The cybersecurity industry; a discussion with Danny Lopez

Since the 1980s, we have been going further and further into what has been dubbed 'the digital age'.  However, never before has the world seen a rapid acceleration towards digitalisation quite like that which has taken place in the past couple of years, during the COVID-19 pandemic.For many of us, this shift towards cyber communication has stirred up feelings of disconnectedness, making us feel, to some extent, as though our lives have been put on pause. However, with the increase in online traffic creating a whole new internet userbase and a substantial increase in the amount of data stored online, cyber-criminals are thriving; hence, making cybersecurity more crucial than ever before.Danny Lopez, CEO of Glasswall, kindly took the time to give us further insight into the cybersecurity space. Before Glasswall, Lopez held the position of COO at Blippar, a UK-based augmented reality company and, between 2011 and 2016, was the British Consul General to New York and Director-General for trade and investment across North America.

The current state of the cybersecurity industry

A large number of companies offering cybersecurity solutions

The COVID-19 pandemic has had a massive impact on the current state of the cybersecurity sector, both in the number of cyber-attacks but also in the number of businesses now offering cybersecurity solutions. This is shown in the UK Cybersecurity Sectoral Analysis 2021 which reports there was a 21% increase in the number of active UK firms offering cybersecurity products and services in 2021 compared to 2020, and a 75% increase compared to 2017/18.Danny Lopez has seen this first hand. “The race to digital has accelerated with basically a decade’s worth of development within a year on the back of COVID-19, increasing the number of risks” explained Danny, “Cybersecurity is the artform of protecting sensitive data; the amount of data flowing and being shared has increased so cybersecurity has to present solutions to mitigate these risks”.

Resilient or crowded market?

Although the industry appears to be resilient, especially during the pandemic with approximately only 4.6% of firms dissolving or going into administration, there is a concern that the market could become too crowded. Danny agreed with this sentiment saying “…the accelerated risk has also meant an acceleration in the number of players entering the market and it’s got very crowded. There are many different propositions out there. What is important is to identify threat vectors, quantify risk, and find solutions that mitigate this risk.”

An adapting workforce

The industry is currently facing, and is likely to continue facing, another challenge in the change in employee working conditions. At the start of the pandemic, many businesses had employees working from home. According to the Office for National Statistics (ONS), 47% of workers reported working from home in some capacity in April 2020, compared to 27% pre-pandemic during 2019, across all industries and roles. This has put an increased reliance on the cloud, which although was an easy transition for some businesses, for larger organisations and government bodies, is likely to have been a challenge.As part of these new working conditions, businesses are focusing on the main risks they are facing, rather than investing in new innovations. Danny talked us through this perspective. “Organisations are generally facing four main risk types; web gateway risks, email gateway risks, endpoint risks (hardware) and wider network risk. There are however many businesses offering cybersecurity solutions that don’t fit with those main risk areas, Chief Information Security Officers aren’t going to want to spend their budget on those solutions. They’d be a nice to have but not a necessity, especially with budget cuts that a lot of companies have been through due to the pandemic”.

Public perception of the cybersecurity industry

A concern surrounding cybersecurity is the perception of the public on the industry and where they get their information from. A report published by the (ISC)² in 2020 found that 37% of respondents got their perception of the industry through TV and films, and 31% said their ideas were formed from news coverage of security incidents. It can be expected that these perceptions formed by TV, films and news coverage are unlikely to be an accurate representation of the industry and the people in it. Many instances of news coverage are likely to be negative occurrences such as businesses having a serious data breach, such as the Facebook hack in 2021.

Employee perceptions

It's not just public perceptions that have to change. Danny explained, “People sometimes see cybersecurity as risky and dangerous. We often hear stories in the news about companies having bad outcomes as a result of an attack. And there are stories of employers putting unfair responsibilities on their employees, making employees less likely to speak up if something goes wrong.”Danny goes on to clarify “To overcome this problem, this system needs to be turned on its head. The employer needs to remove the fear and celebrate the employees who identify possible risks. This will encourage those working within the sector to be more transparent when something goes wrong. And the right employee training needs to sit alongside good cyber tech. At the end of the day, you can only fight tech with tech."

Current challenges within the cybersecurity sector

Getting a foot in the door

One of the current challenges within the cybersecurity industry is that there are a large number of small or micro-businesses offering solutions and they’re competing against larger organisations. In the UK in 2021, it was reported that 57% of cybersecurity businesses were micro (1-9 employees), 22% were small in size (10-49 employees), and only 10% were classed as large (over 250 employees).These small or micro cybersecurity providers need to show that their solution fills existing gaps. Danny talks about this issue “once a company is established within cyber it is hard to displace them.  Similarly, clients will buy products from people they know and have worked with before, meaning that success is not necessarily correlated with how good the tech is. Therefore the “little guys” have to prove their solution is valuable”.

Slow decision making

Unfortunately getting a foot in the door is not the only challenge currently facing the industry – Danny tells us more. “Another thing about cyber is the slowness of the sales cycles. It can take months for someone to make a decision and definitely something any business needs to take into consideration”. For startups, this adds an additional challenge when it comes to cash flow.

New ideas and concepts

Danny goes on to explain that, unfortunately, just because a cyber solution has been created, it does not guarantee success for the business. “Cybersecurity companies can also find it difficult to find a gap in the market. I have found it to be the case that if somebody is not already doing something within the industry, more often than not, there is a good reason for it”. This adds to the existing issues for new businesses trying to enter the sector; either compete within an existing market or try something new which may not be needed.Once a new idea has been created by software engineers or an expert team of research and development (R&D) specialists, the product is then passed over to the sales team. Based on his experience within the industry, Danny tells us “R&D tax credits play an extremely beneficial part in setting up a cybersecurity company. Investors, especially, really like to hear about R&D tax credits as part of the fundraising for a company. When investors see how much you are spending on tech and then see how much you are getting back it gives them instant validation that you are clearly building something valuable. I have found that this can be a significant contributor to the pitch funding process.”We asked Danny to elaborate on his experience with R&D tax credit companies - “We get approached often by loads of R&D companies, but they never seem to fully understand what we are looking for - even the big ones. They focus entirely on the money without having much understanding of the cybersecurity sector or the challenges that cybersecurity companies are facing right now. Kene understands the cybersecurity space and whilst, of course, they optimise our benefits, they go further than this, and understand the wider context of what we are really doing.”

More about Glasswall Solutions

Glasswall is an award-winning UK-based, file-regeneration and analytics, cybersecurity firm and a leading figure in Content Disarm and Reconstruction (CDR). In December 2020, they successfully secured £18 million from investors to continue their expansion.At Glasswall, they recognise that the rate at which malware adapts and spreads means that malicious files can be missed by signature-based cybersecurity products. Hence, the company sets out to alleviate this problem by offering products and solutions that do not rely on signatures or detections and, instead, utilise a series of rigorous deep-file inspections, remediation and sanitisation.