How to transform the UK into a cybersecurity hub
The UK government has just announced a publicly funded accelerator to nurture UK cybersecurity start-ups. The program will be run by the CyLon accelerator in London and Queen’s University Belfast, and is part of the treasurer’s £1.9bn pledge to build the UK into a global cybersecurity hub.
The news is a welcome boost for cybersecurity startups in the UK, and it comes at a time when the sector has great momentum. In the last year alone there have been several major exits for cybersecurity companies and a big uptick in VC funding. While the UK may still be behind more mature cybersecurity hubs like Israel and the US, there’s positive momentum and clear opportunities for growth.
However, fostering cybersecurity innovation is tricky, and public money alone won’t be enough to close the gap. If Israel, a country with eight million people, can build one of the best cybersecurity ecosystems, is there anything we can learn from them?
The building blocks
The UK already has most of the building blocks in place for a world-class cybersecurity ecosystem. GCHQ has been training experts since 1919 and is today considered one of the world’s most sophisticated cybersecurity organisations.
The UK also boasts many universities with world-class cybersecurity credentials, including Oxford, Imperial, Cambridge and Royal Holloway. It also has one of the largest domestic markets for IT, and has the third largest financial services market — a key early adopter of cybersecurity software.
According to Pitchbook, VC funding into UK cybersecurity companies is up more than seven times since 2013. This has grown much faster than UK VC funding overall (up 1.6 times over the same period). There are also many more series A and B rounds now than we saw in 2011–2013, when the activity was mainly at seed stage.
The UK is also producing more and more cybersecurity success stories. Last year, we saw IPOs for bothMimecast ($540m) and Sophos ($1.6bn) — the latter being the largest IPO ever for a UK based software company.
There’s also a new group of great startups rising through the ranks, such as Darktrace, Digital Shadows, Panaseer, Garrison Technology and Avecto. The emergence of accelerators like CyLon and industry groups like CyberY are also playing an important role in connecting the startup world with stakeholders from government, big business and academia.
Skills gap still a roadblock
Of course there are still challenges ahead — the biggest being the cybersecurity skills gap. Globally we’re facing a shortage of 1.5m cybersecurity professionals by 2020. The situation is particularly acute in the UK: a KPMG survey found that 57% of UK businesses already find it difficult to recruit cybersecurity staff.
To address this, the UK recently announced a new cybersecurity skills training program for 14–17 year olds and is piloting a similar program to identify and train talented undergrads.
While these are great initiatives, they won’t solve the issue completely. Cybersecurity skills aren’t the sort of things you can learn from a textbook — real world experience matters. This is an area where the UK can learn a lot from Israel.
The Israeli military’s Unit 8200, the equivalent to GCHQ or the NSA, has a long history of training experts which then go on to found startups. Unit 8200 alumni have been responsible for most of Israel’s cybersecurity success stories, including Checkpoint, Trusteer and Imperva. Of course, the Israelis have an advantage here — compulsory military service means the pool of trained graduates is larger than in the UK.
Regardless, GCHQ is still one of the UK’s most effective training grounds for cybersecurity specialists, and we can and should do more to encourage talent to flow between GCHQ and the private sector.
Encouraging founders to attack global markets
Traditionally, many UK cybersecurity companies were focused on the domestic market (often selling only to the UK government). Even now, only around 20% of UK cybersecurity revenue comes from exports. But cybersecurity is no longer a domestic market. Customers want to buy from global leaders — not regional champions.
This is where US companies have a natural advantage. Companies in our portfolio like Lookout and Illumio have been able to reach scale quickly in their native US before having to go global.
UK startups don’t have this luxury — and so should be thinking globally from the start. This is another area where we can look towards Israel. Knowing that their domestic market is small, Israeli companies usually aim to set up a US sales presence early on (typically around series A). We like to encourage our founders in the UK to consider doing the same.
Another challenge the UK ecosystem faces is the relative scarcity of repeat cybersecurity entrepreneurs. In the US and Israel, teams from companies like Checkpoint and SourceFire have gone on to build whole ecosystems of new startups.
A similar pattern is just starting to emerge in the UK, where teams have spun out of companies like Detica to found great startups like Digital Shadows and Garrison Technology. It’s early days, but we’ll hopefully start to see more of this.
Playing to your strengths
As cybersecurity is a fiercely competitive market, it’s always going to be tough for startups to rise above the noise. To give themselves a leg-up, UK startups should look to leverage some of the things that make the UK unique.
The UK now has a deep bench of talent in artificial intelligence — a discipline that is increasingly important for cybersecurity. Darktrace is a great example of a company using this to their advantage.
With London’s dominant position in fintech, UK startups should also have a natural edge in areas that sit at the intersection of finance and cybersecurity, such as cyber-risk insurance.
As the war against hackers rages on, cybersecurity has become a key boardroom concern. There’s never been a better time to build a cybersecurity startup, and the UK has a unique opportunity to become a leader in the space.
The battle continues.
This article first appeared as a guest post in Tech City News
