The timing of UK cybersecurity company Sophos‘s planned July IPO couldn’t be better. The company, which offers IT protection to medium-sized firms, is expected to secure a valuation of between $1.5 billion and $2.5 billion, in what could be London’s largest technology float.
News of the planned listing comes as London prepares for Tech Week, June 15-21.
At the week-long event, which aims to confirm London’s place as the tech capital of Europe, the government plans to promote the UK as a place where companies can scale. The planned Sophos IPO will also bolster the government’s on-going campaign to expand the capital’s reputation beyond that of a global hub for fintech and fashion tech to include cybersecurity, a multi-billion-dollar global market that is on track to get bigger as everything from U.S. government databases to the networks of the world’s largest corporations get hacked.
Technology analyst firm Gartner is predicting that some $79 billion will be spent on cybersecurity technology in 2015.
It is little wonder then that in the last five years, $7.3 billion has been invested globally into 1,208 cybersecurity start-ups, according to CB Insights, with funding in 2014 breaking the $2 billion barrier for the first time.
The UK cybersecurity sector alone is already worth £6 billion and employs 40,000 people, with exports rising by 22% last year, according to the UK government.
And it is poised to get bigger. The UK government has pledged to spend £3 billion over nine years to develop the next stage of national cyber intelligence.
Israel Is A Formidable Competitor
Of course, when it comes to churning out cybersecurity start-up successes the UK has some catching up to do with the U.S., home to venture-backed cybersecurity companies such as Good Technology (which has raised more than $550 million in venture capital), Lookout, FireEye and AlienVault.
Israel is also a formidable competitor: it has leveraged its defense capabilities into cyberspace in recent years, spawning an industry with at least 350 active cybersecurity companies, 18 of which are publicly traded. Check Point, one of the earliest entrants, has a market cap of $15.15 billion. Some 200 cybersecurity companies have raised nearly $850 million in private financing rounds over the past five years, according to the IVC Research Center, which maintains a database of information about the Israeli start-up sector. JVP, a Jerusalem-based Israeli venture firm, says that in the past three years alone its partners have been approached for investment by 290 Israeli cybersecurity firms.
“Clearly Israel is one of the places London will be compared with, but it is not uniquely equipped to deliver this kind of innovation,” says Alex van Someren, managing partner of the early-stage funds at UK venture capital firm Amadeus Capital Partners, and co-founder of Cyber London (CyLon), Europe’s first cybersecurity accelerator program, which opened its doors in April.
“The UK has a longer history, slightly longer than the existence of Israel in this domain. We’ve been recruiting and training code-breakers for more than 70 years,” says van Someren, referring to Bletchley Park, the UK’s Government Code and Cypher School, which regularly decoded the secret communications of the Axis Powers, most importantly the German Enigma and Lorenz ciphers, helping to shorten World War II.
Van Someren is a co-founder of nCipher, the last cybersecurity company to go public on the London Exchange, some 15 years ago at a £350 million valuation. It was later sold to Thales SA in 2008.
Expect to see more fund-raising and maybe even a few more IPOs in this space in London as cooperation is strengthened between accelerators, investors, academics and the UK government, including GCHQ, the UK equivalent of the U.S. National Security Agency and successor of the Government Code and Cypher School.
Spooks Turned Geeks
Today GCHQ acts as an intelligence and security organization responsible for providing signals intelligence and information assurance to the UK armed forces. It is also serving as a de facto training camp for budding tech entrepreneurs.
Take the case of Ripjar, one of the companies housed at CyLon. Its chief executive, Tom Griffin, previously worked for GCHQ; the four other co-founders worked in the defense sector before founding Ripjar. The company uses proprietary natural language processing, deep learning algorithms and visualization to monitor reams of data — including social media — to give clients real-time actionable information about everything from brand affinity to cyber threats.
Ripjar, which splits its offices between Cheltenham, Gloucestershire and the CyLon accelerator in London, got its initial funding through government grants and is now raising its first round, says Griffin.
“We have a unique expertise and understanding of dealing with very sophisticated attacks,” says Darktrace CEO Nicole Eagan. The mission of the secret services and start-ups like Darktrace is the same: finding new ways “to keep the bad guys out,” she says.
Darktrace’s technology is capable of learning what constitutes the normal pattern of life for an organization, its users and devices, so it can detect subtle deviations that suggest a compromise, breach or cyber-attack. It is already working with large corporate customers in Europe, the U.S., the Middle East and Asia and has quickly become “the fastest growing European cybersecurity firm,” says Hussein Kanji, a partner at Hoxton Ventures, which also invested in the round that valued Darktrace at $80 million. He predicts that the cybersecurity start-up could become one of London’s next billion-pound companies.
On Her Majesty’s Secret Service
CyLon was set up without government funding and companies like Darktrace appear to have no trouble attracting private backing, so how is the government planning to boost the sector with its pledged £3 billion? The answer is classified. “We can’t comment on the details of investment that comes from the Single Intelligence Account,” says a UK government spokeswoman.
In general, she says, it will be used “to help to boost the growth of UK cybersecurity SMEs” and to “build our cyber capabilities.”
The Government is already supporting the UK cybersecurity industry through a five-year £860 million National Cyber Security Programme (NCSP).
It has set up a joint government/industry/academia Cyber Growth Partnership (CGP) to support the UK sector and boost the UK’s global market position in cybersecurity products and services. More than 70 small cybersecurity companies have sprung up in recent years in and around Malvern, in Worcestershire. Today there are 13 academic centers of excellence based at UK universities.
Among them is the UK’s National Innovation and Knowledge Centre for Cybersecurity, which is is based out of Queen’s College in Belfast. The center has spun out three start-ups: Titan IC Systems, which makes hardware engines for content and network processing; ActivWireless, which develops technology to track people and assets; and Sensurity, a maker of high-end microwave sensors for the security industry which secured £1 million in investment from existing and new shareholders in November of last year.
Everything Is Exposed To Hacking
The Center’s member companies and partners include large organizations such as BAE Systems, Thales, IBM and Intel as well as start-ups such as RepKnight, Seven Technologies, Cyberlytic and Guru Ping. “As we move from the Internet of screens to the Internet of things everything is exposed to hacking,” says Stephen Wray, the Queen’s College center’s commercial director and a mentor to companies in the CyLon accelerator.
The UK’s efforts to become known as a cybersecurity hub are starting to bear fruit. Paladin Capital Group, a Washington-D.C. based private equity firm specialized in cybersecurity, has opened a European office in London.
And Lockheed Martin, working in partnership with technology merchant bank Restoration Partners, is creating a Virtual Technology Cluster (VTC) in the UK that brings together industry, academia and the investment community. The cluster aims to provide small cybertech businesses with the opportunity to become involved in cybersecurity contracts.
To further raise the profile of UK cybersecurity start-ups in the U.S., UK Prime Minister David Cameron led a delegation on a trip to Washington D.C. earlier this year. One of them, RepKnight, which specializes in detecting and understanding what is being said on the Web through social media, forums and RSS feeds, won its first contract with the U.S. government.In other measures the government announced funding for a cybersecurity ‘pre-accelerator’ program to help fast track early-stage cybersecurity start-up firms. “We envisage approximately £250,000 to be initially invested in the development of the pre-accelerator in the pilot stage,” says a Cabinet Office spokeswoman.
“We are still in the process of working up how the pre-accelerator will be delivered. The pre-accelerator is not intended to provide investments directly to companies but instead will help early-stage ideas and start-ups to develop the fundamentals they need to go on to success and access opportunities to support their development.”
“The government is not picking winners,” she says. “We are investing in a mechanism to further support the UK cybersecurity innovation ecosystem by providing help and support to new ideas and early stage cybersecurity start-ups.”
The Davos of Cybersecurity In London
Next year the UK government is sponsoring, alongside the U.S. Department of Homeland Security, an international conference in London called The Global Cybersecurity Innovation Summit (GCIS).
The GCIS, which will take place January 26-27, is coordinated by a U.S. organization called Security Innovation Network (SINET) and will gather top executives from Fortune 500 companies, critical infrastructure providers, policy makers, technology innovators, senior government officials and venture capitalists.
“There is no reason why we can’t create the Davos of cybersecurity in London,” says SINET founder and chairman Robert D. Rodriguez, a former special agent with the U.S. Secret Service.
One of our goals is to also inform UK family offices and other high net worth investors who typically make traditional investments in real estate, etc. about the tremendous and lucrative investment opportunities in the cyber security global marketplace, says Rodriguez. “We want to educate this group and tell them they are missing out on a major opportunity to make a lot of money while at the same time serving a higher calling with investments in innovative solutions that will protect our respective critical infrastructures and ultimately our national security and economic interests.”
London may not yet be on par with the U.S. and Israel but the potential for growth is there. Rodriguez and other interviewees say they see huge opportunities for start-ups in the sector. “There are so many challenges in cloud security, ID management, identification and the Internet of Things. The list just goes on and on,” he says.