“Cyber London (CyLon) is a hub for the cyber security companies of tomorrow,” states the bold mission statement for the first and only cybersecurity-based accelerator programme ever run in Europe. Tech accelerators-cum-incubators are ten-a-penny but this one is different. It wants to do something nobody else has even attempted to do until now – supercharge a new generation of indigenous UK-based cybersecurity firms that will turn the country into a producer of defensive technology and not simply a consumer of systems invented elsewhere.
It’s a complex ambition but after accepting its first round of entrants to its three-month programme earlier in 2015, the signs so far are promising. A clutch of promising new names has graduated, including Mentat, Intruder, CyberLytic, AimBrain, Ruuta.io, and Sphere, with two older startups, SQR Systems and RipJar, embedded in CyLon’s London offices as exemplars of what is possible given time and hard work.
CyLon recently closed applications for its second round, due to be announced by the end of November for a start before Christmas, at which point it will be easier to judge how easy it will be to keep this up and what sort of untapped potential lies out there waiting to be discovered. The offer it makes to the early-stage entrepreneur and engineer teams it is looking to attract is surprisingly low-key. Entrants accepted on to the programme are offered office space for at least 12 weeks, handed £15,000 (stumped up by sponsors) in return for an unusually tiny stake in their company and get a demonstration day to promote their technologies when they graduate.
As is the accelerator way, during this internship, they get intensive entrepreneurial and technical help to boot them into going concerns with prospects. Applicants can come from anywhere in Europe as long as they base themselves in the UK and there is a preference for working with pre-existing teams rather than individuals.
Cyber London – what problem does it solve?
With lots of questions for Epsilon Advisory Partners founder and CyLon programme co-ordinator Jonathan Luff, the first is simply why a UK accelerator for cybersecurity is needed when countries such as the US and even tiny Israel seem to have no problem creating early-stage security companies without help.
“We were something better than every other alternative, but the opportunity to do so in a dedicated space with office services provided and a structured programme and access to an excellent network,” says Luff.
“It’s a puzzle why we don’t build businesses of scale in this area. […] If you look in the portfolios of leading venture firms you’ll find a good number of fast-growing capable cybersecurity companies. Given our heritage in this field it seemed to us anomalous that there weren’t more companies being founded and getting to scale.”
Luff has hit on issue number one – why hasn’t the UK created more computer security startups when it’s s acknowledged as a leader in the field at academic and government level? It’s been this way for years. Search history for names to grab hold of and as far as the security industry is concerned until very recently you’d come up with a handful of names at best.
Database security firm Secerno, founded in 2006 (sold to Oracle in 2010) would be one. Further back in time was the pioneering encryption firm nCipher, floated on the stock market in the dying days of 2000 before being sold to Thales at a knock-down $100 million in 2008. Not coincidentally, nCipher was co-founded by Alex van Someren of notable Cambridge VC Amadeus Capital but also now a moving force behind the creation of CyLon itself and one of its public faces.
So CyLon’s team, which also includes former GCHQ head Sir Ian Lobban on the board, has the battle scars of working in UK cybersecurity.
“The point of Cylon is to address the need to build a cluster of cybersecurity companies in the UK to rival in US and Israel,” says Luff. “In Israel it’s just assumed that there will be a crop of cybersecurity companies being founded.”
He stresses the special demands of cybersecurity that go beyond the normal problems associated with getting technology firms off the ground. “Cybersecurity is complex and the customers are specialised and the tech is hard,” says Luff.
Cyber London - the elusive customer
This, you wonder, might be one of the biggest problems that cybersecurity startups face and why an accelerator is attractive. Tech development is of course fraught, finding business support and funding hard, and sourcing competent engineers to aid expansion far from straightforward. But even if a startup solves all of these challenges, they still have to cross a quite gigantic hurdle – attracting customers.
The US and Israelis seem to be good at this but they hail from countries whose leading firms have a greater willingness to buy into risky unproven technologies borne out of a dissatisfaction with older systems. As it happens, in 2015, the theme of dissatisfaction is off the historical scale so much so that it is possible to construct the last decade of security systems as a controlled failure of inadequate technology that has proved to be years behind the strategies of attackers. Unhappiness with established technologies has never been higher and this helps new companies that can get their story across.
Luff and van Someren of CyLon both refer back to famous US accelerator programmes such as Y Combinator but it’s hard to imagine that being so undemanding when it comes to the commercial side of things. CyLon took no equity in its first round of startups and even the second round will hand over a measly three percent.
“It has been set up on a basis that is different from other accelerators,” accepts Luff who quickly reveals an unexpectedly idealistic element to the current CyLon model, which is funded, after all, by the generosity of sponsors including BAE Systems, Raytheon, Winton Capital and Fried Frank Technology.
“We have seen this all along in doing this for the UK. There is a value to having successful businesses that are founded here and grow her in supporting the wider economy. For now, this is not a vehicle established on the commercial terms that other programmes have been. We want them [startups] to feel they are getting a very strong programme.”
One day this modest approach to acceleration might change but for the time being CyLon is a pragmatic programme. The sums of money being invested are small, the equity tiny. The programme is all about exploring potential.
Perhaps what CyLon really wants to be is less a pure accelerator so much as the beginnings of a hub, a networking cluster in which the smart minds trickling out of universities and established engineering firms can find themselves.
Can they, one day, match the big boys in the US that seem to fire up cybersecurity firms (many well-funded but pretty no-hope – ed) with a regularity that makes the process look easy?
“Bluntly, yes. Our level of ambition should be greater than that. The UK can and should aim to be a first-order power in the global the commercial cybersecurity industry.”
In the last three years, the UK has at along last uncovered its first proper wave of cybersecurity companies - witness the dozen or so that exhibited at the 2015 Infosecurity Show on a special booth funded by Innovate UK, including the eventual award winner, GeoLang and much larger new names such as Darktrace. But as impressive as all this sounds, more often than not UK cybersecurity early-stage still looks and feels like a craft industry run by wizards with engineering and maths degrees.
The arrival of CyLon and its incubation model feels like the start of a different story, the change that might finally give the wizards a chance of casting bigger spells.
Cyber London’s first graduates – analytics, secure messaging, router security
Mentat – security analytics. “We are the builders of machine intelligence in-motion, at enterprise scale and beyond.”
Intruder.io – more security analytics as an alternative to pen-testing and vulnerability scanning. Sorts the threats from the noise.
CyberLytic – automated cyber-defence tools founded by experienced former BAE Systems engineers
AimBrain – mobile biometrics, still booting up website
Ruuta.io – software to improve home router security and create mesh networks
Sphere – website not fully active but offers secure workspace technology
SQR Systems – founded in 2010 as a university spin-out, has built excellent secure messaging platform called Ceerus
RipJar – more a business analytics platform than a security company but like SQR offered space by CyLon as inspiration to the younger outfits, showing them what is possible in time.
What did Cyber London do for us?
Dr Nithin Thomas, CEO SQR Systems
“We have always been involved with the startup and entrepreneurship scene in London. I mentor at initiatives like Shell LiveWire and have always found it enjoyable to help young entrepreneurs that are going through what we did just a few years ago. I have also seen the impact organisations like CyberY are making in the cybersecurity industry by helping and connecting early stage entrepreneurs and providing them with valuable support, particularly in the early stages.
When Alex Van Someren from the CyLon founding team told me about the CyLon idea, I thought it would be a great opportunity for the whole team to get involved with the cybersecurity startup community and Alex and I agreed it would be great to have us based at the accelerator with the other startups.”
“The opportunity for entrepreneurs at different stages of the journey to work together and share ideas and experiences has been a really positive experience for the whole team. We have had a fantastic time working here and sharing the space with some energetic and incredibly talented entrepreneurs that are making a difference in the London cybersecurity scene.”