPMG LLP, 2000–2018

Current board memberships and

public duties:

Member of the Board of Governors, Bridewell Royal Hospital, 2020– Holdings: number of shares 9,267

==> picture [175 x 111] intentionally omitted <==

ÅSA RIISBERG

Member of the Board since 2021

Born 1974, M.Sc. (Finance & Accounting and Finance)

Main employment history:

Partner, Member of the Extended Executive Committee, Global Head of Healthcare, Member of the Partners Committee and various other roles, EQT Partners AB, 2001–2020 Associate, Texas Pacific Group (UK), 2000–2001 Analyst, Morgan Stanley (UK), 1998–2000

Current board memberships and

public duties:

Member of the Board, Netcompany AS 2020– Member of the Board, Vifor Pharma Ltd, 2021– Member of the Advisory Board, Chiesi Pharma, 2021–

Member of the Board, Atlas Antibodies, 2021– Member of the Board, Internetmedicin, 2021– Member of the Board, Dagens Nyheter, 2020– Member of the Board, Bonnier News, 2020– Advisory Board Member, MSc Finance at Stockholm School of Economics, 2016– Holdings: number of shares 3,800

==> picture [175 x 111] intentionally omitted <==

ROBIN WIKSTRÖM

Member of the Board since 2021 Born 1988, D.Sc. (Economics and Business Administration)

Main employment history:

Head of Business Intelligence, F-Secure, 2019– Senior Manager, BI, F-Secure, 2018–2019 Various roles, F-Secure, 2016–2018 Senior Researcher, ÅA/PBI, 2014–2016 Holdings: number of shares 1,926

NON-CURRENT MEMBERS

BRUCE ORECK

Board member since April 2016 until March 2021 Holdings: number of shares 23,865

ROBERT BEARSBY

Board member since May 2020 until March 2021 Holdings: number of shares 1,822

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

CORPORATE GOVERNANCE

LEADERSHIP TEAM

In this section are the biographies of all the members of the Leadership Team during 2021. Shareholdings are listed as of 31 December 2021 unless otherwise stated.

==> picture [174 x 111] intentionally omitted <==

JUHANI HINTIKKA

President and Chief Executive Officer Born 1966, M.Sc. (Engineering) Member of the Leadership Team since 2020 Main employment history: President and CEO, F-Secure, 2020– Investor, advisor, 2018–2020 President and CEO, Comptel Corporation, 2011–2017

Various leadership positions, Nokia Corporation, 1999–2010 Various leadership positions, Konecranes Corporation, 1993–1999

Current board memberships:

==> picture [175 x 111] intentionally omitted <==

TOM JANSSON

Chief Financial Officer Born 1968, M.Sc. (Econ.) Member of the Leadership Team since 2021

Main employment history:

CFO, F-Secure, 2021– CFO, Posti Group Corporation, 2018–2021 CFO, Comptel Corporation, 2013–2017 Various leadership & finance positions, Tellabs Inc., 1994–2013

Current board memberships:

Member of the Board, Nightingale Health Corporation, 2021– Holdings: number of shares 0

==> picture [175 x 111] intentionally omitted <==

CHRISTINE BEJERASCO

Chief Technology Officer Born 1982, B.Sc. (Computer Science) Member of the Leadership Team since 2021

Main employment history:

CTO, F-Secure, 2021–

Vice President, Tactical Defense Unit, F-Secure, 2019–2021

Various technical & leadership roles, F-Secure, 2008–2019

Malware Researcher, PC Tools, 2006–2008 Various threat analysis positions, Trend Micro, 2003–2006

Holdings: number of shares 2,930

Member of the Board, The Federation of Finnish Technology Industries, 2022– Member of the Board, The European Cyber Security Organisation (ECSO), 2021– Member of the Board, Finnish Information Security Cluster – FISC ry (FISC), 2021– Holdings: number of shares 0

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

76 CORPORATE GOVERNANCE

==> picture [174 x 111] intentionally omitted <==

ARI VÄNTTINEN

Chief Marketing Officer

Born 1969, M.Sc. (Economics and Business Administration) Member of the Leadership Team since 2021

Main employment history:

CMO, F-Secure, 2021–

CEO and Founder, CMOwashere Oy, 2018–2020 CMO, Comptel Corporation, 2014–2018 Senior Director, Marketing, McAfee Corporation, 2014

Vice President, Marketing, Stonesoft Corporation, 2010–2013

Senior Executive Consultant, Talent Vectia Oy, 2007–2010

Global Marketing Manager, Nokia Corporation, 2004–2007

Holdings: number of shares 0

==> picture [174 x 111] intentionally omitted <==

ANTTI KOSKELA

Chief Product Officer

Born 1971, M.Sc. (Electrical Engineering) Member of the Leadership Team since 2021 Main employment history:

CPO, F-Secure, 2021– Vice President, Business Development, Elisa Corporation, 2020–2021 CDO and Vice President, Nokia Software, 2018–2020

CTO and Executive Vice President, Comptel Corporation, 2011–2017 Various leadership positions, Nokia Siemens Networks, 2007–2011 Various leadership positions, Nokia Networks, 1999–2007

Current board memberships:

Member of the Board, QPR Software Corporation, 2021–

==> picture [175 x 111] intentionally omitted <==

TIINA SARHIMAA

Chief Legal Officer

Born 1976, LL.M. Member of the Leadership Team since 2021 Main employment history: CLO, F-Secure, 2021– Vice President, General Counsel, F-Secure, 2018–2021

Director, Legal and Compliance, Nokia Corporation, 2017–2018 General Counsel, Head of Legal, Comptel Corporation 2015–2017

Legal Counsel, Comptel Corporation, 2004–2015 Legal Counsel, Hex Corporation, 2002–2003 Holdings: number of shares 2,250

==> picture [175 x 111] intentionally omitted <==

TIMO LAAKSONEN

Executive Vice President, Consumer Security Born 1961, M.Sc (Economics)

Member of the Leadership Team since 2021

Main employment history:

EVP, Consumer Security, F-Secure, 2021– Vice President, F-Secure, 2012–2021

Chief Commercial Officer, Tecnotree Corporation, 2010–2012

CEO, Xtract Ltd, 2008–2010 CEO, First Hop Ltd, 2001–2007 Senior Vice President, Commercial, Sonera Corporation (SmartTrust), 1998–2001 Holdings: number of shares 7,250

Holdings: number of shares 2,500

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

CORPORATE GOVERNANCE

==> picture [174 x 111] intentionally omitted <==

JUHA KIVIKOSKI

Executive Vice President, Business Security Born 1970, M.Sc. (Econ.) Member of the Leadership Team since 2018

Main employment history:

EVP, Business Security, F-Secure, 2019– EVP, Enterprise & Channel Sales, F-Secure, 2018–2019

Managing Director, Dustin Finland, 2015–2017 Vice President, Sales, McAfee / Intel Security, 2013–2015

Chief Operating Officer, Stonesoft, 2009–2013 Vice President, Stonesoft, 2004–2008 Holdings: number of shares 15,854

==> picture [174 x 111] intentionally omitted <==

EDWARD PARSONS

Executive Vice President, Consulting Born 1981, B.Sc. (History) Member of the Leadership Team, 2020-2021 Main employment history:

EVP, Consulting, F-Secure, 2022EVP, Cyber Security Consulting, F-Secure, 2020–2021

Managing Director, F-Secure Consulting (UK), 2018–2020 Director, MWR InfoSecurity, 2016–2018 Senior Manager, KPMG, 2013–2016 Civil Servant, 2006–2013 Consultant, Accenture, 2003–2006 Holdings: number of shares 6,998

==> picture [175 x 111] intentionally omitted <==

TIM ORCHARD

Executive Vice President, Solutions Born 1976, B.Sc. (Psychology) Member of the Leadership Team since 2019 Main employment history:

EVP, Solutions, F-Secure, 2022EVP, Managed Detection & Response, F-Secure, 2019–2021

Chief Operating Officer, Countercept, 2018–2019 Various leadership positions, BAE Systems Applied Intelligence, 2012–2018 Technical Director, Activity Info Management Ltd., 2007–2012 Holdings: number of shares 0

==> picture [175 x 111] intentionally omitted <==

CHARLOTTE GUILLOU

Executive Vice President, People Operations & Culture

Born 1978, M.A. (Adult Education) Member of the Leadership Team since 2021

Main employment history:

EVP, People Operations & Culture, F-Secure, 2021– Various leadership positions in human resources, OP Financial Group, 2018–2021

HR & Change Lead for Finance, KONE Corporation, 2018 Country Manager North, Scan-Horse A/S, 2017–2018

Various leadership positions in human resources, Fiskars Group, 2013–2017

Various leadership positions in human resources, Nokia Corporation, 2007–2012 Management Consultant, Deloitte Finland, 2004–2007 HRD Consultant, Psykologitoimisto Cresco, 2000–2003

Holdings: number of shares 0

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

CORPORATE GOVERNANCE

CHANGES IN LEADERSHIP TEAM COMPOSITION AFTER PERIOD-END

In January 2022, F-Secure changed its management structure and combined its Managed Detection and Response unit and Cyber Security Consulting unit under one Solutions unit, led by Tim Orchard as Executive Vice President, Solutions. Edward Parsons is now Executive Vice President, Consulting and reporting directly to Tim Orchard.

NON-CURRENT MEMBERS

JARI STILL

Chief Information Officer – until September 2021 Currently Vice President, Strategic Projects, F-Secure, 2021–

ERIIKKA SÖDERSTRÖM

Chief Financial Officer – until September 2021

ANTTI HOVILA

Executive Vice President, Strategy & Portfolio – until September 2021

JYRKI TULOKAS

Chief Technology Officer – until August 2021

KRISTIAN JÄRNEFELT

Executive Vice President, Consumer Security – until August 2021

EVA TUOMINEN

Executive Vice President, People Operations & Culture – until April 2021

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

REMUNERATION STATEMENT

REMUNERATION REPORT

Introduction

F-Secure renewed the Remuneration Policy and the Remuneration Report in 2020–2021 to comply with the EU Shareholder Rights Directive (SHRD) and Finnish Corporate Governance Code 2020. In 2021, the specified remuneration policy was presented for an advisory resolution by the Annual General Meeting. The specifications were related to the incentive scheme and the severance pay of the President and CEO. The Annual General Meeting approved the specified remuneration policy with an advisory resolution. The Remuneration Policy is available at F-Secure’s website.

To further increase the transparency of the governing bodies’ remuneration in F-Secure, the Remuneration Report 2021 contains more information on the variable remuneration than the Remuneration Report 2020. With the additional details, the Remuneration Report 2021 provides a comprehensive picture of the remuneration of the company’s governing bodies for the financial year 2021.

Remuneration principles at F-Secure

According to F-Secure’s Remuneration Policy, the executive remuneration is designed to promote the business objectives and long-term profitability of the company. The objective is to reward for performance and competencies. The remuneration is designed to be competitive in comparison to relevant peer groups, increase commitment and work engagement, and to be consistent across the organization. These principles have been taken into account in the company’s remuneration in the financial year 2021. In 2021, the remuneration of the Board of Directors and the President and CEO complied with the Remuneration Policy, and there were no deviations.

The President and CEO’s remuneration follows the same principles as the remuneration of all other employees, and this is evident in the performance criteria set for the variable remuneration. A significant portion of the President and CEO’s remuneration package is based on performance. If targets are met, the shortand long-term incentives comprise 57% of the total remuneration, as defined in the Remuneration Policy. The short- and long-term incentive plans are based on the company’s financial performance and shareholder value development to ensure a strong link between the company’s performance and CEO remuneration. The CEO is recommended to hold at least 50% of the shares received as rewards from the long-term incentive programs and to accumulate the shares from the incentive programs until the value of the shares received from the share programs equals the annual gross base salary of the CEO.

Remuneration in 2021

The Personnel Committee regularly reviews executive remuneration in F-Secure and compares it to peer groups to ensure competitiveness and alignment with market practices. During 2021, the Committee conducted a benchmark study to analyze CEO compensation against peer companies. The study showed that the President and CEO’s base salary is at market median, while the short- and long-term incentive earning opportunities are slightly above the market median.

The Committee also conducted a benchmark study to analyze the Board compensation against peer companies. The study showed that the Board’s remuneration is at market median level in Finland, but clearly below market median in some European countries.

In 2021, F-Secure continued the share-based long-term incentive plan for 2021–2023 introduced in 2020. The purpose of the share-based long-term incentive plan is to retain, motivate and reward individually selected key employees as well as to align their interests with those of the company’s shareholders by creating a long-term equity interest for these individuals.

The total remuneration paid to the President and CEO in 2021 was EUR 375,327 (EUR 541,237 in 2020, including remuneration paid to Samu Konttinen), of which EUR 25,083 (EUR 172,442 in 2020, including remuneration paid to Samu Konttinen) was in the form of variable pay. No share-based payments were made to the President and CEO in 2021.

At the end of 2021, the President and CEO held no shares of F-Secure.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

REMUNERATION STATEMENT

Remuneration of the Executives

F-Secure has been focusing on growth in the past years, which is visible in the company’s revenue development. In 2021, the COVID-19 pandemic still had a negative impact on some of F-Secure’s businesses, especially during the first quarter of the year. However, F-Secure was able to increase revenue and maintain the level of adjusted EBITDA in 2021.

The development of F-Secure’s executive compensation in 2017–2021 is described in the table below. The remuneration of the Board of Directors was brought closer to the market median levels in 2018, and it has stayed on the same level since. The total remuneration of the President and CEO has varied year by year as a significant part of the remuneration is tied to the company’s financial performance. It is also notable that due to the change of the President and CEO in 2020, there has not been any long-term incentive payments to the President and CEO in 2021.


Average annual remuneration(EUR)	2017		2018 6,361 466 0,000 80 0,500 40 2,279 62	2019 2020 ,780 482,863 ,000 80,000 ,500 40,000 ,650 61,832	2021
President and CEO1) Chairman of the Board Other Board Members2) Average employee3)	407,070 55,000 32,000 69,860	61			375,327
		8			80,519
		4			44,508
		6			66,878

1) Remuneration paid during the financial year, including the base salary as well as short- and long-term incentives.
2) The average remuneration paid to the Board Members, excluding the employee representative.
3) The total wages and salaries paid during the calendar year / average headcount during the year in all countries.

Revenue development 2017–2021

Value of theorethical investment of 100 EUR done in 2017

Adjusted EBITDA development 2017–2021

Share price development, paid dividends re-invested to share

==> picture [355 x 142] intentionally omitted <==

----- Start of picture text -----

236
217 220
191 14% 250
170 12%
200
7% 150
7%
1% 100
50
0
2017 2018 2019 2020 2021 2017 2018 2019 2020 2021
● Revenue, MEUR ● F-Secure
● Revenue development, year over year % ● OMX TECH
● HACK
----- End of picture text -----

==> picture [148 x 140] intentionally omitted <==

----- Start of picture text -----

36 36
23 54%
18 17 33% 2%
-5% -4%
2017 2018 2019 2020 2021
● Adjusted EBITDA, MEUR
● Adjusted EBITDA Development, year over
year %
----- End of picture text -----

==> picture [51 x 6] intentionally omitted <==

----- Start of picture text -----

Source: FactSet
----- End of picture text -----

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

REMUNERATION STATEMENT

Remuneration of the Board of Directors

The Annual General Meeting decided on March 24, 2021 that the Board of Directors is paid fixed annual compensation for the term ending at the end of the next Annual General Meeting. The annual fee for the Chairman of the Board is EUR 80,000, for the Committee Chairs EUR 48,000, for Members of the Board EUR 38,000, and for a Board Member belonging to the personnel of the company EUR 12,667. The annual remuneration remained unchanged.

The Annual General Meeting decided that approximately 40% of the annual remuneration is paid in F-Secure’s shares repurchased from the market. There are no special terms or conditions associated with owning the shares received as remuneration. The company will pay any applicable transfer tax arising from remuneration paid in shares.

For the Members of the Board of Directors, changes in the holdings of the company shares and rewards paid in shares are reported according to the Market Abuse Regulation. Related stock exchange releases are available on the company’s website.

The Board of Directors Remuneration in 2021

					Total 80,519 50,312 39,247 54,4894) 38,247 40,247 12 667 – 315,727
Member Risto Siilasmaa Pertti Ervi Åsa Riisberg2) Päivi Rekonen Tuomas Syrjänen Keith Bannister Robin Wikström2) Bruce Oreck5) Total	Annual fee paid in cash 1) 48,066 28,840 22,831 32,344 22,831 22,831 7,531 – 185,274	Annual fee paid in shares, EUR 32,453 19,472 15,415 20,145 15,415 15,415 5,136 – 123,452	Annual fee paid in shares,pcs 8,000 4,800 3,800 4,966 3,800 3,800 1,266 – 30,432	Meeting feespaid3) – 2,000 1,000 2,000 – 2,000 – – 7,000	Total
					80,519 50,312 39,247 54,489 38,247 40,247 12 667 –
					315,727

1) Annual fee paid in cash including the transfer tax paid due to the share-based remuneration

2) Since 24 March 2021.

3) Meeting fees paid based on international travel.

4) Päivi Rekonen was appointed as the Chair to the Personnel Committee in November 2020 and the total remuneration paid in 2021 includes the fee from the 2020–2021 term that was not paid in 2020.

5) Until 24 March 2021 – no payments were made in 2021.

A separate meeting fee of EUR 1,000 is paid to the Board members travelling from another country to an on-site meeting within the European continent. If inter-continental travel is required, the fee is EUR 2,000.

The travel expenses and other costs directly related to the Board work of the members of the Board of Directors are paid in accordance with the company’s compensation policy in force at any given time. In addition, the Chairman of the Board of Directors is offered assistant and administrative services.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

REMUNERATION STATEMENT

Remuneration of the President and CEO

The remuneration of the President and CEO is decided by the Board of Directors. The main components of the President and CEO’s total remuneration are base salary and short- and long-term incentives.

Salaries and financial benefits paid in and accrued based on 2021 are described in the table below:


Base salary, includingfringe benefts Pension/ Other fnancial benefts Short-term incentive (STI) Earning period 2020 Earning period 2021 Long-term incentive (LTI), EUR/shares Total	Payments in 2021 EUR 350,244 – EUR 25,083 – – EUR 375,327	Accrued based on 2021
		– – – EUR 205,275 –
		EUR 205,275

President and CEO Pay mix 2021

==> picture [203 x 99] intentionally omitted <==

----- Start of picture text -----

Target remuneration Actual remuneration
7%
36%
43%
21% 93%
● Base salary ● STI ● LTI
----- End of picture text -----

Short-term incentive (STI) payments were done bi-annually until the performance period of 2020, but the payment cycle was changed to annual as of 2021. Thus, the reward for the full year 2021 will be paid in one instalment in February 2022.

The target STI reward for the President and CEO is 50% of annual base salary, maximum payout being approximately equal to the annual base salary. The STI reward for the President and CEO is paid partly or fully to a pension fund. The Board of Directors decides annually on the contribution to the fund. The contribution can be anything from 0% to 100% of the earned STI reward.


STI Plan	Target reward (% of base salary)	Performance Criteria	Weight	Performance	Total Weighted Performance	Payment
STI 2020 STI 2021	50% 50%	Revenue Adjusted EBITDA Revenue Adjusted EBITDA	60% 40% 60% 40%	10.0% 200.0% 108.7% 130.3%	86.0% 117.3%	February 2021
						February 2022

In 2021, the former CEO and President, Samu Konttinen was paid the STI reward based on the performance period 2020. The reward was in total EUR 91,503.

The STI Plan 2021 for the President and CEO was based on F-Secure’s revenue with 60% weight and adjusted EBITDA with 40% weight of total. The overall performance for these two criteria was 117.3%.

The STI Plan 2020 for the President and CEO was based on F-Secure’s revenue with 60% weight and adjusted EBITDA with 40% weight of total. The overall performance for these two criteria was 86.0%, and the corresponding reward was paid in February 2021. The reward was pro-rated according to the employment time with the company.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

REMUNERATION STATEMENT

No Long-term incentive (LTI) payments were made to the President and CEO during 2021.

The President and CEO has been granted 76,000 shares within the Performance Share Plan (PSP) 2021–2023 according to the guidelines defined in the company’s Remuneration Policy. This grant represents the target level reward, the maximum reward being two times the target allocation. Final reward is determined based on the extent to which the targets have been reached during the performance period.

As reported in the Remuneration Report 2020, the President and CEO was granted a one-time allocation of 40,000 shares within the Restricted Share Plan (RSP) 2021–2023. The reward is conditional to continuous service with the company at the time of payment in 2024.

The key terms of service of the President and CEO

The contract of the President and CEO is an indefinite contract with a six-month period of notice both ways. If the company terminates the contract of employment, the President and CEO is entitled to a severance payment equivalent of six months’ base salary.

The President and CEO does not have a supplementary pension plan, and the determination of his pension conforms to the standard rules specified by Finland’s Employee Pension Act (TYEL). The President and CEO’s retirement age is also determined by the statutory pension system and is 65 years under the applicable Finnish legislation.

The President and CEO – Current LTI Plans


LTI Plan	Target reward (pcs of shares)	Performance Criteria	Weight	Performance	Payment
PSP 2021–2023 RSP 2021–2023	76,000 40,000	Absolute Total Shareholder Return –	100% –	– / Plan ongoing – / Plan ongoing	H1 / 2024
					H1 / 2024

In 2021, the former CEO and President, Samu Konttinen was paid the reward from LTI Plan 2018–2020. The reward was paid partly in shares (21,600 pcs) and partly in cash (EUR 41,472) to cover the taxes. The total reward corresponded to EUR 82,944.

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

INFORMATION FOR SHAREHOLDERS

Contact information

==> picture [166 x 112] intentionally omitted <==

Tom Jansson, CFO, F-Secure Corporation

Financial calendar

During the year 2022, F-Secure Corporation will publish financial information as follows:

[Interim Report for January–March 2022, April 21, 2022]
[Half-Year Financial Report for January–June 2022, July 14, 2022]
[Interim Report for January–September 2022, October 27, 2022]

Annual General Meeting

The Annual General Meeting is scheduled for Wednesday, March 16, 2022. The Board of Directors will convene the meeting.

+358 40 700 1849 [email protected]

content F-Secure design and layout Kreab photographs F-Secure

Board of Directors’ Report

Financial statements

Corporate responsibility

Corporate governance

F-Secure 2021

F-Secure Corporation Tammasaarenkatu 7 P.O. Box 24, 00181 Helsinki Tel. +358 9 2520 0700 [email protected] www.f-secure.com

AI assistant

F-Secure Oyj — Annual Report 2021

3268_rns_2022-02-17_7aa74f23-33aa-4e84-aeb9-51ec9dd0dcec.pdf

CONTENTS

F-SECURE 2021

BOARD OF DIRECTORS’ REPORT

FINANCIAL STATEMENTS

NON-FINANCIAL INFORMATION

CORPORATE GOVERNANCE

INFORMATION FOR SHAREHOLDERS

KEY FIGURES 2021

GROWING IN ALL BUSINESSES

Key facts

Revenue development and adjusted EBITDA, MEUR

Revenue split by business, %

Revenue split by region, %

BUSINESS MODEL: MONETIZING THROUGH SOFTWARE AND SOLUTIONS – TWO BUSINESSES AND THREE PLAYBOOKS

PORTFOLIO IN CORPORATE SECURITY

Reported as:

VALUE PROPOSITION IN CONSUMER SECURITY

“

PRODUCTS AND SERVICES

Corporate security

F-Secure Elements – one cloud-native platform for chosen cyber security solutions

Independent cyber security solutions

Cyber security services

Consumer security

F-Secure SAFE

F-Secure SENSE

F-Secure ID PROTECTION

F-Secure FREEDOME

F-Secure KEY

A YEAR OF STRATEGY CLARIFICATION – PAVING THE WAY FOR THE SEPARATION OF CONSUMER SECURITY BUSINESS

Award-winning security

Clarification of strategy

BOARD OF DIRECTORS’ REPORT 2021

Financial performance and key figures

Corporate security

Products

Cyber security consulting

Consumer security

Service Providers (previously Operators)

Direct sales

Gross margin

Operating expenses

Profitability

Cash flow

Acquisitions and financial arrangements

Changes in the group structure

Capital structure

Research and development

Organization and leadership

Personnel

Leadership team

Shares, Shareholders’ Equity, Own Shares

Risks and uncertainties

COVID-19 pandemic

Cyber security incident

Endpoint protection market disruption

Market consolidation

Risks relating to launch of new technologies

Attracting and retaining talent

Geopolitical risks

Currency fluctuations

Annual General Meeting

Market overview

Outlook

Medium term financial targets

Board of Directors’ proposal for the distribution of profit

Events after period-end

KEY FIGURES

Turnover and average share price per month 2021

CALCULATION OF KEY RATIOS

Reconciliation between adjusted EBITDA, EBITDA, adjusted EBIT and EBIT

Classification of adjusted costs in operating expenses

Shares and shareholders

Shares and share ownership distribution, 31 Dec 2021

Largest shareholders and administrative register

Ownership of management

Ownership of management

F-Secure Oyj Annual Report 2021