“The UK’s cybersecurity sector has grown tremendously in the last few years and has the potential to be right at the heart of our economic success.”

Saj Huq
Programme Director

  • New research by cybersecurity programme LORCA finds that investment in cyber startups has almost reached half a billion in 2020 and is on track to break the UK cyber funding record set in 2019 in just six months
  • But funding is dominated by more mature companies, with those at the seed and venture stages securing only 6% of investment in cyber startups since the start of the year
  • London, Edinburgh and Manchester confirmed as cyber capitals of UK

London, 8 July 2020: Cyber startups attracted record levels of investment in the UK in 2019, breaking half a billion pounds (£521m). However, with the transformation of the risk landscape caused by the global pandemic, British cyber startups have already raised £496m in the first half of this year, according to The LORCA Report 2020, the inaugural analysis of the UK’s cybersecurity startup ecosystem.

British cybersecurity startups have defied the economic downturn caused by COVID-19, raising £104m in the first two months of lockdown alone, showing a 940% increase on the same period in 2019. This increase starkly contrasts with the broader startup economy, which saw investment levels fall by 50% compared with last year.

However, less than 1% (£900,000) of the money invested in cybersecurity startups during lockdown was received by firms securing first-time funding, highlighting the growing focus placed by investors on growth stage cyber companies.

LORCA, the government-backed cybersecurity programme delivered by the innovation centre Plexal in partnership with the Centre for Secure Information Technologies (CSIT) at Queen’s University Belfast and Deloitte, produced the report in partnership with Beauhurst, the UK’s leading database for high-growth companies, to develop the first study of its kind. The report explores the key trends and challenges impacting startups operating in the cybersecurity sector.

The report analyses the geographical, technical and investment trends among the industry’s startups (companies that have attracted equity or venture debt funding), to understand the growth potential of the UK cyber startup ecosystem.

The research showed that London is the cyber capital of the UK, with 281 startups (44%), while Edinburgh and Manchester are also developing prominent cyber clusters.

From a regional perspective, clusters are thriving in the South East (18%) – centred around Oxford and Cambridge and the South West (5%), which is home to the hub around GCHQ in Cheltenham as well as others such as Reading. Closer analysis of investment activity across the UK cyber startup ecosystem shows that COVID-19 has exacerbated a long-term challenge around funding for early stage companies. Despite the record levels achieved last year (£521m), investment was overwhelmingly driven by growth stage companies (£354m). This has continued into 2020 – of the £496m already raised by cyber startups this year, 94% (£465m) has been secured by growth-stage companies.

This is hampering the development of many innovative companies in the cybersecurity sector. For example, the number of deals across cyber startups at the seed and venture stages fell from 52 in 2018 (worth £91m) to 39 (worth £53m) in 2019, with only 21 in 2020 so far (worth £30m). The research also found that almost half (46%) of cyber startups incorporated between 2014 and 2015 remain at the seed stage, higher than fintech (33%) or AI (41%).

The LORCA Report 2020, which was written following interviews with startups, scaleups and experts from government, academia and a cross-section of industry, also identified five key trends defining the future growth the UK’s cybersecurity ecosystem as a whole:

1. Investors find the market complex to navigate: VCs evaluate so many technologies that startups are struggling to differentiate themselves. The ecosystem must solve the communications issue preventing cyber companies from receiving the patient capital they need to scale effectively.

2. COVID-19 means early-stage funding needs greater protection: Investment moving downstream towards later stage companies is being accelerated by the pandemic, potentially shrinking the number of VCs with capital to invest in startups between the preseed and Series A stages. Addressing the shortfall will be crucial to ensuring we don’t lose a generation of cyber entrepreneurs.

3. The sector needs more consolidation: High levels of startup funding has made the cybersecurity industry crowded and complex. CISOs are prioritising products that can be integrated easily into an existing technology stack, pushing the industry towards ‘platform plays’ and product ecosystems facilitated by larger companies.

4. Access to cybersecurity is not evenly distributed: As the volume of cyber attacks on small businesses and charities grows, so does the potential market opportunity. By addressing an under-served segment of the economy, cyber startups could help bridge the digital divide and make security accessible for the many and not just the few.

5. Individual security could be the next innovation trend: Increasing consumer engagement with technology and the cyber risks that come with it are prompting greater efforts to secure the digital citizen. The market for products aimed at the individual is nascent, but this could change as public awareness grows.

Digital Infrastructure Minister Matt warman said: “It is great to see these new statistics. The tech sector will play a vital role powering an economic recovery out of the pandemic and the cyber security industry plays an important role keeping people safe online. We are backing our innovative firms to develop cutting-edge solutions and keep one step ahead of tomorrow’s security threats through our National Cyber Security Strategy.”

Delivered by Plexal, the innovation centre and workspace owned by clients of Delancey, alongside Deloitte and the Centre for Secure Information Technologies (CSIT), LORCA (London Office for Rapid Cybersecurity Advancement) is the DCMS-backed cybersecurity innovation programme, as part of the Government’s National Cyber Security Strategy . The report has been produced with insights from the likes of BT, British Business Bank, Albion Capital, Digital Shadows, Dell Technologies and GLA. The full version of The LORCA Report 2020 can be viewed online here.

Saj Huq, Programme Director, LORCA, comments: “The UK’s cybersecurity sector has grown tremendously in the last few years and has the potential to be right at the heart of our economic success. We have leading research institutions, technical innovation from startups and government-led bodies and growing engagement from investors and business leaders. However, the ecosystem is still nascent and obstacles remain to its continued growth. Access to funding for early-stage startups is clearly the biggest hurdle that must be overcome for the UK to compete on the world stage.

The global pandemic has highlighted the importance of cybersecurity, with the transition to remote working, sharing of sensitive medical data and increased collaboration between the private and public sector all transforming the risk landscape. Startups are uniquely placed to address these emerging challenges. Our world-leading fintech industry rose out of the recession of 2008; with the right support cybersecurity can be the country’s next global success story.”

For More Info Contact:

Tom Chamberlain
Seven Hills
E-mail: tom.chamberlain@ wearesevenhills.com
Tel: +44 7854 461301

Sophie Ingham Clark
Communications Manager
Tel: +44 (0)20 7448 1961

Katharine Walsh
Head of Communications
Tel: +44 (0)20 7448 1461

LORCA’s objective is to grow the UK’s cybersecurity sector and make the internet safer for everyone by supporting the most promising later-stage companies. Through its forums, programmes and events, it convenes academia, innovators, government, investors and industry (including partners Lloyds Banking Group, Dell Technologies, Kudelski Security, Kx and the Global Cyber Alliance) into a cross-sector, noncompetitive and collaborative ecosystem.

Designed and delivered by the Plexal innovation team, LORCA’s 12-month accelerator programmes are matched to each cohort’s needs. Members benefit from international trade delegations, opportunities to engage with industry, mentoring and workshops on everything from marketing to scaling globally. They also benefit from engineering, commercial and technical support from delivery partners Deloitte and CSIT.

LORCA launched in June 2018 with backing from the Department for Digital, Culture, Media & Sport (DCMS) as part of the Government’s five-year, £1.9 billion National Cyber Security Strategy. LORCA is tasked with supporting 72 scaling companies, creating up to 2,000 jobs and securing £40m in investment by 2021.

Since then, companies from cohorts one, two, three and four have raised over £86m in investment and won more than 600 contracts. Notable success stories include cyber company ZoneFox being acquired by Fortinet, CyberOwl winning a contract with the Ministry of Defence as a result of being involved with the programme and working with delivery partner Deloitte and Privitar raising $40m in a Series B round.

About Plexal
Plexal is an innovation centre and coworking space located in the fast-growing Here East technology and innovation campus in London’s Queen Elizabeth Olympic Park. It was launched in 2017 and was founded by clients of specialist real estate investment advisory company Delancey.

Collaboration is at the heart of Plexal’s approach to innovation. Its innovation team delivers bespoke programmes for clients like Innovate UK and Transport for London, and specialises in forging connections between industry, academia, investors, startups and scaleups to tackle some of the biggest challenges facing society while getting ideas market-ready.

Plexal has been appointed by the Department for Digital, Culture, Media & Sport to deliver the London Office for Rapid Cybersecurity Advancement (LORCA): an innovation programme aimed at scaling cybersecurity solutions that are needed most by industry.

It’s also delivered OpenDoor: an inclusion accelerator aimed at scaling solutions that can make society and our economy more inclusive while addressing the challenges of under-represented groups.

Designed as a mini-city (it has its own indoor park, a high street, indoor street food and a prototyping workshop), startup and scaleup members of Plexal’s workspace benefit from a comprehensive programme of events and in-house professional services. Members work in areas like mobility, AI, healthtech, cybersecurity, fintech, the Internet of Things, VR and more.
For more information, visit: plexal.com

About the Centre for Secure Information Technologies (CSIT)
The Centre for Secure Information Technologies (CSIT), Queen’s University Belfast, is the UK’s Innovation and Knowledge Centre (IKC) for cybersecurity, and the UK’s largest cybersecurity focused university technology research, development and innovation centre. The theme of CSIT’s research roadmap is “Secure Connected Intelligence”. CSIT is researching the new technologies needed for the seamless integration of electronic security into future Smart Cities and Internet of Things (IoT), including:

  • quantum-safe cryptographic architectures
  • malware detection methods that can counteract advanced evasion technologies
  • securing highly distributed networks for critical infrastructures
  • AI-enabled security analytics to provide to real-time threat indicators

CSIT brings a unique approach to academic engagement and delivering impact with industry in the UK and further afield. An Industrial Advisory Board (IAB) of member companies and strategic government partners plays a key role in defining the research challenges undertaken by CSIT, whilst a cadre of industrially experienced engineers help accelerate innovation to market. This creates collaborative opportunities for researchers to work with start-ups, scale-ups and large corporations and on solving societal challenges. It’s member companies are Allstate NI, BAE Systems, First Derivatives, Seagate and Thakes. CSIT is involved in delivering three national cyber security innovation programmes namely; LORCA, HutZero and Cyber101. For more information, visit: https://www.qub.ac.uk/ecit/CSIT/

About Beauhurst
Beauhurst collects, curates, and analyses data on the high-growth economy and its participants, from growing companies to investors and advisors.

We provide that data through a searchable online platform, used by thousands of professionals to deepen their understanding of the high-growth space.

We also work closely with clients in both the public and private sectors, providing insight to some of the UK’s most respected institutions.

The LORCA Report 2020 analysed information derived from Beauhurst’s database of high-growth UK companies to assess the status of the British cybersecurity startup and scaleup industry. It is worth noting, however, that many companies have their headquarters registered in London despite being based in another part of the country, and this also happens the other way round.

For the purposes of this report, LORCA defines a British cybersecurity startup/ scaleup as a business that’s domiciled and operating in the UK and provides a cybersecurity product (rather than services/consultancy) and has fewer than 1,000 employees. This is in accordance with the parameters of Beauhurst’s methodology.

LORCA identified 634 cybersecurity startups in the UK based on this criteria (accurate from 9 June 2020) and used the resulting data, along with a number of first-hand interviews, to inform the findings, analysis and recommendations in this report.

Beauhurst’s database includes analysis of the UK’s high-growth companies conducted in the following ways:

• Company stage: Beauhurst categorises companies into seven stages of evolution (seed, venture, growth, established, zombie, exited, dead) using over 40 proprietary criteria, which vary based on the complexity of the intellectual property the company is developing. For example, Beauhurst uses different criteria to evaluate a pharmaceutical company than for a software company. No one criterion is enough to determine stage of evolution, so it takes a balanced view with each decision. Rarely, a company may skip a stage, going from seed to growth, depending on how it is doing.

 • Company sector: Beauhurst tags companies with as many sectors from their proprietary sector matrix as appropriate, but does not order or prioritise the sectors attached to a company. The top-level sectors in the matrix are: agriculture, forestry and fishing; energy; leisure and entertainment; retail; technology/IP-based businesses; telecommunications service; tradespeople; transportation operators; built environment and infrastructure; business and professional services; craft industries; industrials; media; personal services; supply chain; and other.

• Equity investment: Beauhurst monitors thousands of sources to find announced equity investments, which is often the most timely declaration of a deal. More than 50% of deals, however, are not announced. To find these deals Beauhurst looks at SH01s (a share allotment form) filed at Companies House. It also uses these SH01s to calculate a company’s pre- and post-money valuations.