NCC Group plc Annual Report 2022

Although competition for customers and talent is also growing, our continued portfolio evolution and differentiation enable us to take advantage of the tremendous opportunities the cyber services market offers, fuelling our growth now and in the future.

NCC Group’s continued portfolio evolution and differentiation Through our combined cyber and software resilience solutions we enable our customers to confidently innovate and embrace new technologies to build responsible, sustainable and resilient organisations that thrive and succeed. Our service orientated research and development, and strategic investments to meet our customers’ current and future challenges have allowed and will allow us to: • Innovate to integrate Microsoft XDR to manage threat monitoring and detection for Microsoft customers • Differentiate our Remediate service through investment in technical depth, expertise, scale and global footprint to assess existing risk position, and prioritise and fix security weaknesses as part of a structured security improvement plan • Enhance our offering into the operational technology and industrial control systems space with the acquisition of Adelard – a critical computer system safety advisory business • Provide expertise to address continued innovation in cloud- delivered services through our Software Resilience capabilities Our tenure, stability and reputation mean we remain an attractive destination for global talent at all stages of the career and we continue to invest in creating a world-class environment in which everybody is welcome and can be successful. For more information about life at NCC see pages 47 to 54

Cyber resilience is a key component of ESG and sustainability measures, which make knowledge of and compliance with required governance an integral element of any organisation’s licence to operate. In the past 12 months some of the developments we’ve seen include: • Publication of the UK government’s Cyber Security Strategy for the public sector, following the launch of its National Cyber Strategy in December 2021 • The Monetary Authority of Singapore revised its 2013 Technology Risk Management guidelines, requiring financial institutions to have oversight of all third party providers, system and software development and guidance on board and senior management roles. And the International Organization of Securities Commissions (IOSCO) launched a consultation into embedding resilience by design into the financial system • This year saw the European Commission and the United States government announce a new Trans-Atlantic Data Privacy Framework. Currently EU to US transfers of personal data require the exporter to adopt an approach that provides for appropriate safeguards to a standard that is of “essential equivalence”. While just a statement of intent, this is a good example of where legislation and regulations could make it easier for organisations to comply and protect their stakeholders • The Digital Operational Resilience Act (DORA) is expected to come into effect in 2023 and aims to simplify and update the rules on ICT risk management in the face of rapid technology adoption. Similar legislation has been introduced to the UK Parliament Read more on page 23

Growing competition for customers and talent

Continued portfolio evolution and differentiation

NCC Group plc — Annual report and accounts for the year ended 31 May 2022

17

Made with FlippingBook Online newsletter maker