Why the board walked away from a sale
The review, disclosed on 11 June 2025 alongside half-year results, considered all options including a full sale of the company, according to the company's statement. The board determined that remaining listed "is in the best interests of shareholders at this time."
"The company is not in receipt of any approaches or in discussions with any party in relation to a potential sale of the company."
That language is notable. It confirms not only that the board chose to stay independent, but that no bidder was waiting in the wings. In a sector where take-private activity has been relentless, the statement amounts to a deliberate line in the sand.
The backdrop matters. Darktrace was taken private by Thoma Bravo in 2024, removing one of the London market's highest-profile cybersecurity names. Sophos left public markets years earlier. For UK-listed mid-cap cyber firms, the gravitational pull of private equity has been strong. NCC's decision to resist that pull, and to do so explicitly after a formal review, is a counter-trend worth watching.
The board's logic, as stated, rests on the view that the business is now properly shaped for its next phase. Three non-core disposals in roughly two years have turned NCC from a diversified assurance group into what it calls "a focused, pure-play cyber security and resilience business." The implication is that the market has not yet priced in that transformation, and that the board believes it can deliver more value by running the company than by selling it at prevailing valuations.
What the half-year numbers show
For the six months to 31 March 2026, NCC reported group revenue of £151.3m, a 5% increase on the prior-year period, according to the company's results. Cyber revenue, the continuing core, rose 5.9% to £118.4m. That growth was driven by a 12.5% increase in the UK and APAC regions.
Escode, which has now been sold, contributed £32.9m in revenue during the period, up 1.9%.
The more striking figure sits further down the income statement. Group adjusted EBITDA climbed 27.7% to £23.5m, compared with £18.4m in H1 2025. Within that, cyber adjusted EBITDA (including central and head office costs) surged 130.6% to £8.3m. Escode's adjusted EBITDA edged up 2.7% to £15.2m.
The cyber margin expansion is significant. A consultancy-led model is inherently people-heavy, and margins in penetration testing and managed security services tend to be thinner than in software. The jump to £8.3m from a much lower base suggests that operational restructuring, not just revenue growth, is feeding through. Whether that trajectory holds as Escode's contribution drops away will be the key question for the full year.
£185m heading back to shareholders
The Escode sale completed at the end of May 2025, delivering £262.8m in cash, according to the company. NCC intends to deploy the bulk of those proceeds through two mechanisms: a £170m tender offer and a subsequent £15m share buy-back programme.
Both are subject to due process. The company stated that a capital reduction will be required to create sufficient distributable reserves before the buy-back can proceed.
The combined £185m return is substantial relative to NCC's market capitalisation. It reflects a board that has decided to hand back the Escode windfall rather than pursue acquisitions or diversify again. For a mid-cap that spent years assembling a portfolio of adjacent businesses, the discipline is pointed.
The tender offer structure gives shareholders a direct route to liquidity at a set price, rather than relying on open-market sales. It is a mechanism more commonly associated with post-disposal capital returns at larger companies, but it suits NCC's situation: a concentrated cash event from a single asset sale, with a clear message that the remaining business does not need the capital.
What a pure-play cyber listing means for the sector
NCC's transformation has been methodical. The disposal of Fox-IT DetACT completed in April 2024. Fox-IT Crypto followed in March 2025. Escode, the escrow and software resilience arm, closed in May 2025. Each exit removed a business that, while profitable, sat outside the core cyber consulting and assurance offering.
What remains is a company built around penetration testing, security consulting, and managed detection and response. These are services businesses, reliant on skilled headcount and client relationships rather than recurring software licences. That model carries risks: utilisation rates matter, wage inflation bites, and scaling without margin dilution is hard.
But it also carries advantages that public markets can, in theory, reward. Cyber consulting revenues tend to be diversified across hundreds of clients. Regulatory tailwinds, from NIS2 in Europe to the UK's own evolving cyber resilience framework, are creating structural demand. And the shift to a single vertical simplifies the equity story for institutional holders.
The board acknowledged macroeconomic uncertainty in its statement, noting it "remains mindful of the prevailing macroeconomic environment." That caveat is standard, but it also reflects a genuine tension. Cyber budgets have proven resilient through recent downturns, yet consultancy spend is more discretionary than software subscriptions. NCC will need to demonstrate that its clients treat security assessments as non-negotiable, not as line items to defer.
For the broader UK cyber supply chain, NCC's decision to stay listed preserves one of the few domestic public-market benchmarks in the sector. It also signals that not every mid-cap board views a private-equity exit as inevitable. Whether the market rewards that conviction will depend on whether the half-year margin improvement proves durable, and whether a leaner NCC can grow its cyber revenues consistently above the mid-single-digit range.
