by Matthew Jacobs

How to drive value in cyber security businesses

Successful cyber security businesses, such as Livingbridge investee Adarma, recognise their role as growth enablers, argues Matthew Jacobs.

In an environment where the World Economic Forum now lists data fraud and theft as one of the five biggest risks facing organisations globally, everyone wants good cyber security. No wonder the sector is running hot, with sales growing at more than 20% a year and generating increasing M&A activity; Orange’s purchase of the UK’s largest independent cybersecurity service provider, SecureData, in February was just the latest in a series of cyber security deals.

However, there’s a problem. Cyber security is a relatively new discipline and the industry has yet to reach full maturity. At this early stage, identifying the most likely winners is extremely difficult, particularly as the potential of rival technologies and solutions is hyped up. Amid the jargon, it’s often far from clear what individual businesses are actually selling. Even for chief information and security officers (CISOs), making smart strategic choices about where to invest in cyber solutions is demanding. Deal makers, including private equity investors, must therefore tread very carefully: there is real potential to mis-price assets.

The challenge for both groups is to get to grips with what good looks like in cyber security: to identify those businesses best-placed to protect organisations both now and in the future.

In search of good

In practice, the best cyber security businesses recognise their role is to support growth, rather than to get in the way. Their work must be both technical, providing the robust cyber security that organisations need to detect and deter bad actors, but also commercial, based on an understanding of business needs.

The natural instinct for any organisation considering the cyber security threat is to move towards “lock down”, protecting the business at all costs. But this approach is almost certain to slow the pace at which the business is able to pursue its strategic ambitions – or at its worst forces creativity and innovation to grind to a halt.

Livingbridge invested in Adarma, an independent security services company, earlier this year precisely because it recognises the twin imperatives of robust protection and support for growth and innovation.

Founded in 2008 and recently ranked as one of the UK’s fastest-growing technology businesses, Adarma is a managed security services provider. It already works with a significant number of FTSE 250 businesses – its 20 largest clients have combined annual sales of more than £150bn – offering security consulting and solutions such as security operations centre design and management.

Crucially, in addition to addressing all the control gaps in a business that might leave it vulnerable to cyber attack, Adarma focuses on understanding the organisation’s commercial ambitions. It believes enhanced security can help a business to realise its objectives rather than frustrate them.

People over process

Successful cyber security firms such as Adarma consider themselves a people-driven business rather than a tech business. While their technical expertise, including access to the most sophisticated security solutions, is vital, they also have to be able to build committed and engaged relationships with their customers.

Communication is a key skill in this regard. In addition to being technically proficient, advisers must be able to articulate their strategy and solutions to their clients – not least to help CISOs build the business case for cyber security investment with their own boards. The ability to set out that vision through the lens of the organisation’s commercial goals – the most likely route to securing C-suite engagement – is not a skill that every cyber security business possesses.

Clients will increasingly demand this approach to cyber security. Research suggests that more than half of businesses in some sectors now regard information security as an integral component of their business strategy. Cyber security businesses unable to work in this way – to be enablers, rather than blockers of growth – will not meet their customers’ needs. Those that can are likely to benefit from rapid growth and will be extremely appealing to private equity firms and trade alike.

Please get in touch on if you’re interested in finding out more about funding and where we’ve helped cyber security businesses in the past.

left motif right motif