Wavestone’s UK Cyber Start Up Radar is back to provide our perspective on the emerging themes and trends arising in the UK Cyber sector and to take the pulse of the UK’s Cyber Security ecosystem. To ensure our analysis was comparable to our previous start-up radars, such as the recent France Cyber Security Start Up Radar, and the 2022 UK Radar, the criteria for cyber security companies to be included in the Radar was that they were established in the past 7 years, had a maximum of 35 FTE’s (Full Time Employees), and were domiciled and operating in the UK.
We know there are many more cyber start-ups in the UK ecosystem that we need to hear from! If you are interested in being involved in the next edition, please get in touch.
At A Glance
The 2023 Start Up Radar
Start-ups are turning to the US for investment as UK investors are seen as too risk averse
Of the start-ups who secured funding from VCs and angels, 54% reported they had sought funding overseas. Those who struggled to secure funding in the UK market expressed a preference for US investors, as they were perceived as less risk averse and more likely to invest larger sums in early-stage start-ups.
A few start-ups felt that “conservative investment” in the UK is due to investors being “tax-incentivised”, resulting in start-ups having to evidence a higher standard of growth potential, particularly in seed rounds. Start-ups felt that this problem has been exacerbated by the pandemic and exit from the European Union.
Although the difference was not substantial, our findings do support start-ups’ claim that securing investment is more difficult in early funding rounds, despite start-ups demonstrating reliable growth. For example, start-ups established since 2020 were less likely to have secured investment in the past 12 months (38%) than later stage start-ups of a similar size and growth rate (45%).
While other geographies are becoming more appealing to UK cyber security start-ups, 60% of start-ups were still able to secure funding in the UK. It is important to note that the UK cyber security ecosystem has evolved in recent years, and initiatives aimed at fostering entrepreneurship and innovation – such as Cyber Runway, NCSC for Start-Ups and UKC3 – continue to support and enable investment opportunities for UK start-ups in the UK.
“We are very different in the UK at funding, and very conservative…Risk averse”
Presence in international markets is increasing but start-ups are reluctant to pursue an IPO (Initial Public Offering) in the UK
The majority of start-ups in the UK sector are aiming to be bought-out (59%), while only 41% of start-ups are aiming to achieve an IPO. Of those start-ups who expressed a preference to be acquired, some were open to an IPO, however they are experiencing challenges in international markets, which is impacting their ambitions.
Although international markets remain a challenge, the number of start-ups with an international presence has increased from 63% last year to 75% this year, with three quarters of start-ups intending to expand globally in the next 12 to 18 months. These findings suggest that the UK’s Cyber Innovation ecosystem initiatives to remove barriers to international markets – such as Cyber Runway’s focus on creating greater connectivity with international networks – have been successful.
[We are] very unlikely to consider an IPO, but this could change if we manage to break-into the EU market (2024) and US market (2025).
Of these start-ups who expressed a preference for an IPO, the majority were interested in listing on the US market, rather than in the UK. This is not the fault due to of the cyber innovation ecosystem in the UK, however, as it follows a broader trend where established companies are moving from LSE to NASDAQ, with some unicorns (a privately held start-up company with a value of over $1 billion) struggling to achieve the valuations they were aiming for on the UK market.
Initiatives to increase diversity in the cyber security ecosystem are seeing success, but bias still exists within the industry as a whole
Half of the start-ups reported having at least one founder with a minority characteristic, with more of the founders being from an ethnically diverse background than being diverse in any other characteristic. Start-ups who have been engaged in the ecosystem for a number of years commented that they had seen in an increase in diversity of founders joining accelerators and incubators. While the figures are still below true intersectional diversity, it does suggest that government-backed initiatives to increase diversity in the ecosystem are having an impact.
Notably, however, founders from ethnically diverse backgrounds did report experiencing bias within the wider ecosystem. One founder described a situation in which they encountered bias during meetings with investors, resulting in them hiring an individual to represent the company during pitches to VCs. This example showcases that there is still work to be done to foster, not only diversity, but also inclusion.
50%
of start-ups had at least one founder with a minority characteristic
Start-ups are demonstrating some commitments to improving diversity. For instance, 30% of start-ups reported having a D&I initiative in place, but the majority stated that they were unable to implement formal initiatives due to their size. Those who are in a period of growth, described having targeted internships, outreach programmes or recruitment initiatives to embed diversity within hiring processes. Creating a more diverse ecosystem will require ongoing commitment across the industry to promote inclusion and unlock the potential for growth.
Start-ups in the South of the UK are benefitting most from regionalisation of the ecosystem
82%
of start-ups have taken part in an accelerator programme
The vast majority of the startups interviewed for the radar this year are located in London (68%), showing that efforts to regionalise the ecosystem have not resulted in more start-ups being established in other areas of the UK. However, clusters in Manchester, Cheltenham and South Wales have received positive feedback from start-ups.
82% of start-ups have taken part in an accelerator programme and 25% in an incubator within regional clusters, with most of the start-ups’ feedback stating that these programmes were helpful in providing exposure to potential clients and investors. The NCSC for start-ups programme, in particular, was praised by start-ups, who found the programme to be time-intensive but very helpful for achieving their goals or providing introductions to clients. When commenting on other accelerators, some start-ups expressed a need for more support maintaining engagement with clients, as clients were perceived as not being incentivised to continue involvement with start-ups beyond an introduction.
Start-ups in South seemed to benefit most from the regional innovation hubs, however those in the North of England and Scotland stated that most investors being based in the south, which leaves the northern companies at a greater disadvantage.
Key Cyber Innovation Trends in 2023
Newer start-ups are developing products relating to resilience and recovery from ransomware attacks and developing solutions that support Zero Trust use-cases.
The top product areas developed by start-ups are related to Risk Management and Compliance (27%), Users and Devices (16%) or Data Security (16%). However, when assessing start-ups who were established in the past 2 years, or achieved notable success in the past 2 years, the following trends emerged:
Emergence of products addressing Zero Trust use-cases
Start-ups offering products that relate to Zero Trust principles are beginning to identify specific use cases, such as a distributed workforce, third party contractors or admin-rights of developers. For instance, one start-up developed an innovative alternative to VPNs, ZTNA and VDIs, which is an enterprise browser that authorises access to work environments (including data and applications) based on user identity, device authentication and network access points.
Improving resilience and recovery to ransomware attacks
Two start-ups who joined the radar this year have developed products relating to resilience and recovery from ransomware attacks. These start-ups are delivering improvements to existing technologies, such as isolated and secured, virtual cyber–vaults. Notably, the target industries for these start-ups are Financial Services firms, which may suggest that market need for these products in being driven by Operational Resilience regulation in the UK.
Leading the way for post-quantum cryptography
Start-ups developing products or solutions relating to advanced cryptology or post-quantum algorithms tended to be established in 2016-2020 in the UK, whereas other countries such as Switzerland are experiencing this trend in 2023. Early pursuit of post-quantum cryptography in the UK, corresponds with NCSC announcing the design of a ‘quantum-safe’ cryptographic algorithm in 2021, and the advisory board of PQ Shield – a UK-based start-up which recently scaled – supporting NIST with the recent selection of 4 post-quantum algorithms.
Radar methodology
Time frame
The 2023 edition of Wavestone’s UK Cybersecurity Startup Radar is based on data observed from June 1st to May 31st 2023.
Selection process and criteria
- Headquarters must be located in UK.
- Security product must account for at least 50% of turnover.
- We call “startup” companies with less than 7 years of existence and fewer than 35 employees.
- Business model around specific security product
Data analysis
This study is based on different types of information.
- Compilation of Open Source Intelligence (OSINT).
- Qualitative interviews with key startups on the radar and players in the cyber innovation sector.
Related Insights
Gerome Billois
Sleh-Eddine Choura
Henri du Périer
Nathalie Balabhadra
Aurelia de Maleissye
Chadi Hantouche
Gwenaëlle Boulet
Claire Delgove
Nicolas Gauchard
Hugo Bérard