Cybersecurity start-up investment defies COVID-19 downturn

Cyber start-ups attracted record levels of investment in the UK in 2019, breaking half a billion pounds (£521m).

And despite the economic downturn caused by the global COVID-19 pandemic, British cyber start-ups have already raised £496m in the first half of this year. They raised £104m in the first two months of lockdown alone, showing a staggering 940 percent increase on the same period in 2019.

This increase starkly contrasts with the broader start-up economy, which saw investment levels fall by 50 percent compared with last year.

However, less than one percent (£900,000) of the money invested in cybersecurity start-ups during lockdown was received by firms securing first-time funding, highlighting the growing focus placed by investors on growth stage cyber companies.

The figures are from the new LORCA Report 2020, the government-backed cybersecurity programme.

“The UK’s cybersecurity sector has grown tremendously in the last few years and has the potential to be right at the heart of our economic success,” said Saj Huq, Programme Director, LORCA.

“We have leading research institutions, technical innovation from start-ups and government-led bodies and growing engagement from investors and business leaders. However, the ecosystem is still nascent and obstacles remain to its continued growth. Access to funding for early-stage start-ups is clearly the biggest hurdle that must be overcome for the UK to compete on the world stage.”

Huq said the global pandemic has highlighted the importance of cybersecurity, with the transition to remote working, sharing of sensitive medical data and increased collaboration between the private and public sector all transforming the risk landscape.

“Start-ups are uniquely placed to address these emerging challenges,” he said. “Our world-leading fintech industry rose out of the recession of 2008; with the right support cybersecurity can be the country’s next global success story.”

Cyber clusters

The research showed that London is the cyber capital of the UK, with 281 start-ups (44 percent), while Edinburgh and Manchester are also developing prominent cyber clusters. 

From a regional perspective, clusters are thriving in the South East (18 percent) – centred around Oxford and Cambridge and the South West (five percent), which is home to the hub around GCHQ in Cheltenham as well as others such as Reading.

Closer analysis of investment activity across the UK cyber start-up ecosystem shows that COVID-19 has exacerbated a long-term challenge around funding for early stage companies. Despite the record levels achieved last year, investment was overwhelmingly driven by growth stage companies (£354m). This has continued into 2020 – of the £496m already raised by cyber start-ups this year, 94 percent (£465m) has been secured by growth-stage companies. 

LORCA notes this is hampering the development of many innovative companies in the cybersecurity sector. For example, the number of deals across cyber start-ups at the seed and venture stages fell from 52 in 2018 (worth £91m) to 39 (worth £53m) in 2019, with only 21 in 2020 so far (worth £30m). The research also found that almost half (46 percent) of cyber start-ups incorporated between 2014 and 2015 remain at the seed stage, higher than fintech (33 percent) or AI (41 percent).

Key trends

The reportidentified five key trends defining the future growth the UK’s cybersecurity ecosystem as a whole:

1. Investors find the market complex to navigate: VCs evaluate so many technologies that start-ups are struggling to differentiate themselves. The ecosystem must solve the communications issue preventing cyber companies from receiving the patient capital they need to scale effectively.
2. COVID-19 means early-stage funding needs greater protection: Investment moving downstream towards later stage companies is being accelerated by the pandemic, potentially shrinking the number of VCs with capital to invest in start-ups between the pre-seed and Series A stages. Addressing the shortfall will be crucial to ensuring we don’t lose a generation of cyber entrepreneurs.
3. The sector needs more consolidation: High levels of start-up funding has made the cybersecurity industry crowded and complex. CISOs are prioritising products that can be integrated easily into an existing technology stack, pushing the industry towards ‘platform plays’ and product ecosystems facilitated by larger companies.
4. Access to cybersecurity is not evenly distributed: As the volume of cyberattacks on small businesses and charities grows, so does the potential market opportunity. By addressing an under-served segment of the economy, cyber start-ups could help bridge the digital divide and make security accessible for the many and not just the few.
5. Individual security could be the next innovation trend: Increasing consumer engagement with technology and the cyber risks that come with it are prompting greater efforts to secure the digital citizen. The market for products aimed at the individual is nascent, but this could change as public awareness grows.

“The tech sector will play a vital role powering an economic recovery out of the pandemic and the cyber security industry plays an important role keeping people safe online,” said Digital Infrastructure Minister Matt Warman. “We are backing our innovative firms to develop cutting-edge solutions and keep one step ahead of tomorrow’s security threats through our National Cyber Security Strategy.”