UK Cyber Startup Radar
Published April 16, 2025
- Cybersecurity
Our UK Cyber Radar is back to provide its own perspective of the emerging themes and trends in the UK Cyber Sector and to take the pulse of the UK’s cybersecurity ecosystem.
To ensure our analysis was comparable to our previous radars, we spoke with cybersecurity startups that were established in the past 7 years, have a maximum of 35 FTE, and are headquartered in the UK.
74 startups interviewed
32% increase in startups from the previous year
29 startups have raised over 100k this year
55% have funding only within the UK
UK Startup Radar
When comparing the results that we received in the last year we can see the following trends:
- Growing Focus in Diversity & Inclusion (D&I)
- Bloom in Cybersecurity Certifications
- Dominance within the Detection & Response Category
- Multitude of Ways Startups are Utilizing AI
- Emergence of Quantum Technologies
Growing focus in Diversity & Inclusion
In the last year, there was a 70% surge for the number of startups implementing Diversity and Inclusion (D&I) initiatives. This growing trend highlights that D&I is seen as a strategic business decision from startups for them to benefit in three key areas:
56% of startups that identified benefits from their D&I initiative said that it helps boost innovation and creativity, explaining that a diverse workforce would bring together individuals with varied perspectives, backgrounds, and experiences. Those different viewpoints spark new ideas and creative solutions to problems, allowing startups to be better positioned to develop cutting-edge products, services, and strategies to address gaps in the market.
The Cyber Escape Room Co have developed a product which focuses on providing awareness training by creating interactive and engaging learning experiences for end users. The CEO mentioned their objective for implementing D&I was to build a diverse team because multiple different minds working together is imperative for increasing problem solving. Meanwhile, most startups that identified D&I as a facilitator to boosting the innovation and creativity within their teams, have also indicated seeing benefit to strengthen the company culture.
“We believe our global team enhances our creativity, innovation, and problem-solving abilities.” – CTO of Umazi.io”
Based on the feedback collected, 65% of startups who described their initiative have identified D&I as playing a significant role in building a strong company culture. As detailed by the Head of Future Technologies of Surf Security, this strong company culture can be achieved by fostering a workplace where “every individual feels valued, respected, and empowered”. According to a Senior Manager of CultureAI, individuals feeling they are an integral part of the company are more likely to be engaged and productive, which can translate into higher morale, working together effectively, and overall company cohesion.
Consequently, the responses indicate 39% of startups consider D&I initiatives to be a powerful tool for improving a startup’s hiring practices and attracting top talent.
Additionally, startups said that a strong D&I initiative may make them more appealing to potential employees. By demonstrating though their D&I initiatives a commitment to equal opportunity to thrive, startups stated that they aim to attract and retain skilled employees to help them stand out in a competitive job market and build a reputation as an employer of choice.
“We plan to diversify our recruitment practice by implementing unbiased recruitment processes […] which will allow us to draw from the widest possible talent pool” – CEO of Meterian Ltd
Bloom in cybersecurity certifications
Another key trend observed across startups was an uptake in the number of certifications they had attained with a 55% increase. Among these, the two most common certifications were the NCSC’s Cyber Essentials and ISO/IEC 27001.
Our findings suggest that certifications are important for startups targeting the public sector, with over half of those with Cyber Essentials or ISO/IEC 27001 reporting the public sector as their primary focus. This trend aligns with Cyber Essentials and ISO/IEC 27001 being a requirement within many contracts when working with UK government bodies. This sentiment also extends outside of the public sector, as shown by the startups’ responses to our radar, Cyber Essentials is now considered by their clients to be a requirement and a minimum standard.
Another reason for this increase, specifically in startups obtaining Cyber Essentials, is due to its cost effectiveness, making it an easy and straightforward way for startups to demonstrate a commitment to Cybersecurity. Pairing these responses with the fact that the certification is relatively new (launched in 2014), presents the idea that Cyber Essentials will serve as a gateway to more advanced certifications like ISO/IEC 27001. Cyber Essential’s growth also serves, in part, to explain the increase of ISO/IEC 27001 certifications. As the minimum regulatory expectations of cybersecurity continue to rise, ISO/IEC 27001 offers a more comprehensive and robust ISMS framework, which aligns with evolving regulations like GDPR and boasts international recognition.
Dominance within the Detection & Response category
Another key trend we saw was the increase in companies who categorize themselves as a startup specializing in Detection & Response (D&R). The 165% increase compared to last year is the largest increase out of all the categories.
We investigated what each of the D&R startups had as their differentiators and observed that AI was predominantly present, with 60% of D&R startups implementing it into their tool. This seems to reflect the narrative that was made by security professionals, when AI was blooming, that it would be useful to incorporate AI into D&R tools. AI can perform the tedious task of analyzing and monitoring without human error which can often take place with D&R tools that are dependent on humans.
SharkGate categorized themselves within threat detection. Its system, powered by their “Deep Sea AI” and a centralized threat database, adapts to attacks in real-time, providing a proactive and evolving defense. The platform aims to advance website security via a collective defense mechanism to aid in reducing zero-day attacks. Another threat detection startup is Blacklight AI, whose platform integrates advanced analytics, automation, and real-time monitoring to help organizations proactively identify and mitigate cyber risks. Blacklight AI aims to focus on proactive threat hunting and prevention, enabling organizations to identify and neutralize threats before they escalate.
From this, another trend that we identified is that not all startups utilize AI in the same way. For example, Blacklight AI is a tool that was built with AI as its focus to enhance monitoring, detection and response capabilities so that it can predict and mitigate novel attacks. On the other hand, SharkGate implements AI into its already existing tool of website security, by processing attack requests, identifying patterns and learning from each attack to feed the bank of other websites it is defending from the same attacks.
Multitude of ways startups are utilizing AI
Following the findings seen within threat detection tools, we identified three different ways that startups used AI:
These startups are the ones that have an existing solution focusing on a specific cybersecurity topic and have implemented AI to increase the efficiency of their product. Our research shows that this is currently the most common use of AI, with 78% of startups who claim to use AI, adopting this approach.
One example is Porgiesoft, who has implemented AI in its phishing tool. The objective is to analyze various data points within messages to spot patterns and flag malicious content. After analyzing multiple data points, the model will evolve and continuously improve, thus enabling the solution to always be up to date with different phishing techniques. Another example is HookPhish, who create training simulations for phishing by customizing the training to reflect up-to-date phishing tactics and adapting it to address specific vulnerabilities within organizations.
With the increasing popularity of AI, startups may wish to make their products more attractive for the market and increase their efficiency using this approach. However, it is important to keep a critical eye on the added value of integrating AI into a product, as in some cases it could be used as a marketing buzzword.
These startups are building their solution with AI from the ground up, making AI the focus of their product. Our research shows that this is the second most common approach, with 20% of the startups who claim to use AI, having built their own AI tool.
One startup is OpenCyberAI, who focuses on AI security training. AI is used to create a virtual mentor providing users with real-time customized feedback and recommendations as they complete cybersecurity challenges. By adapting to how the user performs, the user is trained based on their specific skill-level. Also, CyberSanctus is a startup that focuses on smart Audit, Risk and Compliance (ARC) solution around AI, utilizing OpenAI’s GPT-4 model to automatically analyze smart contracts to search for vulnerabilities and exploits. This reduces human error and accelerates the audit process, allowing auditors to detect and address issues before they become critical.
This trend, , demonstrates that AI is gaining traction, compared to prior years where we identified fewer startups crafting AI-centric tools. This will likely continue to increase in the coming years as interest in AI and how it can contribute to cybersecurity continues to develop.
These startups focus on creating an AI solution which seeks to test, strengthen and bolster existing AI tools used by organizations. Our study shows that these are a minority with 2% of startups that feature AI.
One example of this is Advai who offer a series of products that focus on helping companies and organizations improve the security of their AI tools, such as monitoring of AI models, risks and KPIs. They also provide an AI robustness testing tool which seeks to break and evaluate the robustness of a company’s AI model. The solution evaluates Identity Verification tools which use biometrics and document verification to test their resistance to AI generated biometrics and/or documents. Another example is Facia.ai, a tool specializing in deepfake detection and facial recognition. Their deepfake detection tool uses Artificial Intelligence to detect any use of deepfake pictures or videos. The startup uses their own AI powered tool to counter these deepfake attacks by analyzing elements such as facial expressions, lighting and lip movements to detect whether the video is AI generated or not.
This trend demonstrates that some startups are anticipating the increase of AI based attacks and utilizing AI to counter them. Even though this is a minority today, we expect to see an increase of these products in the coming years as we are witnessing a rise of malicious use of AI. Finally, we think the reason as to why there are so few of these startups, is due to the complexity of building such products given the novelty, speed of development and constant evolution of Artificial Intelligence.
AI tools: the next goal for startups
AI is rapidly evolving, becoming more prominent in the market and increasingly accessible to the public. A recent example is DeepSeek’s newly released AI tool “DeepSeekR1”, which offers capabilities comparable to Open AI’s ChatGPT o1 for free, thus making AI and its adoption more attainable. Furthermore, as the model is open source, studies started uncovering that DeepSeek’s data base was leaking sensitive information, leading to countries, such as Italy, banning the use of DeepSeek-R1.
Security concerns over specific AI models are a barrier for clients, regardless of the implementation approach they take. This is where startups can come in handy, to help create a secure bridge between organizations and AI. One example of this is Mindgard, who help companies test, detect, and respond to adversarial threats against AI models they may operate, through Dynamic Application Security Testing for AI (DAST-AI). By doing so, they provide visibility of potential vulnerabilities to help companies address new threats as they arise.
This highlights the importance of identifying and securing vulnerabilities in AI models, which opens an entire new market for startups to grow and thrive with the objective of ensuring safe and responsible AI deployment. It is likely that we will see an increase in startups focusing on AI tools in the coming years as the use of AI becomes more prominent in organizations and in our daily lives.
You can read more about the rise of AI tools and products in our Radar 2024 of AI Safety Solutions.
Emergence of quantum technologies
The announcement of Microsoft’s new chip Majorana 1 has set a new forecast on the rate at which computing power will surge. This leap in quantum computing brings the challenge of continuing to increase encryption capabilities as much as possible within a short time frame, to protect against SNDC (Store Now Decrypt Later) attacks.
On this topic, NIST (National Institute of Standards and Technologies) finalized their principal set of quantum encryption algorithms via a program named “Post-Quantum Cryptography Standardization”. This development has significant implications for startups specializing in cybersecurity, as they must adapt to ensure their solutions remain robust against quantum attacks. This gives opportunities for new startups to emerge and help others to protect themselves within the upcoming realm of quantum attacks.
One such startup, featured in our radar, is Cavero Quantum who have developed a quantum-safe symmetric cryptographic key solution. Their technology aims to replace traditional encryption methods like RSA and AES, which are vulnerable to quantum attacks, with a more secure, software-based approach. Unlike hardware-dependent solutions such as Quantum Key Distribution (QKD), Cavero Quantum’s software-only keys are designed for easy deployment across various devices without compromising security.
Due to NIST producing their principal set of quantum encryption algorithms, it is safe to assume that, in the near future, regulations will impose post-Quantum cryptography order to protect information from quantum attacks. We asked startups within this realm how they anticipate regulatory bodies enforcing stricter compliance with post-quantum cryptographic standards and how they are preparing for this shift. In response to this, Cavero Quantum stated that they are seeking to have their standard recognized by regulatory bodies which, if accomplished, will be a huge win for them.
You can find out more about Post-Quantum Cryptography and other emerging technology, such as AI, in our CISO Radar.
Conclusion
Startups are evolving rapidly, driven by trends in diversity, certifications, AI, and emerging technologies like quantum computing. Diversity & Inclusion is fueling creativity, while certifications and Detection & Response categories are gaining traction. Its compelling to consider that, in the future, AI and quantum will synergize and complement each other and what the hybrid of both technologies will accomplish. As these trends develop, it will be crucial to track how startups continue to adapt and leverage new technologies for growth.
Written by Alasdair Hatat, Sam Smith, and Marie Le Corre, with many thanks to Louis Bourlet, Ayush Ramniclal, Ellie Laurie, Alisha Gilburt, and Thomas Cloakey for their contribution to this article.
