Insight

UK Cyber Startup Radar

Published April 16, 2025

  • Cybersecurity

Our UK Cyber Radar is back to provide its own perspective of the emerging themes and trends in the UK Cyber Sector and to take the pulse of the UK’s cybersecurity ecosystem.

To ensure our analysis was comparable to our previous radars, we spoke with cybersecurity startups that were established in the past 7 years, have a maximum of 35 FTE, and are headquartered in the UK.

74 startups interviewed

32% increase in startups from the previous year

29 startups have raised over 100k this year

55% have funding only within the UK

UK Startup Radar

When comparing the results that we received in the last year we can see the following trends:

  • Growing Focus in Diversity & Inclusion (D&I)
  • Bloom in Cybersecurity Certifications
  • Dominance within the Detection & Response Category
  • Multitude of Ways Startups are Utilizing AI
  • Emergence of Quantum Technologies

Growing focus in Diversity & Inclusion

In the last year, there was a 70% surge for the number of startups implementing Diversity and Inclusion (D&I) initiatives. This growing trend highlights that D&I is seen as a strategic business decision from startups for them to benefit in three key areas:

56% of startups that identified benefits from their D&I initiative said that it helps boost innovation and creativity, explaining that a diverse workforce would bring together individuals with varied perspectives, backgrounds, and experiences. Those different viewpoints spark new ideas and creative solutions to problems, allowing startups to be better positioned to develop cutting-edge products, services, and strategies to address gaps in the market.

The Cyber Escape Room Co have developed a product which focuses on providing awareness training by creating interactive and engaging learning experiences for end users. The CEO mentioned their objective for implementing D&I was to build a diverse team because multiple different minds working together is imperative for increasing problem solving. Meanwhile, most startups that identified D&I as a facilitator to boosting the innovation and creativity within their teams, have also indicated seeing benefit to strengthen the company culture.

“We believe our global team enhances our creativity, innovation, and problem-solving abilities.” – CTO of Umazi.io”

Bloom in cybersecurity certifications

Another key trend observed across startups was an uptake in the number of certifications they had attained with a 55% increase. Among these, the two most common certifications were the NCSC’s Cyber Essentials and ISO/IEC 27001.

Our findings suggest that certifications are important for startups targeting the public sector, with over half of those with Cyber Essentials or ISO/IEC 27001 reporting the public sector as their primary focus. This trend aligns with Cyber Essentials and ISO/IEC 27001 being a requirement within many contracts when working with UK government bodies. This sentiment also extends outside of the public sector, as shown by the startups’ responses to our radar, Cyber Essentials is now considered by their clients to be a requirement and a minimum standard.

Another reason for this increase, specifically in startups obtaining Cyber Essentials, is due to its cost effectiveness, making it an easy and straightforward way for startups to demonstrate a commitment to Cybersecurity. Pairing these responses with the fact that the certification is relatively new (launched in 2014), presents the idea that Cyber Essentials will serve as a gateway to more advanced certifications like ISO/IEC 27001. Cyber Essential’s growth also serves, in part, to explain the increase of ISO/IEC 27001 certifications. As the minimum regulatory expectations of cybersecurity continue to rise, ISO/IEC 27001 offers a more comprehensive and robust ISMS framework, which aligns with evolving regulations like GDPR and boasts international recognition.

 29% of startups obtained ISO27001 certificate in the last year
 45% of startups obtained Cyber Essentials in the last year

Dominance within the Detection & Response category

Another key trend we saw was the increase in companies who categorize themselves as a startup specializing in Detection & Response (D&R). The 165% increase compared to last year is the largest increase out of all the categories.

We investigated what each of the D&R startups had as their differentiators and observed that AI was predominantly present, with 60% of D&R startups implementing it into their tool. This seems to reflect the narrative that was made by security professionals, when AI was blooming, that it would be useful to incorporate AI into D&R tools. AI can perform the tedious task of analyzing and monitoring without human error which can often take place with D&R tools that are dependent on humans.

SharkGate categorized themselves within threat detection. Its system, powered by their “Deep Sea AI” and a centralized threat database, adapts to attacks in real-time, providing a proactive and evolving defense. The platform aims to advance website security via a collective defense mechanism to aid in reducing zero-day attacks. Another threat detection startup is Blacklight AI, whose platform integrates advanced analytics, automation, and real-time monitoring to help organizations proactively identify and mitigate cyber risks. Blacklight AI aims to focus on proactive threat hunting and prevention, enabling organizations to identify and neutralize threats before they escalate.

From this, another trend that we identified is that not all startups utilize AI in the same way. For example, Blacklight AI is a tool that was built with AI as its focus to enhance monitoring, detection and response capabilities so that it can predict and mitigate novel attacks. On the other hand, SharkGate implements AI into its already existing tool of website security, by processing attack requests, identifying patterns and learning from each attack to feed the bank of other websites it is defending from the same attacks.

Multitude of ways startups are utilizing AI

Following the findings seen within threat detection tools, we identified three different ways that startups used AI:

These startups are the ones that have an existing solution focusing on a specific cybersecurity topic and have implemented AI to increase the efficiency of their product. Our research shows that this is currently the most common use of AI, with 78% of startups who claim to use AI, adopting this approach.

One example is Porgiesoft, who has implemented AI in its phishing tool. The objective is to analyze various data points within messages to spot patterns and flag malicious content. After analyzing multiple data points, the model will evolve and continuously improve, thus enabling the solution to always be up to date with different phishing techniques. Another example is HookPhish, who create training simulations for phishing by customizing the training to reflect up-to-date phishing tactics and adapting it to address specific vulnerabilities within organizations.

With the increasing popularity of AI, startups may wish to make their products more attractive for the market and increase their efficiency using this approach. However, it is important to keep a critical eye on the added value of integrating AI into a product, as in some cases it could be used as a marketing buzzword.

AI tools: the next goal for startups

AI is rapidly evolving, becoming more prominent in the market and increasingly accessible to the public. A recent example is DeepSeek’s newly released AI tool “DeepSeekR1”, which offers capabilities comparable to Open AI’s ChatGPT o1 for free, thus making AI and its adoption more attainable. Furthermore, as the model is open source, studies started uncovering that DeepSeek’s data base was leaking sensitive information, leading to countries, such as Italy, banning the use of DeepSeek-R1.

Security concerns over specific AI models are a barrier for clients, regardless of the implementation approach they take. This is where startups can come in handy, to help create a secure bridge between organizations and AI. One example of this is Mindgard, who help companies test, detect, and respond to adversarial threats against AI models they may operate, through Dynamic Application Security Testing for AI (DAST-AI). By doing so, they provide visibility of potential vulnerabilities to help companies address new threats as they arise.

This highlights the importance of identifying and securing vulnerabilities in AI models, which opens an entire new market for startups to grow and thrive with the objective of ensuring safe and responsible AI deployment. It is likely that we will see an increase in startups focusing on AI tools in the coming years as the use of AI becomes more prominent in organizations and in our daily lives.

You can read more about the rise of AI tools and products in our Radar 2024 of AI Safety Solutions.

Emergence of quantum technologies

The announcement of Microsoft’s new chip Majorana 1 has set a new forecast on the rate at which computing power will surge. This leap in quantum computing brings the challenge of continuing to increase encryption capabilities as much as possible within a short time frame, to protect against SNDC (Store Now Decrypt Later) attacks.

On this topic, NIST (National Institute of Standards and Technologies) finalized their principal set of quantum encryption algorithms via a program named “Post-Quantum Cryptography Standardization”. This development has significant implications for startups specializing in cybersecurity, as they must adapt to ensure their solutions remain robust against quantum attacks. This gives opportunities for new startups to emerge and help others to protect themselves within the upcoming realm of quantum attacks.

One such startup, featured in our radar, is Cavero Quantum who have developed a quantum-safe symmetric cryptographic key solution. Their technology aims to replace traditional encryption methods like RSA and AES, which are vulnerable to quantum attacks, with a more secure, software-based approach. Unlike hardware-dependent solutions such as Quantum Key Distribution (QKD), Cavero Quantum’s software-only keys are designed for easy deployment across various devices without compromising security.

Due to NIST producing their principal set of quantum encryption algorithms, it is safe to assume that, in the near future, regulations will impose post-Quantum cryptography order to protect information from quantum attacks. We asked startups within this realm how they anticipate regulatory bodies enforcing stricter compliance with post-quantum cryptographic standards and how they are preparing for this shift. In response to this, Cavero Quantum stated that they are seeking to have their standard recognized by regulatory bodies which, if accomplished, will be a huge win for them.

You can find out more about Post-Quantum Cryptography and other emerging technology, such as AI, in our CISO Radar.

Conclusion

Startups are evolving rapidly, driven by trends in diversity, certifications, AI, and emerging technologies like quantum computing. Diversity & Inclusion is fueling creativity, while certifications and Detection & Response categories are gaining traction. Its compelling to consider that, in the future, AI and quantum will synergize and complement each other and what the hybrid of both technologies will accomplish. As these trends develop, it will be crucial to track how startups continue to adapt and leverage new technologies for growth.

Many thanks to Louis Bourlet, Sam Smith, Marie Le Corre, Ayush Ramniclal, Ellie Laurie, Alisha Gilburt, and Thomas Cloakey for their contribution to this article.

Authors

  • Florian Pouchet

    Associate Partner – UK, London

    Wavestone

    LinkedIn
  • Alasdair Hatat

    Senior Consultant – UK, London

    Wavestone

    LinkedIn