Yesterday it was announced that a new start-up accelerator, based in London, would launch in an attempt to generate a wave of new cyber-security technologies. The first 13-week programme for Cyber London (CyLondon) is to start in April, and industries involved in the project include defence, retail, telecoms and healthcare.
Ten teams a year will receive funding, with start-up founders receiving £5,000 in cost-of-living allowances. Mentors are said to include unspecified government agencies, academic experts and leaders of business.
The programme's founder is Alex van Someren, of Amandeus Capital Partners, who previously co-founded nCipher, the security start-up. He is joined by co-founders Grace Cassy and Jonathan Luff of Epsilon Advisory Partners, and advisers Jon Bradford of start-up accelerator TechStars and Eileen Burbridge of venture capital firm Passion Capital.
Given the involvement of government agencies, its UK location has not been disclosed. The closing date for applications to the first programme is 2 March.
Just one day after this announcement, cyber-security start-ups, investors and experts met at the first Cyber Startup Summit, which took place in London on Wednesday.
Neill Gernon, founder of pre-startup accelerator Hustlehack - and organiser of the event, said that there has ‘not been a lot' of investment in cyber-security to date, but hopes this event can kick-start things.
Marco Morana, SVP at Citi Group and a mentor at Level39 – one of Europe's largest technology accelerators (which has helped Digital Shadows among others get funding in the past) added that there is likely to be more opportunities in the industry going forward.
“I've a strong belief that cyber-security is a great opportunity for professionals, and for start-ups…Now is a great time for cyber, because there's high demand in the corporate world.”
And citing the high-profile data breaches of recent times, he said that start-ups should turn the tables and view this as a chance to do business. Noting that the Chinese character for ‘crisis' includes that for ‘opportunity', he said that newer companies are well placed to take advantage in an age of dated technologies in critical national infrastructure, privacy concerns around social media, and new and revised data protection regulations.
Morana - who is also an adviser to Nok Nok Labs - added that even those start-ups not focusing specifically on cyber-security, should ensure that their information security is up to speed.
“It's very important to think of security early in lifecycle start-up,” he said, before going onto mention the potential for these firms to collect personal details, and payment records.
“Thinking about security early is critical, because basically it might impact the reputation of whatever it is that you're doing.”
Ascot Barclay was one of the cyber-security start-ups in attendance at the event and the company's founder, CEO and CISO Mike Loginov said that the firm had experienced ‘fairly rapid' growth since launching in 2006.
The company works with national governments and private companies by providing various services, including security education and awareness, breach detection and mitigation, and advice on policy and strategy. It can also work to a specific industry, such as if they are facing APTs or have outdated SCADA systems.
The firm has recently acquired ANTAR and moved its HQ to the Channel Islands - but not all companies have been so lucky. Some attendees expressed concerns on the due diligence (such as needing to adhere to ISO27001) they go through when meeting prospective partners, customers or buyers.
Professor Angela Sasse, director of the research institute for the science of cyber-security at University College London, believes that there are real opportunities for UK start-ups in authentication and encryption.
Sasse, who co-wrote the ‘Users are not the enemy' research paper back in 1999, expanded on a similar talk last year by saying that this is now the time of ‘great authentication fatigue'. Simply put, everything from passfaces, thinking passwords, biometrics, and single sign-on (SSO) has been tried, but to little avail.
“I think it's a great business opportunity, she said of the password conundrum, further referencing a NIST study which indicated that there are 20+ authentications a day, with a 10 percent failure rate.
This, she added, was also making life more difficult for system administrators. “People are making mistakes and if people are not compliant, you create a really high noise level. If you are monitoring, this is a huge noise level and attackers love this, they can actually hide. We need security which people can actually comply with, so we can detect the genuine attackers."
Sasse added that encryption – a huge topic of debate in light of British Prime Minister David Cameron's recent comments- also represents a sizeable opportunity.
“Cryptographic solutions are not usable…it's not happening so there is an opportunity [for start-ups] there.
“Trying to port old security to new devices generally doesn't work, that's one of reasons we now have biometrics.” Sasse went onto criticise CAPTCHAS as 'business preventers' and said start-ups – cyber-security or otherwise –should be thinking about security, usability and privacy.
This news comes just weeks after a group of UK cyber-security start-ups, including Digital Shadows, joined Cameron on his visit to meet the US President Barack Obama in Washington, where national security and terrorism were topics of discussion.