VC funding for European cyber security firms

News by Doug Drinkwater

With the NSA's spying on European citizens well-publicised, London-based C5 Capital is launching what is believed to be Europe's first-ever cyber security venture fund.

As detailed in today's Financial Times, C5 Capital is raising a targetted US$ 125 million (£74 million) for a fund to help boost European cyber security companies, and is expected to close the first round of funding shortly. The company aims to reach its final target at some point next year.

The London-based asset manager has already made its first two investments, investing US$ 8 million (£5 million) in Balabit, a Luxembourg-based company which specialises in detecting insider threats. The company does this with its technology which monitors normal and unusual behaviour, using algorithms to discover the latter.

A spokesperson for C5 Capital told that it is “investing capital investments of US$ 5 million to US$ 25 million (£3 million to £15 million) in fast growing, profitable European companies that operate in the security and data sectors”.

A proviso is that these companies ‘must be established' with minimum base-line revenues of US$10 million (£6 million). “Growth is key so these companies must be growing at least at 20 percent per annum and with barriers to entry such as differentiated technology and IP,” said the spokesperson.

The firm said that it is interested in funding enterprise software providers offering network layer and endpoint security, as well as firms providing defence and detection systems or with technologies that protect key infrastructure.

In addition, the company would also consider investing in those offering regulatory and compliance or data and analytics.

Nazo Moosa, co-founder and managing director at C5 Capital, told FT that being a European company could now be a competitive advantage, as these firms are typically not subject to the same level of data collection carried out by the NSA and GCHQ.

“Saying something was German-made became really relevant in the security sector,” she said. “It is counter-positioning, if you like.”

Moosa added that UK companies are in an “interesting position” with the country's government both a prominent member of the European Union but at the same time closely tied to the US.

In an interview with, Moosa stressed that this funding is largely a ‘booster' to already established companies demonstrating scale and growth and said that her company is currently interested in looking at those companies providing contextualised security, such as security with big data and security with artificial intelligence.

Local hubs are beginning to spring up in various areas around the continent. Moosa notes hubs near defence contractor Qinetiq in Malvern, GCHQ in Cheltenham and says that there are areas of growth in France and Eastern Europe – and in Hungary, in particular. Israel is reportedly a hotbed of activity with around 100 new companies in cyber security emerging each year and Moosa told SC of ‘surprisingly' good traction in Germany, despite it not being recognised as a leader in the IT security space.

Moosa added that some of these companies have in the past looked for VC or ‘growth' funding to facilitate a US launch – a country she described as the ‘epicentre' of cyber security – but said that the Middle East and Asia are emerging as ‘possible alternatives'.

VCs have flocked to fledgling cyber security start-ups in recent years. In 2012 alone, more than 2000 cyber security start-ups worldwide attracted more than US$ 1.4 billion (£825 million) – up from US$ 1 billion (£590 million) in 2011 and US$ 500 million (£295 million) in 2010.

In an email exchange with SC, Will Semple, VP of research and intelligence at Alert Logic and former CISO of NASDAQ, said that this move is encouraging news.

“The C5 Capital launch is exciting news for the UK and Europe.  It supports what has been known for a long time, that some of the best cyber security professionals in the industry can be found in the UK and Europe,” he said.

“Getting to the heart of the problem, it's about trust and transparency. The mood of business and the consumer in the UK and Europe is not that US companies are not trusted; the recent actions by Facebook, Google and Microsoft to deploy end-to-end encryption on their networks shows that US business is as much at odds with its own government agencies' actions as the UK and European businesses.

“This initiative by C5 Capital can be a good stepping stone to help disrupt the industry and spark innovation and investment from challengers and established vendors.  Innovative cyber security products and services that are built in the UK and Europe with a primary market of the UK and Europe will be attractive for regional investors.”

Interestingly, he added that US vendors must adopt a model that ‘answers the concerns of the region' – citing his own company Alert Logic, which has a UK data centre and SOC staffed with UK talent.

This news follows call by a number of those in the industry for more European activity to counter NSA surveillance.

“Many of these problems result from the fact that we Europeans have been unable to provide alternative services to US services,” said F-Secure researcher Mikko Hypponen at InfoSecurity 2014.

 “It's the reason we foreigners keep using US services, even though we know the US has the legal right to access data, to collect and save our emails, and to track the location information on our smartphones."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews