Cybersecurity remains a fast-evolving ecosystem that presents new threats to enterprises every day with hackers becoming increasingly innovative in their attempts to break into corporate networks and steal valuable data. As such, cybersecurity start-ups are playing an even more critical role in providing disruptive and innovative solutions to novel cybersecurity challenges.

Wavestone has created the 2018 UK cybersecurity start-up radar to capture this environment and will be updating this on an annual basis.

A Thriving Start-up Environment

The overall UK start-up landscape is booming, and the UK is certainly a European hub for cybersecurity start-ups to establish themselves. We found that a large number of them came from abroad to set-up in the UK; from far and wide locations such as Hong Kong to Israel and the US. Throughout our research, we analysed a total of 158 cybersecurity start-ups, narrowing this down to a final 78 cybersecurity start-ups based on our selection criteria (detailed later). Notably, in comparison to last year, we amended our selection criteria to be more UK-focused; catering for any start-ups that may have potentially overlapped with Wavestone’s US and French cybersecurity start-up radars.

 

 

Areas of Specialisation

We chose the areas of specialisation ourselves and categorised the start-ups internally; as such, there is some element of subjection involved here. Our approach was to understand the essence of their offering and the field they are predominantly addressing. There was strong variety amongst the start-ups regarding their areas of specialisation, as the figures below show.

The top 3 most represented areas were:

1. Identity & Access Management (18%)
2. Data Security & Collaboration (12%)
3. Application Security (9%)

Conversely, the least represented areas were Physical Security, Anonymisation and Deception (each scoring 1%).

Identity Access Management and Data Security & Collaboration may have taken the top two spots given that they are both broad categories. Interestingly, some cloud security providers may have fallen into the two aforementioned categories and this may explain why there is a surprisingly low number of start-ups specialising in ‘Cloud Security’ (only 3%).

Overall, however, the above highlights that the cybersecurity start-ups are well-spread across all other categories; indicating that the market is healthy with a wide range of cybersecurity topics drawing entrepreneurial interest.

Start-up distribution across the UK?

 

Expectedly, the majority of these start-ups (65%) are London-based; perhaps explained by the growing demand from the UK’s financial services sector to secure their IT systems in the wake of several cyber-attacks over the last 3 years, such as the two-day DDoS attack on Lloyd’s Banking Group in January 2017.

Outside of London however, cybersecurity start-ups are looking to build out their operations from Research hubs across the UK. Cambridge was the second most popular location for start-ups in our radar (5%); a hotspot due to the strong pool of university students and knowledge-sharing, not to mention lower operating costs in comparison to London.

Other notable cities include Belfast (4%) and Manchester (3%); attractive candidates for young firms as these locations are hubs for growth and offer rich culture. Only one start-up located in Cheltenham, which is surprising given that this is the GCHQ’s primary location.

Start-up development

To gauge a sense of maturity, we looked at both foundation year and number of employees in parallel. As expected, our research found that the majority of our start-ups have 10 employees or less (62%) showing they are still very young and fittingly, most of these were also founded in the last 4 years. 2015 was the year that most of our start-ups (28%) were founded, with slightly more of the remaining population being established post-2015. This spike demonstrates the gathering momentum in the cybersecurity industry over recent years (particularly with cyber-attacks gaining more media coverage and increased demand for cybersecurity solutions amongst CIO agendas). In the last year, perhaps we haven’t seen as many start-ups because their solutions are not mature enough to be visible in the market yet.

Unsurprisingly, the 4 start-ups founded this year all have less than 10 employees each and it is not abnormal for these start-ups to remain small in employee size; for example, of those founded between 2012-2014 collectively, 10 out of 27 start-ups still only have 10 or less employees.

 

Support for Start-Ups

Numerous accelerators and incubators support the UK start-up ecosystem and play a critical role in its development by providing mentoring, courses and networking opportunities amongst other initiatives:

Alongside these accelerators, it has been encouraging to see the UK Government casting more attention to the growing cybersecurity sector, not least driven by serious breaches to UK infrastructure e.g. the WannaCry attack on the NHS last year. In March this year for example, the Department for International Trade (DIT) launched a new Cybersecurity Export Strategy detailing how the Government aims to support UK cybersecurity firms in protecting overseas enterprises. This initiative, alongside others such as the National Cybersecurity Centre (NCSC), are all part of the ‘National Cyber Security Strategy 2016 to 2021’, which was launched by the UK Government to outline how they will protect UK businesses through £1.9bn of investment into cybersecurity. These programmes combined are a real driving force behind the development of the UK cybersecurity sector and present a wealth of opportunities for start-ups to benefit from.