The UK announced that they will be dedicating £1.3 million in funding to improve cybersecurity and skills development. This is so that universities, councils and startups receive support in launching cybersecurity training initiatives and bringing in more advanced solutions to the issues faced in this industry, and the tech world as a whole.
Innovate UK will manage the distribution of grants up to £150,000 to help create work environments that are developing and encouraging cyber talent and innovation. This funding follows the recent classification of data centres as critical national infrastructure, that intend to keep sensitive information, such as NHS records and financial data, safe from cyber threats.
How Severe Is The Cyber Threat In The UK?
Cybersecurity is a pressing issue in the UK, with BT Group reporting around 2,000 potential cyber-attacks per second. This figure speaks to the persistent risks faced within online systems, especially in IT, defence, and financial services, which are prime targets for cybercriminals.
A big concern around cybersecurity in the UK is the skills gap. Approximately 44% of businesses do not possess the basic technical skills necessary for effective cyber defence. While it is true that there is a growing need for skilled professionals, the number of job postings in cybersecurity has decreased by 32%. Also, the diversity within the sector remains low, with underrepresentation of women and ethnic minorities in senior roles.
How To Run A Cybersecurity Startup
Industry leaders and experts have taken the time to advise startups on how a cybersecurity startup can be successfully run, what to look out for, avoid and what to implement. Running a cybersecurity startup is not the easiest, and there are a few steps to take when doing so. Its also important as a cybersecurity startup to continuously work on skills development, as a way to close the skill gap currently faced. More from the global experts:
Our Experts:
- Ashley Rose, CEO at Living Security
- Lou Steinberg, Founder and Managing Partner, CTM Insights
- Omer Cohen, CSO, Descope
- Gaurav Banga, Founder & CEO, Balbix
- Philip Gjørup, Co-founder, Nord Comms
- Scott Dylan, Founder, NexaTech Ventures
- Alastair Paterson, Co-founder and CEO, Harmonic Security
- Wes Kussmaul, CEO, The Authenticity Institute
- Andrew Southall, Founding Engineer, SkySiege
Ashley Rose, CEO at Living Security
“In the cybersecurity market, ecosystem awareness and friendliness—achieved through seamless integrations with existing tools and systems—are critical for success. As companies increasingly adopt multi cloud environments, hybrid architectures, and a growing array of security tools, cybersecurity vendors must design solutions that not only work independently but also enhance the value of the customer’s existing investments.
“This means providing integrations across platforms, allowing data and insights from multiple tools to be consolidated, thereby streamlining operations and enhancing visibility.
“Understanding the customer’s ecosystem helps vendors tailor their products to fit within existing workflows, reducing complexity and manual effort for security teams. This approach can drive operational efficiency by enabling customers to leverage automation across their toolsets, reducing silos, and maximising the effectiveness of their cybersecurity posture.
“Moreover, being ecosystem-aware increases customer satisfaction by ensuring that new tools do not replace but rather augment what customers already have. For instance, security platforms like Living Security’s Unify Human Risk Management platform integrate behavioural data from various sources to give a unified view of human risks, without the need for customers to overhaul their existing infrastructure
“In a rapidly evolving threat landscape, this approach not only saves costs but also helps organisations respond faster to incidents by unifying their defense mechanisms under a cohesive strategy. By building platforms that easily integrate with others, vendors can increase the lifetime value of their products while positioning themselves as strategic partners in the customer’s overall security ecosystem.”
Lou Steinberg, Founder and Managing Partner, CTM Insights
“Many cybersecurity startups are founded by practitioners, who have a real understanding of a need or pain point they experienced. That’s a strength that leads to a weakness. Founders assume that the hard part is getting to a product MVP and that sales will naturally follow, so they don’t have a plan to find people who have a desperate need for their solution.
“They sell to their network, but things stall after some early traction. This is because “friends and family” sales are based on the founder’s relationships. Scaling beyond those requires focus, discipline, and an understanding of 3 things:
1) You need to find motivated buyers with a budget. Avoid those who will burn time but never buy, only someone with a burning need is actually motivated to spend money now. How will you find people who will lose their jobs without your solution? Do those people know you exist? If you can’t answer this, stop now and figure out an answer.
2) Sales is a numbers game. A few salespeople are very good, but most aren’t. You won’t know who is really good until after you hire them, so you need enough quota-carrying salespeople to get a few good ones (my rule of thumb is at least 6-7 at once, since the odds of finding a star with 1-2 are low). At that point, a “no excuses” discipline is needed for anyone who isn’t hitting their number. You must turn over low performers to make room for the next set. Budget for a lot of recruiting fees in sales, it’s better than paying salaries and getting no results.
3) Don’t confuse activity with progress. You aren’t trying to get meetings, demos, or POCs (Proofs of Concept), you are trying to get customers. Any deal not advancing through the sales funnel is a problem because the longer a deal takes, the longer it will take. Your advocates change jobs, priorities shift, and budgets get frozen. Time is your enemy.”
Omer Cohen, CSO, Descope
“Prioritising compliance early on and leveraging automation to streamline processes is critical when running and scaling a cybersecurity startup. Organisations should achieve certifications like ISO 27001 and SOC 2 as soon as possible as they provide a strong foundation, making it easier to maintain high standards as your company grows. Achieving these compliance benchmarks early on also helps with go-to-market, as most, if not all, B2B customers will expect vendors to have them.
“Automation also plays a role in continuous compliance, as it allows you to monitor controls and processes efficiently without a large, built-out team. Focusing on these initiatives will reduce the burden of manual compliance checks by implementing a strong operational baseline, and as a result, organisations can focus on driving value and setting the groundwork for long-term success.”
Gaurav Banga, Founder & CEO, Balbix
“A lot of people ask “how do I start a company?” You don’t start a company, you try to solve a problem. Today, cybersecurity is now a data science problem. You have to frame the problem you’re trying to solve around a data problem, and find ways to bring specialised data science into your solution, like AI. Otherwise, you’ll likely find yourself falling behind.”
“The business of entrepreneurship is not without fear. As a founder, you must be prepared to hit what feels like rock bottom and then reach the height of excitement all within the span of hours.”
Philip Gjørup, Co-founder, Nord Comms
“When running a cybersecurity startup, it’s essential to ensure that your team’s communications are as private and secure as possible. A good starting point is using decentralised, end-to-end encrypted platforms like Session, where even the app creators have no access to the messages. This ensures that only your team has access to the information shared in conversations.”
Scott Dylan, Founder, NexaTech Ventures
“Running a cybersecurity startup is no small task—especially in an environment where the stakes are constantly evolving. One of the key things to keep in mind is that cybersecurity isn’t just about protecting systems; it’s about building trust. Clients need to know that their data is safe, and in today’s climate, businesses are only as strong as the weakest link in their security infrastructure.
“When starting out, it’s important to establish a clear focus on your core offering. Are you tackling a specific cybersecurity threat, or are you providing a full suite of services? Early on, it’s tempting to do too much, but you must differentiate yourself from the competition with a clear, focused solution.
“Another priority should be understanding your compliance landscape. Regulations like GDPR and CCPA aren’t just boxes to tick—they’re fundamental to how businesses operate globally. Having a deep understanding of legal and regulatory requirements can become a competitive advantage for your startup.
“Talent is another critical factor. As the demand for cybersecurity skills rises, recruiting and retaining top talent is becoming increasingly competitive. Create a work culture that values continuous learning and innovation, as security threats evolve daily. Upskilling your team ensures you’re always ahead of the curve.
“Finally, invest in partnerships. No startup can survive in a vacuum, and by aligning with other tech companies, research institutions, or even governments, you can scale more effectively. Cybersecurity isn’t just about technology, it’s about creating an ecosystem of trust—whether that’s with your clients, partners, or regulators.
“If you build a cybersecurity company with a foundation of trust, focus, compliance, and talent, you’re not just protecting your clients—you’re building a company with longevity in mind.”
More from Cybersecurity
- How To Root Out Malicious Employees
- What is a System Security Plan?
- How Cyber Attackers Are Exploiting AI
- Ciaran Bunting: A Guide to Best Practice Cybersecurity
- 10 Safest Password Apps And Tools To Protect Your Startup’s Data
- Data Privacy by Design: HiBob’s Approach to Sensitive Information
- Which UK Industries Are Most Prone to Cyber Attacks?
- Insider Threats: What Are They, And Why Are They A Cybersecurity Risk?
Alastair Paterson, Co-founder and CEO, Harmonic Security
“Focus on the problem you are solving above everything else. Too many solutions in our space are tech looking for problems. Sanity check the business case and ensure you are a going to build a product or platform and are not just a feature to an existing one.
“Be mindful that the top of the market is over-supplied with niche products that don’t translate to mainstream markets and never scale. Ensure the company addresses a top three priority for a CISO or they won’t have the time to run a proof of concept or even use the product for free.
“GenAI is a generational change – if you’re not part of it in some way you are missing the next wave. Remember that marketing is critical. Even if you have the best product, there are too many startups and too much noise. You have to work out how to stand out.
“Finally, relationships and trust are everything in security. Treat people well, especially your clients and make sure you have a good name in the ecosystem.”
John Price, founder and CEO, SubRosa
“Running a cybersecurity startup is all about striking the right balance between agility and stability. First, you really have to nail down your niche. Cybersecurity is an incredibly crowded market, and unless you can differentiate yourself early on, it’s easy to get lost in the noise.
“That might mean focusing on a specific vertical, like healthcare, or building a solution that addresses a particular vulnerability, like cloud security or endpoint protection.
“Building the right team is critical. You need technical people who are not only great at their craft but are also problem-solvers who can think outside the box. The cybersecurity landscape is changing all the time, so you want people who are adaptable and thrive under pressure.
“Flexibility is essential because you’ll be pivoting a lot, but you also have to bake security and reliability into your product from the very beginning. You can’t afford to compromise on that, even when you’re moving fast.
“Compliance is another thing you can’t wait on. There are so many data regulations now—GDPR, CCPA, HIPAA, to name a few—that you have to build your product with these frameworks in mind from day one. It’s not just a legal requirement but a selling point for your clients. Showing them that you’ve thought about security and compliance from the start is a huge trust-builder.
“Speaking of trust, that’s the foundation of everything in this business. Cybersecurity is a high-stakes game, and your clients are entrusting you with their most sensitive data. You have to be completely transparent about how you’re handling that data and what your processes are for protecting it. Your reputation is one of your biggest assets, and it can be incredibly hard to recover if you lose that trust.
“Scalability is another important factor. Even if you’re small now, you need to think about how your product will evolve as your clients grow. They’re going to expect that your solution will grow with them, and you need to be ready for that from a tech perspective. Last-minute scrambling to add capacity or new features is a quick way to lose clients.
“Innovation is key. The cybersecurity space moves fast, and you need to stay ahead of the curve. Whether that’s incorporating AI to identify threats faster or adopting more advanced encryption methods, you need to constantly invest in R&D. Lastly, don’t overlook the importance of partnerships.
“Building relationships with other cybersecurity companies or integrating with established tools can help you gain credibility and offer more value to your clients.
“In short, running a cybersecurity startup means being adaptable, focusing on compliance and trust, and always staying one step ahead in terms of innovation. It’s about building a solid foundation while being agile enough to move with the market.”
Wes Kussmaul, CEO, The Authenticity Institute
“Cybersecurity startups should consider that decision makers are shifting to the ABE assumption set and away from the CTBG assumption set.
The foundation of modern cybersecurity has been flawed since the early days of the Internet, built around a single, misguided idea: Catch The Bad Guys (CTBG).”
Andrew Southall, Founding Engineer, SkySiege
“Even in industries as cutting edge as Cybersecurity, the core business fundamentals still matter. The era where investor funding can cover cash flow, low margins and limited revenue streams is over.
“With this in mind, keeping supply lines lean, margins high and avoiding frivolous expenditures will keep your business running where others will fail. Running a streamlined business has another benefit: it drives efficiency into your products and delivery as well. Lean operations don’t have room for bloated offerings with long lead times and huge maintenance burdens.
“Map and automate your product and customer flow and you’ll have the resources in the future for as much research as you like!”
