Do you know who’s looking? Why the UK cybersecurity sector needs to be more dynamic

10 February 2020

Do you know who’s looking? Why the UK cybersecurity sector needs to be more dynamic

The UK cybersecurity market is valued at over £8.3bn (source: Department for Digital, Culture, Media and Sport) and we are widely regarded as the largest growth nation for the industry in Europe.

Indeed, the UK has always had a rich history of innovation in computing: It started with the codebreakers of Bletchley Park when they cracked the Enigma Code and continued with Tim Berners-Lee’s invention of the internet.

However, although British security vendors continue to lead the way and defy the increasing threat of cyber-attacks, ensuring a prolific upward growth curve for their solutions, it appears businesses remain lackadaisical about investing in this crucial area. They do so at their peril.

According to recent research commissioned by Grant Thornton, 63% of mid-market businesses have not yet appointed a board member responsible for cybersecurity. The NCSC (National Cyber Security Centre) reports around 60 high-level security threats a month and estimates the cost to the UK economy is around £20bn per annum, many of which present a risk to national security.

How cybercrime is hitting business

The high level of threat from cybercrime has led to an exponential increase in capital expenditure from both the public and private sectors. Businesses and government departments face daily threats from cyber-attacks which come in many different guises. Data breaches are currently seen as the biggest threat with flawed web applications as a major contributing factor making application security a top priority.

Cloud-based threats also continue to grow, presenting another hazardous area for organisations as poorly configured or badly maintained silos of data can easily be accessed by unauthorised and malicious end-users. There is also a persistent threat from state-sponsored terrorists focusing on high profile data breaches, stealing political secrets and bringing critical services to a grinding halt through DDOS attacks.

The growth of the cybersecurity sector

The unprecedented level of online danger has produced fertile conditions for explosive growth in the number of vendors addressing the domestic and international marketplace. The sheer number of devices connected to the internet alone (Gartner predicts 4bn in 2020) and the demand for secure Fintech and 5G applications have created the perfect conditions for growth.

Anne Stokes, CEO and co-founder of ST2 Technology, which advises firms on cybersecurity issues, says businesses need to have a multi-layered approach to security in order to combat insider threats – both deliberate as well as accidental. She added:

“The internet of things is a growing sector, with most people using their mobile devices to access a whole raft of cloud-based applications. And yet, most of these devices are not secure. Most organisations are not securing their data properly – businesses really need to ensure the devices their staff use are not going to be compromised. The problem is that for many businesses, they don’t know where to start. It’s almost too daunting. Many firms invest in firewalls, which act like a key that you might use to lock your house. But if someone has a copy of that key, there is nothing to stop them from getting in.”

The case for dynamism in the sector

Despite the anxieties caused by a constant cyber-threat we are fortunate in this country to have so many innovative and diligent security vendors. The solutions offered by the cybersecurity market have to be dynamic, fluid and progressive to meet the threats from unseen attackers who continue to finesse their attacks on a rapidly changing technology landscape.

The evolution of public cloud infrastructure, artificial intelligence, IoT and ‘security as a service’ brings with it increased challenges which need to be met by solution providers. Successful vendors need to move quickly to keep ahead of the growing threat of malware and hackers.

The UK cybersecurity market continues to punch above its weight and is only behind the US and Israel in terms of investment funding (source: Telefonica’s Wayra Group). The industry is well supported by the British government which promotes and invests heavily in the cyber ecosystem – £1.9bn over five years – to help maintain its competitive edge.

Bullish outlook for M&A activity

It seems appetite for deals in this thriving sector remains strong. One major UK player, Cambridge-based security provider Darktrace, achieved Unicorn status in 2018 with a valuation of over $1bn (source: CBNC). UK heavyweight Sophos paved the way for M&A in 2019 with its US$3.8bn acquisition by Thoma Bravo, whilst in the US NASDAQ quoted Mimecast achieved a market capitalisation of more than US$3bn in the same year.

The UK market is well served in the mid-market with solutions to cybercrime and by the end of 2018, there were over 800 companies which in total attracted over £9bn of investment (source: Tech Nation). The rest of the field includes young SMEs supplying some notable solutions and many of today’s smaller organisations are attracting significant investment. Companies like Cybsafe (£4.5m raised to date), iProov (£8m) and Corax (£10.8m) have all been busy raising cash from a bullish investment community.

The M&A activity in the marketplace is equally dynamic as corporations look to achieve growth through acquisition. The largest-ever cybersecurity deal, to date, Broadcom’s acquisition of Symantech for US$10.7bn set the tone in August 2019 catalysing an uptick in strong valuations and transaction volumes. The deal exemplified the three key trends affecting the acceleration in international M&A activity, namely:

  • The critical requirement for growing volumes of personal data to be secured
  • An expanding rise in the number of devices connected to enterprise networks
  • The increasing regulatory and financial penalties for insufficient cybersecurity measures.

Nigel Cook, founder and managing director of Evolution Capital, commented:

“Cyber attacks are among the most pernicious threats to any business today and anyone unprepared can be brought to their knees very quickly. To counter these threats effectively organisations need to commit to significant management time and investment in technologies, like AI to get protection. From the amount of M&A activity that we are seeing in the market, it is evident that AI focused security vendors are becoming increasingly sought after. As experts in preparing technology businesses for acquisition, an increasing amount of our time is spent preparing cybersecurity businesses for sale.”

The need for expert advice

Business advisers to these security vendors also need to up their game when preparing clients for sale. Unprecedented demand for acquisitions in the sector has meant there are many nascent security businesses for sale that need specialist skills and expertise for owners to enhance their value and maximise any potential exit.

The demand for expert advisers who understand the marketplace and can add value in the areas of sales, operations and finance is understandably high. An evolving market like cybersecurity clearly needs experienced advisers to meet the demands and expectations of owners in this dynamically growing sector.

If you’re a business owner looking to buy, sell or accelerate in the cybersecurity sector, contact our senior M&A adviser Gary Smith to find out how Evolution Capital can help.

Become a client