Growing UK cyber

How can we make the UK the cyber unicorn capital of the world?

Twitter, Nintendo, The Mariott Group – it seems there isn’t a week that goes by without another data breach being reported. On the consumer side, they can have an immediate impact on day to day life as was seen by the ransomware attack suffered by Garmin in July. I crucially couldn’t upload my painfully slow 5k runs to Garmin Connect.

With the cost of cybercrime expected to rise in 2021 to around $6trillion globally per year (according to a report from Cybersecurity Ventures) it is no surprise that this is now identified as a tier 1 threat and has seen more discussion at board level than ever before. Budgets are increasing to allow companies to purchase the best solutions in the market to prevent and mitigate against such external and internal breaches.

The UK has seen a 44% increase in cyber security firms from 2017 – 2019, with total revenues of £8.3bn and approximately 43,000 full time employees working in the sector based on a report by the Department of Digital, Culture, Media and Sport. Businesses such as Darktrace and SNYK are both part of the elusive ‘Unicorn’ club (a valuation of $1bn or above) and are shining examples of how with ambitious founders, access to talent, capital and infrastructure, UK businesses can scale and build significant Enterprise Value.

Cyber focused accelerators like LORCA, Cylon and ‘Cyber’ from Tech Nation are incredibly important to help get entrepreneurs started and build a solid platform to scale. They do this by providing a web of innovators, partners, investors and corporates, giving critical access to a network, information, capital and potential clients. Privitar, who raised an $80M series C round during COVID, was on the 2nd accelerator cohort at LORCA.

With the number one security breach coming from human error, training of staff is important. The recent significant equity rounds seen by Secure Code Warrior and Immersive Labs shows the demand is there for innovative ways to equip staff at all levels. Access to talent is critical to build for the long term and that is why equipping children with technical skills and complementing them with infrastructure investment (e.g. fast broadband for all) and real-life experience through internships is crucial in expanding and supporting a larger more diverse talent pool in the future. They can help drive the digital revolution and potentially be the next Poppy Gustafsson or Guypo Podjarny, or indeed a future Chief Security Officer purchasing from a UK security company and helping to create the next unicorn!

For all the UK’s merits and attractiveness to starting a security company, it is still an island with ‘only’ 70 million people. The ability to sell outside of the UK is critical. Support from government by way of advice, regulation and infrastructure will be important to achieve this, along with a network of advisors when expanding overseas. The five year government National Cyber Security Strategy comes to an end in 2021, which has raised the profile of security and the industry with an investment of £1.9bn. The ability to attract the best developers and engineers from abroad is also an important layer to building a successful UK security business.

Capital is crucial to fund these fast-growing companies, whether via an early stage healthy angel network, EIS funding, or grants and loans. If the goal is indeed to become a ‘unicorn’ then the ability to gain market share and scale fast is crucial and the chosen route of funding is usually that of Venture Capital.

Whilst macroeconomic conditions play a factor on the quantity and size of VC funds, increasing amounts of equity are still being deployed as outlined in the LORCA 2020 report. 2019 was a record year with £521 million invested in 53 UK cybersecurity companies, and the sector has bucked the trend during COVID raising £496 million in H1 2020. UK security companies also continue to attract large overseas VCs and corporate VC’s – such as Salesforce in Privitar, Sequoia in Tessian and Summit Partners with Immersive Labs (noted for its headquarters being in Bristol).

These successes need to be celebrated, but also should serve as case studies proving the return on investment in the whole ecosystem. It is imperative we use these to advocate, support and promote more investment into all life stages, expand regional tech hubs (such as Bristol, Cambridge and Manchester) and showcase to the world what can be achieved by the British cyber entrepreneurs of the future.