Monday, February 08, 2016

What does every UK Cyber Security startup need, that is worth more than gold?

It's not that I'm ungrateful George...
While compiling the next issue of Executive Intelligence, the Cyber Security briefing for UK decision makers, we came across an announcement from Chancellor George Osborne for a £250,000 programme to increase the rate of cyber security startup development in the UK. We aren't sure whether this announcement, made around the 27th January 2016 was something new or just an echo of a previous release from the 17th November last year, but we took the opportunity to study what was being announced more carefully this time.

The 'Cyber Safe' scheme, will offer advice and support to security startups, and will be open to applicants from March. The scheme is designed to increase the rate of new security startup development in the UK, identify new business ideas from the UK's leading security firms and provide support for security entrepreneurs.

While any assistance for startup and early stage technology companies in the UK is welcome, I'd argue that there are more directly beneficial things that could be done to stimulate and grow UK Cyber Security firms, things that would sustain such growth over 5 years, over 10, and beyond.

Startups, starting up, California style
It costs less than ever to move a software businesses from concept to prototype and on to minimum viable product. The UK is already arguably the best place in Europe to start a technology business. With professional social media, it is easy to connect with expertise and experience, to seek advice and assistance from those of us who have done it before in the UK market and abroad. While neither our climate nor the air quality around Silicon Roundabout is conducive to the kind of cafe-culture you'll find on Sand Hill road (come to think of it neither are the pavements) networking here is just as easy.
"Old Street is that way son"

Something less easy to achieve, and far more valuable to the Cyber Security entrepreneur, is the first customer. This is an area where UK Government has far to go.

According to a study last year by TechUK, only 20% of central government IT managers had "an appetite within their department to procure a higher percentage of technology services from SMEs". One can only imagine what percentage of them might be warm to startups. 5%? 2%? Zero?

The model that works in the US, is one where early stage companies can count on government in all its forms (military, intelligence, research, local, national, laboratories, and the rest) to be a customer of their service or product. That is the great thing about starting a Cyber Security firm in the US, long before specialist funding programs or affiliated venture firms appeared, someone, somewhere in US government was pretty much guaranteed to need your Cyber Security product, and to do business with a relatively small, relatively new, yes... relatively parochial firm who had cracked a tough problem. Contrast this with the TechUK study, or your own anecdotal experience.

"Present them with three options, two of which are,
on close inspection, exactly the same,
plus a third which is totally unacceptable.
I once attended a conference where a government procurement officer explained to the audience of his peers how they could carefully construct RFPs, RFIs, and tender documents for the specific purpose of excluding small firms, while staying within "SME friendly" guidelines issued by government. Never let it be said that the civil service is without ingenuity!

A pity, because government can be a great 1st customer and the benefits are not all one-way. The startup gets valuable feedback, real-life testing, requirements prioritisation, introduction to other potential early adopters, and (if all goes well) a reference customer, ignoring for one moment the financial benefit to the startup. The customer gets early access, the ability to shape the product to their needs, all the deployment assistance they could wish for, and more than likely the ability to cut the deal of a lifetime in terms of commercial arrangements.

But don't take my word for it, ask Black Duck, Aventail, Verid, Sanctum, E-Security, or any of the other successful Cyber Security companies that passed my desk at Fidelity Ventures looking for venture capital funding after the US government became an early customer.

Let's hope TechUK repeat their 2015 study this year and extend the survey to include attitudes to startups.