Some cyber startups are born because the founder wants to crack a particular market or solve a particular challenge, such as making passwords better or preventing disinformation. Others are product-led and are rooted in deep scientific research.
Whatever the origin story, solutions will inevitably be stronger if they are not built in a vacuum.
We need to bring cyber innovators closer to the organisations in the public and private sectors that understand the risks in the real world. And we need to create products that match the needs of the market.
There are a few reasons why achieving a close product-market fit is especially hard in cyber. Firstly, the most innovative solutions tend to draw on deep technology and involve long research and development cycles. It can take years before the product team are ready to lift their heads up and allow the company to start thinking about the customer.
The data shows that these early-stage cyber startups and spinouts struggle to attract investment, which is pouring into more mature firms instead. They are developing technology to solve challenges that industry isn’t even aware it needs yet, but investors struggle to see who would buy the product.
Investors want metrics, proof points and market validation – something cyber innovators working on the very edge cases of technology can’t provide early on. This scenario is characteristic of startups working with any deep technology and is particularly common in cyber.
Secondly, a huge amount of innovation taking place in cyber is grounded in artificial intelligence (AI) and machine learning. But what are these algorithms learning from, and how relevant is the data if it’s not coming from the real world? And how does sophisticated AI that appears to work in mysterious ways fit into organisations that are increasingly adopting a zero-trust security stance? Tomorrow’s generation of AI-centric cyber products could struggle to find a place in the market if they remain obscure.
The cyber security sector itself is also shrouded in mystery. CISOs and governments are understandably guarded about what they can reveal about the exact nature of their security vulnerabilities. This makes it harder for startups to understand where the market is going or where the innovation gaps are.
Building cyber solutions we really need
We will encourage the creation of more useful security solutions if we can immerse startups into the world of the buyers. An early-stage company could iterate while it is building its core technology, while a more mature product team could learn a huge amount or simply validate assumptions through a focused piloted in a sensitive, real-world scenario.
Industry can and should play a role, but enterprises tend to be more interested in buying low-tech security products they can plug in and play now to prevent a crisis or comply with legislation. Real innovation is hard work and requires an organisation to commit to the process across departments and take on some degree of risk.
This is where government-led innovation can be hugely powerful. The UK government has a macro view of the security challenge and is highly motivated to find a solution. It is responsible for the economic interests of the country and is helping to boost levels of cyber security resilience among businesses large and small.
It also understands the role of cyber in protecting our critical national infrastructure and safeguarding our national security, from our schools to our food supply chains.
Also, the National Cyber Security Centre (NCSC) recognises the role cyber startups can play, which is why it recently partnered with Plexal to launch its latest accelerator. NCSC for Startups will match startups to specific challenges where there is a real need for an injection of innovation.
Throughout 2021 and beyond, we will onboard startups at various stages of growth to develop, adapt or pilot a solution. Experts from within the NCSC and GCHQ are excited and motivated to work with startups more closely than ever before. They will lend their experience and inside knowledge to support startups.
What is also very exciting about the initiative is that we are inviting tech startups from outside the sector’s traditional walls and helping to adapt their solution to meet a particular security challenge. By giving these tech innovators this focused attention, we have an opportunity to point an existing technology to an entirely new use case and unlock fresh approaches. A tech startup may have latent potential, but would struggle to do this alone.
In the end, working with the market is the biggest growth hack for startups in cyber and it will also ensure we are focusing innovation on the most pressing threats that endanger our economy and online security. There is no need to innovate alone.
Plexal is accepting applications for NCSC for Startups and will be onboarding startups over the next year. Learn more and apply at plexal.com/ncsc-for-startups