Maintaining momentum for UK cyber: mind the gap
Carrie Babcock is an investment manager at Beringea, a transatlantic venture capital firm investing at Series A and Series B startups.
The UK’s cyber ecosystem has been on a tear. According to the Department for Digital, Culture, Media & Sport, the country’s cybersecurity companies generated £8.3bn in revenue in 2019 – growing by almost 50% in two years. With more than 1,200 cyber businesses nationwide employing more than 43,000 people, the UK has clearly built a thriving cyber sector.
COVID-19 has further escalated the need for robust security. Remote work requiring employees to work from their personal devices on their home networks has exploded the enterprise attack surface overnight. The UK’s status as a hotbed for cyber innovation means it has an important part to play in securing this reinvented world.
At Beringea, we invest in businesses on either side of the Atlantic at Series A and B. As a team, we examine thousands of business plans annually, seeking entrepreneurs demonstrating the potential to build international success stories. Coupled with my previous experience specialising in deep tech and cyber investments, I’ve observed some unique challenges inherent to the security market that widens the chasm between companies achieving early traction and those able to evolve into true commercial powerhouses. If the UK can mitigate these challenges we’ll be in a better position to produce companies capable of nipping at the heels of Tessian, Snyk and Darktrace.
To start, consider that cybersecurity is a market defined by fragmentation. Think about the sheer size of the enterprise attack surface. What’s the CISO’s priority (if there is a CISO at all)? Network security? Application security? Access controls? Behavioural threat training? For every point of failure in a security system, there are just as many security tools claiming to help plug that gap. Security buyers are simply overwhelmed by the choice on the market and don’t have the capacity to vet all the solutions available and figure out how they work together.
A second challenge is around an increased need in this market to educate the buyer on the proper hygiene and protocols required for them to use new security tools effectively. It’s no use buying and installing an encryption solution and then leaving the encryption keys on the very same servers (true story).
A final challenge is that the issues of fragmentation and education necessitate greater handholding throughout the sales process. This handholding comes at a cost, with higher integration fees impacting your margin and requests for bespoke builds a common occurrence.
The sooner you’re aware of these issues, though, the sooner you can form a plan to solve for them. The most sophisticated clients are putting operational methodologies in place to help them in threat prioritisation and hygiene, and thoughtful cyber entrepreneurs are learning to meet this trend with the language of risk and governance instead of cyber and IT. If your initial target market doesn’t include blue chip companies with a sophisticated understanding of their security needs already, then that piece around education and extra handholding during the sales process falls on you. Plan for that as you build your sales machine by bolstering your team with strong relationship managers or consider partnering with systems integrators to help you scale your sales.
Breaking through in such a fragmented market is a tall order. But the talent is here, and accelerators like LORCA are here to shore up the know-how required to cross the chasm to become a leader on the international stage.