secunet Security Networks Aktiengesellschaft: history, ownership, mission, how it works & makes money

Founded in 1997 as a TÜV Mitte spin-off, secunet Security Networks AG has grown into Germany's largest information security firm-driven by flagship technologies like the co-developed SINA architecture and bolstered in 2009 when Giesecke+Devrient became its majority shareholder; the company posted €347 million in revenue in 2022, rose to a record €406.4 million in 2024, and in Q1 2025 delivered a striking 35.9% year-on-year revenue increase while confirming an annual forecast around €425 million, operating across Public and Business segments with products such as SINA, EasyPASS and secure healthcare telematics, monetizing through product sales, consulting, maintenance, R&D collaborations and licensing, and serving federal ministries, defense, healthcare and corporate clients from its Essen headquarters and multiple offices.

secunet Security Networks Aktiengesellschaft (0NWC.L): Intro

• Founded: 1997 (spin-off from TÜV Mitte AG)
• Headquarters: Essen, Germany
• Major shareholder since 2009: Giesecke+Devrient (majority stake)
• Flagship product family: SINA (Secure Inter-Network Architecture), co-developed with the Federal Office for Information Security (BSI)
• Employee base: >1,000 (2022); expanded through 2023-2025 hiring and acquisitions

• 1997 - Company founded as a security-focused spin-off from TÜV Mitte AG's IT division.
• 2000s - Development and market introduction of SINA in cooperation with BSI, establishing secunet as a trusted supplier for government secure networks.
• 2009 - Giesecke+Devrient becomes majority shareholder, providing capital and industrial partnership to accelerate growth.
• 2010s - Expanded product portfolio into e-health, e-government, identity solutions, and cryptographic devices.
• 2022 - Reported revenue of €347 million and employed over 1,000 staff.
• 2024 - Revenue reached €406.4 million, the eleventh consecutive sales record and first time above €400M.
• 2025 Q1 - Reported a 35.9% year-over-year increase in Q1 revenue and confirmed an annual revenue forecast of approximately €425 million.

• SINA product family: end-to-end secure networking appliances and architecture used by government and critical infrastructure for compartmentalized, high-assurance communications.
• Identity & Access: smart card solutions, eID infrastructure, authentication platforms, and identity lifecycle services.
• Cryptography & HSMs: cryptographic modules and hardware security modules for secure key management and compliance.
• Integration & Managed Services: system integration, consultancy, penetration testing, secure operations, and managed security services for long-term contracts.
• Specialized vertical solutions: e-health (secure patient data exchange), e-government (digital ID, secure submission portals), and industrial cybersecurity.

• Product sales: SINA appliances, cryptographic devices, smart cards, and HSMs - typically one-time or multi-year licensing plus hardware revenue.
• Project and integration services: systems integration, bespoke development, deployment projects for public sector and enterprise customers.
• Support & maintenance: recurring service contracts and software maintenance agreements providing stable annuity-like revenue.
• Managed services & operation: outsourced secure network operation and managed security services billed periodically.
• Training & certification: courses, audits, and BSI-related compliance consulting.

• Trusted public-sector supplier with BSI-aligned products (SINA) and long-standing government contracts.
• Differentiation via high-assurance hardware + software stack and deep integration capabilities for critical infrastructures.
• Stable ownership under Giesecke+Devrient since 2009, providing capital, market access, and scale advantages.
• Recurring revenue mix from support, maintenance, and managed services that smooths cyclicality of project sales.

• Deliver national-scale secure IT infrastructure and identity solutions that meet stringent certification and regulatory requirements.
• Strengthen Germany and EU digital sovereignty through in-country trusted technology stacks and certified cryptographic products.
• Grow recurring revenue and international presence while maintaining high-assurance product certification standards.

secunet Security Networks Aktiengesellschaft (0NWC.L): History

• Stock market: Listed on the SDAX (Germany) and traded under ISIN DE0007336007.
• Major strategic investor: Giesecke+Devrient (G+D) holds a majority stake, providing strategic alignment and capital backing.
• Free float: Remaining shares are publicly held by institutional and retail investors, creating a diversified public shareholder base.

• Strategic control: G+D's majority stake enables coherent strategy across secure-identification and cybersecurity offerings, creating product and sales synergies.
• Access to capital markets: Being publicly listed gives secunet liquidity and capital-raising channels to fund R&D, M&A, and scaling into adjacent markets.
• Governance & transparency: As an SDAX company, secunet follows strict reporting, audit and corporate-governance standards, which reassures institutional investors and customers in security-sensitive sectors.

secunet Security Networks Aktiengesellschaft (0NWC.L): Ownership Structure

• Mission: Provide comprehensive cybersecurity solutions protecting digital infrastructures, data, applications, and digital identities.
• Innovation: Continuous R&D to develop advanced security technologies addressing emerging cyber threats.
• Standards: SINA product line accredited to NATO and EU SECRET classifications, underpinning high-assurance use in government and defense.
• Collaboration: Close partnerships with public institutions, private enterprises, and international organizations to enhance global cybersecurity.
• Integrity & Trust: Deliver reliable solutions for safeguarding critical information and digital identities.
• Digital sovereignty: Empower governments, businesses, and society to retain control over digital assets.

How it works and makes money

• Product sales: High-assurance hardware and software (e.g., SINA encryptors, identity & access solutions) sold to governments, defense, critical infrastructure, and regulated industries.
• Services & integration: System design, secure integration, certification services, and managed security services that accompany product deployments.
• Licensing & recurring revenue: Software licenses, maintenance contracts, updates, and long-term service agreements provide predictable recurring income.
• Consulting & accreditation support: Security assessments, certification assistance (for NATO/EU SECRET), and tailored consulting to meet compliance needs.

secunet Security Networks Aktiengesellschaft (0NWC.L): Mission and Values

• Public Sector: Supplies end-to-end, certified secure communication and identity solutions to federal ministries, defense, intelligence and homeland security agencies. These offerings protect confidentiality, integrity and availability of governmental data and citizen identity services.
• Business Sector: Delivers industry-focused cybersecurity products and managed services to healthcare, finance, telecommunications and critical infrastructure operators to secure patient data, financial transactions and network infrastructure.

• SINA architecture: A certified high-assurance platform for secure communication (endpoints, networks and service integration) used extensively in government and defense.
• EasyPASS automated border control systems: Biometric eGates and enrollment systems deployed at airports and border crossings to speed up secure identity verification.
• Healthcare secure telematics infrastructure: Components and services enabling encrypted, authenticated exchange of medical records and electronic prescriptions.
• Identity & authentication products: Smartcard-based eID, ePassport and PKI developments for secure digital identities.
• Managed security & consulting: Assessments, incident response, integration and ongoing operation support tailored to regulated sectors.

• High R&D intensity: secunet consistently allocates a double-digit percentage of revenue to research and development to maintain certifications (e.g., Common Criteria, national IT security certifications) and to evolve cryptographic and biometric capabilities.
• Certification-driven barriers: Many products are mandated by government procurement rules to have specific national or international certifications, creating high switching costs for customers.
• Specialized workforce: A concentration of cryptographers, security engineers and certification experts enables rapid response to emerging threats and regulatory changes.

• Localized support: Multiple offices across German cities and a network of international partners allow on-site support and compliance with national procurement rules.
• Export/partner model: Direct supply to national authorities combined with partner-led deployments internationally for specialized systems (e.g., border-control gates).

• Product sales: One-off sales of SINA components, eGates and identity hardware.
• Systems integration & projects: Custom engineering, deployment and certification projects-often multi-year and high-margin for public-sector contracts.
• Services & maintenance: Recurring revenues from support, software updates, managed security services and certification renewals.
• Consulting & training: Professional services for audits, compliance, secure design and incident response.

• Revenue visibility: Strong for the Public Sector due to long procurement cycles and framework contracts; Business Sector growth depends on industry digitalization and compliance investments.
• Margin levers: Increasing share of recurring services and higher-margin integration projects improves gross and operating margins over time.
• Regulatory & certification risk: Dependence on national certification regimes requires sustained investment and can impose time lags on product updates and exports.
• Competitive landscape: Faces competition from generalist cybersecurity vendors, but retains advantage in high-assurance, certified solutions demanded by government and regulated industries.

secunet Security Networks Aktiengesellschaft (0NWC.L): How It Works

• Core product families: SINA (Secure Inter-Network Architecture) appliances and clients, secure eHealth solutions, cryptographic modules, and secure VPN/Gateway hardware.
• Professional services: security consulting, auditing, penetration testing, certification support, and system integration.
• Lifecycle services: maintenance contracts, software updates, certification recertification support, and customer training.

• Product engineering and R&D: in-house development teams build products to meet national and international security certifications (e.g., Common Criteria, ITSEC-equivalent assessments).
• Certification-first go-to-market: many offerings are sold on the basis of certifications required by public-sector buyers (federal and state governments), enabling premium pricing and preferred-supplier status.
• Project-based delivery: large-scale deployments (national ID, eHealth, secure networks) are executed as turnkey projects combining hardware, software, integration and long-term support.
• Partner and export channels: secunet uses certified reseller and integrator networks for international delivery and local compliance, often working with domestic system integrators in target markets.

• Sale of cybersecurity products: secunet's principal revenue source is the sale of certified hardware and software (SINA appliances, cryptographic modules, secure clients) to government and large enterprise customers.
• Consulting & auditing services: professional services for security architecture, compliance audits and certifications generate significant project revenue and create upsell pathways into product and long-term support contracts.
• Maintenance and support contracts: multi-year maintenance agreements and software update subscriptions provide recurring revenue and higher lifetime value per customer.
• Research & development collaborations: public-sector-funded R&D and government contracts (national security, healthcare IT) subsidize development costs and secure long-term procurement relationships.
• Licensing of proprietary technologies: licensing of the SINA architecture and related IP to partners and integrators adds a non-product licensing revenue stream.
• International projects and exports: secunet executes cross-border projects-often via local partners-supplementing domestic sales and enabling economies of scale.

• Large public-sector procurements drive lumpy but sizable project revenues; these are often followed by multiple years of maintenance and support income.
• Certification requirements create high entry barriers for competitors and enable premium pricing for certified solutions in regulated markets (defense, health, government).
• R&D-funded collaborations and grant-backed development reduce upfront commercial risk for new product lines while tying secunet into long-term governmental programs.

secunet Security Networks Aktiengesellschaft (0NWC.L): How It Makes Money

• Core revenue streams: software licenses, appliance sales, professional services, maintenance & support, and managed security services.
• Customer base concentration: strong public-sector sales (federal and state governments) combined with growing enterprise adoption across finance, healthcare, and critical infrastructure.
• R&D-driven product pipeline: investments in cryptography, secure authentication, and cloud-native security offerings to capture higher-margin, scalable revenue.

• Growth drivers: increased government cybersecurity spend, critical infrastructure hardening, and enterprise compliance requirements.
• Financial strengths: accelerating revenue, predictable contract-backed cash flows, and reinvestment into R&D to defend margins.
• Risks: procurement cycles in public sector, competition from global vendors, and technological change-mitigated by certifications and domain expertise.