The cyber-security industry has grown exponentially, keeping pace as the Internet gains an ever-more pervasive influence over our daily lives. According to a 2016 article by WIRED, the global cyber-security market in 2004 was worth just £2.6 billion. In 2017, it is estimated to be closer to £90 billion. Cyber-security is now a global force to be reckoned with.
So, why has the UK not capitalised on this huge market growth, to make our little island a global cyber-security hub to rival the reputation of Silicon Valley? As an English-speaking nation at the epicentre of the global economic engine, one would assume we're in the perfect position to be grabbing the cyber-zeitgeist?
What challenges do organisations in the UK face?
The primary issue in starting a successful cyber-security business in the UK is the skills shortage, which plagues every country on earth that is looking for security professionals. According to jobboard, Indeed, the number of individuals expressing interest in cyber-security jobs only accounts for a third of the demand expressed by employers. This is further supported by research carried out by ISACA in their State of the Cyber security report 2017, where 32 percent of enterprises reported that the time to fill cyber and information security positions is six months or longer. While machine learning solutions can work to augment this skills gap to a certain extent, they certainly cannot entirely replace the human-element needed to keep us safe online.
Another consideration is the cost of running a business in the traditional UK business hub of the South-East. With so much of the UK economy built out in London, as a global economic hub, pulling away from it can be difficult, but staying can be even more difficult, with sky-high office rents and huge competition for highly skilled resource.
How do we create a homegrown Silicon Valley, and where do we do it?
Over the past few years, many homegrown and international cyber-security businesses have been questioning the logic of establishing their operations in the hugely the traditional business centres of London and the South-East in favour of other UK destinations. There are many things to consider when setting up as a cyber-firm outside of London: the proximity of good quality Universities offering cyber-security-related degrees, the willingness of local and regional governments to support the development of a cyber-cluster, and enough vibrancy in an area to attract the young, dynamic people that security companies need away from the bright lights of London (or indeed, California).
Areas such as Cardiff and Belfast have managed to fill these criteria. In Cardiff, the University of South Wales has in recent years prided itself on its attempts to curb the cyber-skills shortage, organising the National Cyber Security Academy, which runs BSc Hons courses in Applied Cyber Security. This joint effort from both the Welsh government (a partner on the National Cyber Security Academy Academy) and the educational institutions in Wales has created employment opportunities that allow graduates to stay in the area after graduation, working at leading companies within their chosen industry. Indeed, security companies such as Alert Logic, Airbus and Pervade software all now have UK operations centred around South Wales.
Belfast can also boast an impressive cyber-security resume. Having already been dubbed ‘The cyber-security capital of Europe' , Belfast has followed a similar route to its Welsh counterpart in encouraging the growth of the city's cyber-security industry. The government funded Engineering and Physical Sciences Research Council has identified 14 UK Universities to champion as Academic Centres of Excellence in Cyber Security Research. Among these is Queens University Belfast, which boasts the Centre for Secure Information Technologies. The CSIT was awarded a major investment from Invest Northern Ireland, which secured a research investment for the CSIT of £38.5 million; more than enough to draw serious players in the security industry to Northern Ireland to capitalise on the ground-breaking research that will be taking place at the CSIT.
So, what should a new start-up look for as a UK base?
For any company looking to use the UK as a basecamp for operations, or for any homegrown cyber-security companies looking to break into this constantly growing market, the above examples are well worth considering.
A start-up in any industry needs as much help as it can get, but for one faced with a chronic skills gap, choosing a location which is likely to support business growth is vital. Looking to areas such as Belfast and Cardiff would be sensible, for a good pipeline of security graduates, and local government infrastructure that is more than happy to invest in cyber-security as an emerging local industry.
If we can start to make these cities associated with cyber-security in the same way the Bay Area is associated with tech of all kinds, then we can change the perception of cyber-security as a word that scares away the general public, and replace it with the dynamism and forward-thinking that Silicon Valley has become associated with. Let's move the cyber-seat-of-power across the pond!
Contributed by David Howorth, SVP EMEA at Alert Logic
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.