Brexit dominated the annual conference of the UK Conservative Party held in Birmingham in September as expected. But a few days before, cybersecurity stole the headlines when a major flaw in the official mobile phone app for the event revealed the personal information of senior members of the party, including cabinet ministers.
The incident is the latest in a list of data breaches suffered by some well-known British public and private sector entities. The NHS has been hacked several times in the past few years; British Airways reported compromised data in mid-2018, and a growing list of British high street retailers, from Dixons Carphone to CEX and Sports Direct, have also had the personal details of customers and employees hacked.
With cybersecurity fast becoming a top priority for organisations, the UK is keen to boost its capacity in the field – and catch up with more established countries such as Israel and the US, which accounted for 76% of the global cybersecurity deals between 2013 and 2017, according to research firm CBInsights.
The UK government has earmarked £1.9bn ($2.46bn) through 2021 to support cybersecurity initiatives, and is now working with two major London-based accelerators to nurture those technologies addressing specific challenges in both the public and private sectors.
Other non-government initiatives have sprung up that have a greater focus on private sector applications. London is thus putting its name behind this first wave of cybersecurity initiatives, which serve a digital security interest first, but can also become a major driver of economic activity. “There are two aspects to our activity,” says Lydia Ragoonanan, director of the London Office for Rapid Cybersecurity Advancement. “One is to help the UK be the safest place to be online, and build trust in the British digital space. The second is that the UK is a very high-growth market, and this is a good way to build our economy and improve GDP.”
A national strategy
The funding behind the UK's 2016-21 cybersecurity strategy (which follows a first national cybersecurity programme launched in 2011) will be spent on “defending our systems and infrastructure, deterring our adversaries and developing a whole society capability – from the biggest companies to the individual citizen”, chancellor of the exchequer Philip Hammond said in the foreword to the strategy documents.
The new strategy calls for short-term action from the government to unleash the development potential of an industry whose spending has been estimated in the order of $129bn worldwide, due to cybersecurity threats and compliance issues such as the EU’s Global Data Protection Regulation, according to research group Gartner.
The national strategy is establishing the National Cyber Security Centre under the UK intelligence service GCHQ, and gives it a mandate to establish two innovation centres to nurture cybersecurity start-up companies.
The first is Wayra, which brings together the GCHQ and Spanish telecommunications group Telefonica to develop solutions specifically tailored for national security uses. Launched at the beginning of 2017, the nine-month accelerator programme has nurtured two groups of start-ups, and is now working on a third.
“Even if you are a start-up that has already raised some money, how do you get close to GCHQ?” asks Gary Stewart, a director at Wayra UK. “How do you get into government? Wayra UK sets a pretty large foot in the door because of the high-profile public officials visiting the accelerator and the connections with public agencies it provides.”
The second innovation centre, Lorca, was launched in 2018 and is now getting started with its first group of companies. Its focus is slightly different as it aims to scale up established start-ups that have a proven business model and connect them to various parties to better match the needs of both public and private sectors.
Born out of a partnership between innovation centre Plexal, consultancy Deloitte and the Centre for Secure Information Technologies (CSIT) at Queen’s University Belfast, Lorca has a £13.5m public funding programme in place through which it plans to use to nurture 72 companies over the next three years.
“Lorca doesn’t define the cybersecurity challenges, the industry does,” says Ms Ragoonanan. “We have an innovation forum, complemented by conversations across the industry, and we are also running industry-specific forums to understand their needs. From that, three to four challenges emerge and we recruit start-ups on that basis.
“We are looking for organisations that are slightly more mature and that are really looking to scale [up], and we want to make sure they have a solution to the particular challenges we are trying to solve. Often these challenges go across different industries, both in the public and private sectors, although we probably won’t take on national security challenges as those defined by the GCHQ.”
CyLon's private push
While Wayra and Lorca fit within the UK's national security strategy, meaning the country's public authorities have a say on the selection process for the start-ups participating in their programmes, several market accelerators have also sprung up in London. CyLon was the first, launching in 2015 with a clear mandate to scale up early stage cybersecurity applications in a market environment.
“If companies have come to CyLon because they see the public sector as their target market, it’s the wrong programme. We are about building commercial companies. Some of them might work well with public sector clients, but these are proper businesses for the private sector, which in our view is a much bigger market than the public sector,” says Jonathan Luff, one of the founders of CyLon.
CyLon has now completed the accelerator cycle for seven cohorts of early-stage cybersecurity start-ups, supporting a total of 53 companies, and it is launching its eighth programme. “There aren’t many places with as many natural advantages as London has. There is an ecosystem here. We’re are at the heart of it – there are seed and enterprise investment schemes that are really encouraging early-stage, riskier investments in start-ups, there is an increasingly sophisticated market for these products and services here in the UK, and a massive market at our doorstep in the City of London,” adds Mr Luff.
CyLon, in partnership with the CSIT, is also running HutZero, a free early-stage five-day bootcamp for entrepreneurs. Another start-up accelerator, Level39, launched its cybersecurity programme, Cyber39, in August 2017 with a first group of 22 start-ups and it has the backing of the Department for Digital, Culture, Media and Sport and the Department for International Trade.
With growing business opportunities against a backdrop of mounting security threats, British cybersecurity incubators are fostering innovation and bringing the UK to the forefront of a field that will be crucial to defining the success (or failure) of any entity that has a digital presence.