Acquisition



NCC Group

Third leading security and testing operation acquired

27 November 2008 - NCC Group plc (LSE: NCC, 'NCC Group' or 'the Group'), the international, independent provider of Escrow Solutions, Assurance Testing and Consultancy, has acquired Next Generation Security Software Ltd ('NGSS'), a security and testing company, for a maximum consideration of up to £10.0m in cash.

This is the third acquisition by NCC Group in less than two years and as well as complementing its own capabilities in the network, testing and software security market, it will also substantially strengthen the Group's position in this fast growing sector.

NGSS is a leading software security specialist and research consultancy providing security advice and practical assistance to a range of public and private organisations to ensure their systems, networks and web sites are secure. NGSS also provides strategic intelligence services to various government agencies. 

NGSS' services include Penetration Testing, Infrastructure and Application Assessment, Cryptography Evaluation, BlackBerry Assessment, Forensics, PCI Testing and Wireless Review. NGSS' research department has developed a number of sophisticated and advanced IP software products and solutions providing organisations with state-of-the-art auditing and protection against both current and emerging security threats.

The initial consideration payable on completion, subject to NGSS' cash balance, is up to £5.2m, with a further performance related payment of up to £4.8m.  The latter is expected to be paid in August 2009.  The acquisition will be financed from NCC Group's existing debt facilities and internally generated cashflow.  

In the year ended 31 May 2008, NGSS generated revenue of £5.2m and profit before tax of £0.5m (see note 1). NCC Group expects that the business should contribute over £0.9m of profit before tax on revenues in excess of £6.0m in its first 12 months of NCC Group ownership, before any investment. As at 31 May 2008, NGSS had gross assets of £2.4m (see note 2). The business is net working capital positive on acquisition.

NGSS, established in 2001, is based in Sutton, Surrey and employs 52 people, including 37 testers some of whom are based in offices in the US, Australia and Scotland. Its clients include a number of blue chip businesses such as Microsoft, Comic Relief, Commerzbank, McAfee and Centennial Software.  

Although NGSS will be managed autonomously within the Group's Assurance Testing Division, it will work closely with the rest of NCC Group, particularly the Information Security Consultancy Division. The NGSS management team is staying with the business.

NCC Group expects to publish its interim results on 22 January 2009 and confirms that trading remains in line with both the IMS statement of 16 October 2008 and the Board's expectations.

  Rob Cotton, NCC Group Chief Executive, said:

'NGSS is without any doubt one of the most respected security assurance businesses in the market today. This acquisition is an important step in our development of the assurance division and clearly fits with our strategy of being market leader in the area of web security and associated testing, where we are already enjoying considerable success.

'We now have the largest CHECK* accredited team in Europe, a substantially enhanced offering and a wider global reach.'  

ENDS

Enquiries:

NCC Group                             0161 209 5200

Rob Cotton, Chief Executive

Paul Edwards, Group Finance Director

College Hill                             020 7457 2020

Adrian Duffield/Belinda Morris

NCC Group will host an analyst conference call today at 8.30am, details are:

UK dial-in	0870 043 6302
International dial-in	+44 (0)1452 555 566
Conference ID	75867373

Note 1. Historic profit figures represent normalised, pre-exceptional figures extracted from un-audited management accounts for the year ended 31 May 2008.

Note 2. Historic gross assets figures are extracted from NGSS' filed financial statements for the year ended 31 May 2008.

*CHECK Certification 

CESG, the National Technical Authority for Information Assurance, launched the CHECK (IT Health Check) initiative in partnership with private sector service providers to address an increased demand for security auditing services for government systems. The scheme requires participating commercial organisations to conform to the CHECK standard when conducting CHECK tests. To become CHECK Team Leaders individuals are required to pass an 'Assault course' designed to assess IT security consultants against a baseline skill set of practical penetration testing. The aim of the Assault Course is to ensure that the candidate can perform a complete and thorough technical IT health check as defined by CESG criteria. 

ENDACQILFITLELRFIT