In Scotland we have a thriving and growing cyber security community and ecosystem – but is it innovative? And can we do more to encourage innovation and to support our cyber entrepreneurs?
Scotland has a large cyber community, with over 200 cyber security companies having a presence in Scotland and many companies choosing to set up their operational teams in Scotland with numerous SOCs throughout the country. But are we innovative?
The answer is yes.
We have had many success stories such as My1stLogin, ZoneFox, Cyan Forensics, Symphonic, Quorum Cyber and many more that are building cyber security products and scaling their cyber security companies. They have come from different routes; some are university spinouts, others started as consultancies or managed services and have since moved into product development after spotting a gap in the market. All are flying the flag for Scottish Cyber Security (ZoneFox is now part of Fortinet which is a success story in itself, but no longer a Scottish company as a result).
However, could there be more of these companies setting up and scaling up each year? Are Scottish cyber security companies getting the investment needed to allow them to grow and scale as needed? A recent UK Cyber Sector report commissioned by DCMS would indicate that Scotland is not capitalising on the opportunity that cyber security brings. For example, total UK investment between 2017 and 2019 has been £968m, of which Scotland received only £6m (0.6%). Northern Ireland in comparison received £22m (2.3%). Similarly, the volume of investments made was 290 in the same time period, with Scotland receiving 14 of these investments (5%). Even where Scotland was receiving investment seemed to be at a lower rate than some other areas in the UK. Again, comparing to Northern Ireland, who also received 14 investments in this time, giving an average of £1.57M per investment, the Scottish average investment was £0.4M.
Despite these numbers, Scotland is doing well in cyber security and starting to establish itself increasingly more within the UK cyber security ecosystem, but just think of what more could be achieved were we to truly capitalise on the opportunities and investment currently available for cyber security companies in the UK and beyond.
This brings me to considering what can be done to help improve this situation, and to ensure we encourage a culture of innovation and entrepreneurism in the cyber community, as well as attracting cyber investments to Scotland on a more frequent basis.
Professor Bill Buchanan of Napier University, a world renowned cryptographic specialist, has proposed the creation of a Scottish Cyber Security Innovation Hub to provide a platform for cyber security companies to be nurtured, supported and developed, and which encourages innovation and collaboration in cyber security across academia, enterprise and start-ups.
Edinburgh University kindly ran a workshop back in February to explore this idea and to help understand the real benefit it could bring. CENSIS, Edinburgh Innovations, The Data Lab, SBRC, Scottish Enterprise, Napier, Edinburgh University, Leonardo, SICSA and myself (as the Cyber Cluster and ScotlandIS representative) were involved to explore this topic and to also discuss how it would partner and collaborate with existing institutions in this area. The overwhelming view was that having a Scottish Cyber Security Innovation Hub would make a significant and tangible difference to the ability to create scalable innovative cyber security companies at a level not yet seen in Scotland. It would help to create the next ZoneFox or Cyan Forensics or many more. The cyber innovation hub would seek to play a key role in the UK cyber ecosystem and would look to establish strong links with CyLon, Lorca, DCMS and others in order to strengthen Scotland’s ties with the rest of the UK cyber community.
And so, the work has begun to create the business case and the pitch to win support for this proposal, which is such an exciting and impactful project to be involved with. I am hoping to have much more to share on this over the coming months but do get in touch if you want to learn more. We will need full support from the Scottish cyber security community – particularly those large enterprises that can come on board as official partners – so I am really interested in hearing from anyone who wants to join us on this journey of making the Innovation Hub a reality.