Europe Gets A Cyber Security Incubator

London’s — and Europe’s — crowded startup accelerator scene is getting a new addition. Not fintech-related, this time. Rather the focus is cyber security.

The Cyber London (CyLon for short) 12-week program, has been co-founded by Alex van Someren of VC firm Amadeus Capital Partners, who previously founded U.K. cryptography company nCipher and has advised the U.K. government on various tech issues; along with Jonathan Luff and Grace Cassy, co-founders of strategic technology consultancy Epsilon Advisory Partners, who also bring foreign and security policy experience to the table, including working with No.10 Downing Street.

CyLon’s program will be managed by the Ignite accelerator, and is being run as a not-for-profit, financed by a variety of sponsors — including Amadeus and Epsilon; along with global hedge fund Winton, and international law firms Freshfields Bruckhaus Deringer; and Fried, Frank, Harris, Shriver & Jacobson — none of whom will be taking equity in the selected teams.

So this is about proximity to promising security startups to help with deal flow in the case of investors, and the chance to pick up future clients in the case of the legal and consultancy firms. Although Luff stressed there won’t be any limits placed on the startups in terms of who they can or can’t work with.

CyLon also has an advisory board to help steer the program. This has two members at launch: namely Passion Capital’s Eileen Burbidge, and Jon Bradford, MD of the Techstars London incubator program.

Passion Capital has some skin in the security game already, via b2b cyber security portfolio company Digital Shadows. Burbidge also has a personal interest in security, with a private investment in secure messaging app Wickr. She’s been banging the drum for the U.K. to do more in the security space for a while now — putting her mouth where her money is, and vice versa.

The criteria for choosing teams to enter the CyLon business bootcamp are being left “quite broad”, according to Luff, to maximize interest and help establish the program. “We are defining this as ‘cyber and information security technologies or products’. That is quite deliberate because we want to encourage a good number of people to take an interest in the program and to apply,” he told TechCrunch.

Startups selected to go through CyLon will get £5,000 to cover their living expenses, and be based in a 4,000 sq. ft. co-working space provided by Winton in Hammersmith, West London.

“We are going to be looking at applications over the next month to six weeks and we’ll be looking for the kinds of things you would expect from a strong accelerator and an incubator program: people with interesting ideas in interesting areas, able to demonstrate that they’ve got the skills required to develop those ideas,” Luff added.

He said they expect to take about 10 startups in the first intake, and are looking to run two programs per year. Financing from the program sponsors has been secured for one year at this point, and they’re not yet looking beyond that at this point — intending to see how CyLon runs in year one.

“The idea is to start relatively small,” said Luff. “We want to have the broadest possible field of applicants. So part of the way it’s been set up, the fact we’re taking no equity, the fact it’s being run in the way it is, is intended to give the largest number of relevant teams the opportunity to apply. But I’d be surprised if there were more than 10 teams in the initial program.

“The not for profit thing is because we want it to be a platform for the best possible participants. We recognize that it’s not a horizontal project where you’re just out there looking for the best possible commercial startup, and where you’re taking an equity stake in that business with a view to a big upside. This is rather different… We want to have a kind of level playing field,” he added.

Security rising

CyLon’s launch PR claims it as “Europe’s first business accelerator program and incubator space dedicated to developing and supporting cyber security startups”. Luff said the timing is right for this to happen because of how Internet security issues have generally been propelled up the agenda — for consumers and businesses alike.

“Most people now are far more aware of this issue and its importance,” he told TechCrunch. “Not just as an economic, commercial opportunity of its own, but the important bit — its importance in relation to the wider economy, and the impact that good cyber security, good information security will have for an increasingly digital economy — I think that awareness has grown very rapidly, recently… It’s an initiative whose time has come.

“With an increasing amount of our personal and professional and commercial interactions taking place online there is, both from businesses and individuals, a much greater appreciation of the need to understand how these things work and to have access to good and user friendly technologies to help people operate in a secure way. And I think the U.K. is really well placed to develop those technologies and those services.”

“There are some good vertical [security] programs that I am aware of in other parts of the world but they’re not structured in quite the same way that this one is,” Luff added. “There’s Mach37 in Virginia, and there’s a program in Israel but again run with a different structure. We’ve tried to put together the right team and structure for the U.K., and I think the U.K. leads the field in Europe with respect to this area of technology.”

Why should security startups come to London? Being located within a global financial services hub is of course one potential draw, with banking companies obvious targets for selling encryption and other security tech innovations.

U.K. government intelligence agencies also evidently have money to spend on security. In a speech yesterday setting out economic priorities for the South West region of the U.K., the Chancellor George Osborne said the government wants to create what he dubbed “an arc of cyber excellence” from the headquarters of the GCHQ intelligence agency at Cheltenham, through the cities of Bristol and Bath to Exeter — with the aim of “making the south-west a world leader in cyber security services”.

“I can tell you today that GCHQ are investing £3 billion over 9 years into developing the next stage of national cyber intelligence. They’ll work with hundreds of small businesses, strengthen their existing ties with leading south-west universities, and recruit hundreds of new cyber specialists to work across this regional cyber arc,” Osborne added.

So there could be a substantial amount of U.K. public money earmarked for “cyber intelligence” tech in the coming years, depending on whether the next government agrees with these investment priorities — a portion of which will apparently be up for grabs by relevant startups.

Push and pull

However there are some strong cross-currents pushing in the opposite direction too, given those same U.K. intelligence agencies are conflating national security with dragnet digital surveillance. Last year the head of GCHQ warned publicly about the ‘dangers’ to national security posed by Internet companies’ use of secure communications — effectively making an appeal to them not to use end-to-end encryption.

More recently, the current U.K. Prime Minister, also suggested he wanted to ban encryption or else coerce Internet companies to build in backdoors for spooks to access user data. So the highest levels of the U.K. government have been calling for cyber security to be diluted at source. That, surely, will give some startups working in this area pause for thought when it comes to bulding a credible cyber security business in London.

Trust and credibility in the security space are paramount. And other more security-minded European locations are available (thinking of Berlin, for instance, with Germany’s robust attitude to security and privacy; or Switzerland, which enshrines a right to private email and communications in its constitution). Unless of course you’re planning to sell your cyber security service to GCHQ…

Luff declined to comment when asked specifically for his views on Cameron’s attacks on encryption, but made some general comments about setting up a security incubator in the UK. “We’ll test whether there is an appetite for these kinds of technologies and companies developing here,” he said, adding: “We’re really confident that there’s a lot of talented developers and early stage companies producing technologies that are designed to support and secure people operating in a digital economy, digital landscape.”

CyLon taking a broad approach to what it wants to incubate is probably going to help, given that an umbrella label like ‘cyber security’ can contain and refer to multiple different technologies and services. And indeed, might even encompass technologies that could be utilized by intelligence agencies to gather signals data with the apparent goal of bolstering national security — at the same time as robust encryption systems that are aiming to do the opposite: i.e. keep eavesdroppers out.

The U.K. evidently has powerful organizations with money to spend in both of these ‘cyber security’ camps — but whether one side of the coin erodes business developments on the other remains to be seen.

“Your point’s a reasonable one,” added Luff, when I point to this public-private disconnect. “I think it’s right to ask that question but I really think there are so many advantages for a technology company to operate in the U.K. and to operate in London that I’m confident we’ll see lots of talented teams coming through the program.”