Infosecurity Europe
4-6 June 2024
ExCeL London

Interview: Why Start-Ups Are Critical to the Cybersecurity Ecosystem 

Infosecurity speaks to Saj Huq, CCO at Plexal, about how start-ups are contributing to the cybersecurity ecosystem and the technological innovations they are focused on 

This summer, Plexal has launched its latest Cyber Runway Ignite programme cohort in partnership with the UK government Department for Science, Innovation and Technology (DSIT). 

The Ignite part of the programme focuses on the founders of some of the most innovative start-ups the UK has to offer, supporting them with leadership training and mentorship as well as understanding founders’ development needs. The initiative is part of the Cyber Runway Programme, the largest cyber accelerator in the UK, which over the past two years has supported cohorts comprising over 300 companies.

Infosecurity recently spoke with Saj Huq, CCO at Plexal, about the importance of start-ups in the cybersecurity ecosystem, the biggest challenges faced by these companies currently and his outlook on the cybersecurity industry today. 

Infosecurity Europe: Why is it important to have government backing for cybersecurity start-ups?

Saj Huq: We’ve been delivering programmes on behalf of the UK government in the cybersecurity space since 2018 and I think that parallels with the government deciding to take quite an interventionist approach to supporting the growth of the UK cyber ecosystem. The reason for that is because they recognise that the government can play a key role in bringing together public and private sectors around an emerging area, such as cybersecurity.

We often think of cybersecurity as quite an established market now but there is a lot of innovation happening and new companies coming into the space.

Infrastructure that is supported by government, such as the Cyber Runway programme, is important to give these start-ups a platform from which to not only grow but to access expert networks and support that they otherwise may not be able to on their own. Sometimes the brand of government can open doors, which is quite difficult for an individual sector or industry organisation to do on their own.

People are trying to work out if AI is a benefit or a key risk to cybersecurity.

IE: Diversity is a focus for Plexal across its programmes. Why is it vital to have people from diverse backgrounds in start-ups and as founders?

SH: Any industry that has a deficiency of certain communities or groups needs role models to inspire people to follow in their footsteps. Entrepreneurship generally has been a difficult place if you're from an underrepresented group. This is for various reasons, for example sometimes there are social-economic barriers, but we find in cybersecurity it’s probably like other technical domains in that you have a convergence of barriers and problems. Not only is there an absolute skills shortage in the sector as a whole, but there’s also a diversity issues.

Video Interview: How Plexal is Tackling the Gender Gap in Cybersecurity Start-Ups

It is part of our mission to try and diversify the type of companies we are supporting. Not just because we're trying to change the inputs here, as in bringing more people into the space, but because these are people who are creating businesses and then going on to employ people. They're creating the jobs of tomorrow. It's these companies that we've relied on to grow this area of the economy.

We hope that we can also encourage other elements of the ecosystem to come forward and become engaged, including investment from underrepresented communities. One of the things we've been doing is trying to build bridges with female angel investors. It's a whole myriad of approaches that we're trying to take to really broaden the diversity of our cohorts.

Tech start-ups that are delivering a non-cyber technology product need to be conscious of cybersecurity.

IE: On the technology front, what are start-ups focusing on in the cybersecurity space today?

SH: AI is of course an area of interest. People are trying to work out if AI is a benefit or a key risk to cybersecurity, the use cases in support of AI and the collection of technology that makes up AI are only just emerging the security. Clearly though, it is an area of interest from an investor perspective.

There’s also definitely a challenge around software supply chain security, that is a massive area of risk. So that is a focus for a lot of companies, because they realise that their supply chains are so complex at the moment, so they are considering how to manage risk in those supply chain relationships.

One of the other trends we are seeing is the shift from software-enabled security to hardware-enabled security. Especially with some of the newer technologies like AI, which have the potential to fundamentally change the computing foundation support we rely on, such as some of the chips and the infrastructure we utilise, including in the cloud. This presents more complex security challenges to navigate.

Lastly, an increasing area of focus, which touches on the broader macroeconomic point, is around secure innovation. Every business today is a technology-enabled business and a lot of tech start-ups that are delivering a non-cyber technology product need to be conscious of cybersecurity more broadly because their intellectual property is under threat from being attacked. They are at risk because of some of the things they are working on. It is about trying to help people develop technologies in a more secure fashion, with a more secure architecture and better software development processes that have cybersecurity built-in throughout.

IE: What are some of the biggest challenges to start-ups today and how can entrepreneurs overcome them?

SH: I think for an entrepreneur it's quite difficult to raise money, certainly a reasonable valuation. That said, money is still available, people are investing, and a lot of investors have raised money themselves to invest over the last couple of years, so they have the money to deploy. But the scrutiny on the types of deals they are looking at has certainly heightened.

We’ve seen a lot of challenges with high growth, particularly in the US and Israel, where companies have raised a lot of money over the last two or three years, potentially at higher valuations than they should have, and they’ve now hit a few challenges given the broader economic challenges of where they go to next, which is typically the public markets.

For early-stage entrepreneurs it is always difficult to raise money, particularly if you’ve never done it before. This is particularly the case in the UK because we still don't have a well- developed investment ecosystem in the earlier stages.

IE: Why are start-ups important to the cybersecurity ecosystem?

SH: Start-ups are important to a lot of what we have talked about in this conversation. For example, where new technology is going, some start-ups typically create new technology and concepts, both in cybersecurity and broader technology sector, that are going to be used by people at scale in the industries of tomorrow. Start-ups are bringing these technologies to market so you have to work with innovators to embed a lot of the principles but also understand what the opportunities and challenges are with these technologies. Security as a concept has to be really close to the innovation ecosystem at large.

On the importance of cybersecurity start-ups specifically, it is because this sector is changing so much. The security landscape has shifted so much in just the last few years so you always need this kind of capacity for new entrants to come in with fresh ideas. It's easy to get entrenched in one way of doing something in security because unfortunately a lot of the old problems still exist, but there are also lots of new ones.

Cybersecurity start-ups can be responsive to what the market needs and how those needs are evolving. 


Enjoyed this article? Make sure to share it!

Looking for something else?