Highly publicised hack attacks and a surge in government support have given UK cybersecurity startups the opportunity to step up to defend people against digitally savvy criminals
Humankind has never been as connected as it is today. Thanks to the technological leaps the world has made over the past few decades, everything from romance to banking can be easily organised with a few swift swipes on an iPhone. “But criminals’ capacity to disrupt our lives has evolved at the same rate as technology,” says Paul Holland, CEO of Beyond Encryption, the cybersecurity startup. Fortunately an emerging startup ecosystem is rapidly turning the UK into a hotbed of innovation dedicated to protecting the digital frontier.
While technology has been used to protect the UK since Alan Turing developed the first modern computer to crack the Enigma code during World War Two, there’s a higher demand than ever for products that defend people, companies and countries against digital breaches. Fortunately, rapidly responding to pain points is one of the areas in which startups excel. “The whole point of entrepreneurialism is to spot problems that no one is solving adequately and come up with a solution,” says Gary Stewart, director at Wayra, Telefónica’s accelerator.
Over the past few years, it’s become easy to see the need for these services. “There have been a lot of incidents recently where big attacks have affected a large number of people,” says Stewart. Not only have hackers allegedly meddled with US presidential election but companies like Ashley Madison, Facebook and Netflix have also fallen prey to the malicious intent of digitally savvy offenders. And dealing with the fallout of these breaches isn’t cheap. For instance, Yahoo had to shave $350m off its price tag in February during its sale to Verizon after it was revealed that over one billion of its users’ accounts had been breached. SMEs aren’t left unscathed either: the Federation of Small Businesses estimates that small British firms annually spend £5.26bn dealing with cyber attacks. “The level of attacks we’re seeing is driving a lot of companies to understand their responsibility and the importance of cybersecurity,” says Poppy Wood, founding member and chief of staff at CyLon, Europe’s first cybersecurity accelerator.
Responding to the actions of laptop-wielding larcenists has now become a lucrative opportunity for entrepreneurs and venture capitalists alike. “There’s a lot of interest from investors,” says Wood. In the last year alone, cybersecurity startups like Darktrace, ZoneFox and Garrison Technology have respectively raised £50m, £3.6m and £12m in their funding rounds. And it’s not just companies ready to scale that benefit from this surge in funds: investors are increasingly interested in cybersecurity startups raising seed rounds. “Angel and institutional investors can invest somewhere between £200,000 to £1m in these rounds,” says Wood.
And it does seem that the UK is rapidly becoming a leader in this space. Between 2012 and 2016, only two countries’ cybersecurity companies received more VC investment than British ones. According to data from CB Insights, the venture-capital database, during that period 75% of global VC investment deals in cybersecurity went to US startups and 8% to Israeli ones, while UK startups received 4%. A reason for the disparity is that the two world leaders have long traditions of establishing close ties between startups, corporates, governments and academia. “The US and Israel are both far beyond anything in Europe,” says Stewart. “Ecosystems where governments help kickstart cybersecurity startups are more successful.”
Fortunately over the past 18 months the UK government has significantly stepped up to support the emerging cybersecurity startup scene. “They understand how important this is,” says Stewart. Having launched its cybersecurity strategy for businesses in November 2016, the government has pledged to invest £1.9bn in cybersecurity by the end of 2020, launch an innovation fund to support startups and establish the Cyber Security Research Institute, a virtual network of British universities collaborating to boost the security of connected devices. Additionally, GCHQ, the intelligence agency, joined forces in January with Wayra and the Department for Culture, Media and Sport to launch Europe’s second cybersecurity accelerator. “The US and Israel may be dominating the sector but we’re now at the early stages of something that could become very important,” says Stewart.
However, there are still hurdles to overcome before the UK’s cybersecurity ecosystem has fully matured. “The biggest challenge is access to customers,” says Wood. While companies are acknowledging the importance of protecting their digital infrastructure, they are simultaneously unwilling to support startups by providing them with access to the data, workspaces and the manpower required for evolving those solutions. “If you can’t work with a customer to get a proof of concept, you’re going to struggle with whatever comes next, including raising capital,” says Wood. In light of this, it’s easy to see why Wayra and CyLon are both working to bridge that gap by having established companies come in and mentor on their programmes, as well as providing entrepreneurs with a sandbox to test their concept.
But even after startups prove their worth, they may find themselves struggling to access capital on this side of the pond and have to look for investment stateside – as companies like Darktrace demonstrate. “The status quo in the cyber sector is to look west for this investment as the US appears to have a greater appetite to invest in cybersecurity startups,” says Stuart Laidlaw, CEO of Cyberlytic, the cybersecurity startup. Ensuring there’s a pipeline of investment to support companies as they grow will therefore prove essential in keeping successful enterprises in Britain.
And even when they’ve overcome these obstacles, entrepreneurs in the sector still face the challenge of finding the right people. This is particularly tricky considering 43% of science, technology, engineering and maths (STEM) vacancies are hard to fill, according to the UK Commission for Employment and Skills. And given that Theresa May has triggered Article 50 and kicked off Britain’s official divorce negotiations with the EU, filling the skills shortage may not become easier any time soon. “Many of our founders were understandably shocked by the result,” says Wood. “They were very vocal about the downsides of it.” While it remains to be seen exactly how leaving the EU will affect cybersecurity startups’ chances on these shores, thus far the impact since the referendum has been relatively mild. In fact, big tech giants like Snapchat and Facebook have doubled down on their presence in the UK. “That was quite the opposite of what we were expecting,” says Wood. “We’re seeing quite big investments in tech in the UK rather than these companies leaving. Long may it continue.”
So despite some of the hurdles it may face, Wood is envisioning a bright future for Britain’s emerging cybersecurity sector. “I don’t want to sound naive,” she says. “Of course there are going to be a lot of future challenges but the UK is strongly positioned to become a leader in cybersecurity.”