A year after it launched, government-backed centre for 'cyber innovation' LORCA is millions of pounds ahead of its investment target at £57 million raised in total compared to the £40 million by three years target. But with the looming Brexit deadline and all the uncertainties that come with it, can the organisation keep up the momentum and do right by its cohort companies?
Opened by the health secretary and former DCMS minister Matt Hancock in July 2018, the job of the London Office for Rapid Cybersecurity Advancement, or LORCA, is to encourage the growth of British cybersecurity startups domestically and on the international stage.
Based at the Plexal co-working space in east London, LORCA is funded by DCMS as part of Britain's National Cyber Security Strategy, and is in partnership with Deloitte and Queen's University Belfast.
LORCA aims to act as a bridge between fledgling companies that have raised some funding, as well as enterprises, academia, and government. By matching businesses to market demands in the cybersecurity space, it hopes to bolster the UK's cybersecurity startup scene (in a similar way that London's fintechs are recognised) as well as drawing talent to these shores. The £57 million figure is the total raised by all companies since joining the programme.
Programme director for LORCA Saj Huq says that first the group's team of researchers consults with businesses across industry to better understand what's happening from a cyber needs perspective. LORCA then sets specific industry challenges for its cohorts, leading to it recruiting businesses with products and services that align with those wider trends. Huq previously worked in consultancies such as Deloitte and PwC, and started his career in the military.
"A company, when they apply to our cohort, should be aligned with one of those challenges - it means they're instantly market relevant," Huq explained to Techworld over the phone. "The product market fits with what they're doing."
Plexal hosts the companies, while LORCA helps from an "innovation consulting capability" including programme management, but also working with businesses to develop roadmaps and spur on their product development. Deloitte, meanwhile, provides everything from technical to commercial consulting support. The Centre for Secure Information Technologies (CSIT) at Queen's University in Belfast offers technical engineering support.
Additionally, there are other third parties that assist in everything from sales through to marketing and legal.
"Effectively what that means is we can create - and what we look to create for each company is - a bespoke package of needs drawing down on each of those services we can supply into a business," Huq said, "which helps them develop as a whole business as opposed to just developing a product or focusing on sales or mentoring the founders."
Its work in industry includes speaking with CIOs and other IT decision makers to better clarify the challenges that their organisations face, and subsequently pairing the startups to those specific enterprise needs.
One success story is Privitar, the big data startup that aims to help enterprises bake privacy protections into their projects, which recently raised $40 million in a series B funding round led by Accel, according to VentureBeat.
Cybersecurity startup poaching
In Huq's view, one of the major strategic challenges for developing Britain's cybersecurity startup sector is the risk that the best ideas are "stolen or lost overseas". He explains that the way this tends to manifest is when investors earmark a significant chunk of their cash in prominent - or promising - businesses, and then encourage them to relocate businesses overseas.
"The risk from cybersecurity is that because overseas markets like the US are so much bigger, from a buyers' perspective there's a bigger market in the US," he added. "Historically, because of the culture of US investors tending to take investments and therefore change their legal entity status to the USA, it is a risk."
Governments, as well as private investors, are also seeing an opportunity in cyber for a mixture of reasons. Perhaps first of all, the sector is booming with little signs of slowing, but it is also of interest from a geopolitical and national defence perspective: while cyber attack and defence originate from the military interests of countries, they are also more widely regarded today as not just adjacent, but essential to, national security capability.
But there is nevertheless opportunity here in the UK, provided businesses can be won over to these borders, or nurturing home-grown talent to stay. One of the benefits of remaining in the UK is the large amount of universities and research institutions, not to mention the adjacent financial services sector, which in Huq's view enables companies based here to benefit from the existing infrastructure and ecosystems. "We just have to guard against the risk that some of those may fly overseas," he said.
And how to guard against that? Well, encouraging investors and VC firms to be more bullish with their capital could go some way towards helping, and this may be a cultural issue.
"What I think needs to happen is there needs to be more European and UK-based investment activity of larger rounds happen," said Huq. "In the US, for example, there's a history of backing people by offering them larger sums of money at an earlier stage to pursue ideas, probably because there's that track record of large tech growth.
"In the UK we produce more unicorns than anywhere else in Europe, therefore there's no reason we can't do that in cybersecurity as well."
Brexit means Brexit
Of course, the elephant in the room here is the looming Brexit deadline, with various factions of the government torn on how best to broach the issue: crash out, strike some kind of a deal, or reverse it entirely.
Huq concedes that he must be a "little careful" about discussing the topic - which is frankly no surprise for a DCMS-funded initiative established by the Conservatives.
"We are having more and more conversations about this if I'm completely honest," he said. "People are worried about it. What I think is affecting it, is the timing of stuff. What I would say which is positive is that I don't think it's seeming to effect whether people think London is a good place to do business broadly."
Those worries include the question of attracting and retaining talent, general unanswered day to day operational questions, and also, possibly, how businesses and countries are going to engage across national borders.
However, he added, "London will always be a good place to do business and we have got this infrastructure to enable companies to really grow and flourish".
"While it is topical, to give you an example, we had a business move into Plexal a few weeks ago from mainland Europe, so people are still making the move, which is good. I think the clarity is having an operational impact ... there's a lack of clarity that's making people delay their decision by a few months, because in the hope that whether Brexit works out positively or not, at least if you wait a few months it will give you a bit more clarity to make an informed view."
According to Huq the "flipside" is that the cybersecurity market in the UK continues to grow, as have exports from Britain in the time since the referendum. He suggested this is evidence that it's still a "great place to do business, and it's positively moving – so on balance people are still coming here, which is great."