Early stage UK security startups face funding crisis

Early stage cyber security startups in the UK are failing to attract funding from investors during the pandemic, with the number of companies raising capital for the first time dropping by 96% since March 2020, even though overall investment in the UK security scene is actually up by half.

This is according to new research released by East London innovation hub Plexal – home to the Lorca cyber security incubator – and Beauhurst, a startup tracking platform, which found that of £651m raised by cyber security startups in 2020, only £11.9m went to new companies.

According to the data, while the average investment was larger in 2020 and a wider range of companies received capital, funding was dominated by a small number of very large follow-on investments into such companies was OneTrust, which received £224m, Snyk, which received £154m, and Privitar, which received £70m.

The joint analysis of nearly 40,000 startups and fast-growth businesses concluded that cyber had performed better than other tech sectors as general investor caution was offset by the need for solutions to address the many security challenges surfaced during the pandemic.

However, while investors clearly see value in proven businesses, they are hesitant to commit to those without existing backing. “While increased total funding demonstrates the relevance of cyber security and shows that the UK’s cyber industry has not been impacted to the same extent as others, the almost complete absence of backing for early stage firms puts the sector’s future at risk,” said Plexal innovation director Saj Huq. “It’s these companies we will ultimately rely on to solve the inevitable new cyber challenges arising from a society that is increasingly digital-first.

“Covid-19 has accelerated digital transformation, increased the demand for digital services and reinforced the relevance of security as a crucial business enabler. More cyber security companies are receiving investment as a result, but the caution exercised by investors is preventing the UK’s cyber sector from becoming the key driver of the economic recovery that it should be.

“Investors, industry, academic institutions and government must come together to safeguard the future of our brightest, early-stage cyber startups or they could become a lost generation,” he said.

Henry Whorwood, head of research and consultancy at Beauhurst, added: “The cyber security sector has retained a strong flow of investment compared to many others which have struggled throughout the Covid-19 pandemic.

“However, the small proportion of this funding that has gone to first-time raises indicates that investors are hedging their bets by committing far less per deal and focusing on later stage scale-ups. Despite the relevance of the sector, it looks like 2021 could be another challenging year for early-stage cyber companies.”

Last summer, Lorca warned that the growing disparity between early- and late-stage startups in terms of their ability to attract funding was storing up trouble for the future, and the new data appears to bear this out.

Beyond the impact of the pandemic pushing VC money towards safer late stage bets, the security startup ecosystem faces other problems that may be exacerbating the trend.

Notably, said Lorca, the sector as a whole has become crowded and complex which not only makes it hard to stand out and attract VC attention as a new entrant, but also means buyers are prioritising products that they can easily be integrated into existing tech stacks, which pushes investment towards platform plays and product ecosystems dominated by established cyber firms

More positively, the joint report also showed clear evidence that the UK’s cyber security sector remains highly resilient and has weathered the pandemic so far. It said that only 23 cyber security startups entered administration, liquidation or dissolution since 23 March 2020, compared with a total of 1,715 across all sectors.