Security funding soars despite Covid-19 slump, but problems lie ahead

Almost £500m has been invested in British cyber security startups in 2020 in spite of the economic slump caused by the Covid-19 coronavirus pandemic, with the investment well on track to breaking the funding record of £521m set just last year.

This is according to statistics produced by government backed security programme Lorca – the London Office for Rapid Cybersecurity Advancement – which has just published its report, The Lorca report 2020, analysing the UK’s security startup ecosystem.

The figures make for a bleak contrast when compared to the wider startup economy in the UK, which has seen investment levels plummet by half compared to 2019.

“The UK’s cyber security sector has grown tremendously in the past few years and has the potential to be right at the heart of our economic success. We have leading research institutions, technical innovation from startups and government-led bodies and growing engagement from investors and business leaders,” said Saj Huq, Lorca programme director.

“The global pandemic has highlighted the importance of cyber security, with the transition to remote working, sharing of sensitive medical data and increased collaboration between the private and public sector all transforming the risk landscape.

“Startups are uniquely placed to address these emerging challenges. Our world-leading fintech industry rose out of the recession of 2008; with the right support, cyber security can be the country’s next global success story,” said Huq.

Digital minister Matt Warman added: “It is great to see these new statistics. The tech sector will play a vital role powering an economic recovery out of the pandemic and the cyber security industry plays an important role keeping people safe online.

“We are backing our innovative firms to develop cutting-edge solutions and keep one step ahead of tomorrow’s security threats through our National Cyber Security Strategy.”

However, said Lorca, the overall figures mask a stark disparity between smaller, nascent startups and more mature firms that has already been identified in the wider startup ecosystem as well.

So far in 2020, mature cyber security companies have dominated funding rounds, with those at the seed and venture stages securing only 6% of the total investment in security startups. And less than 1% of the total investment in security startups was received by firms securing first-time funding, highlighting a focus from investors on growth stage companies.

This is not, however, wholly Covid-19 related, being a continuation of a trend seen in 2019, when 68% of funding was taken by more mature firms.

Lorca said this may hamper the development of many innovative companies in the security sector, with only 21 seed and venture stage startups funded so far this year, down over both 2019 and 2018. The research also discovered that 46% of cyber security startups incorporated between 2014 and 2015 remained at the seed stage, higher than their peers in artificial intelligence (AI) and fintech.

“The ecosystem is still nascent and obstacles remain to its continued growth. Access to funding for early-stage startups is clearly the biggest hurdle that must be overcome for the UK to compete on the world stage,” said Huq.

Lorca said there were a couple of challenges facing the security startup ecosystem that may be exacerbating this problem. First, it said, investors sometimes find the market complex to navigate, and VCs are called on to evaluate so many different technologies that it is hard to stand out.

Second, the Covid-19 pandemic seems to be pushing investment downhill towards later stage companies, shrinking the number of investors with cash to throw at pre-seed and Series A startups. Huq said addressing this shortfall would be crucial and warned that the UK could face losing a generation of security entrepreneurs.

Lorca identified three further challenges or trends that if addressed, could give a boost to UK security startups. First, the sector has become crowded and complex and is in need of consolidation, with CISOs prioritising products that they can easily integrate into an existing stack, pushing the industry towards platform plays and product ecosystems controlled by larger players.

Second, it said, access to cyber security is uneven, particularly when it comes to small businesses and organisations such as charities, which present an underserved segment of the economy. By addressing their needs, startups could play a key role in bridging the digital divide and making security more accessible.

Last, consumers are increasingly engaging with digital technology – especially during the pandemic – and putting themselves at risk from a security perspective. The market for individual consumer products is nascent, but this is likely to change, and startups could be at the forefront of this.