In cybersecurity, France distinguishes itself through many innovative ventures. However, these players struggle to grow independently of large groups or foreign investors. How can innovation be stimulated, and how can these players be helped to develop better?
Small players innovate and big players follow. This well-known saying also applies to the field of cybersecurity. France has no shortage of innovative players with significant potential for development. Yet, at the level of the country and the continent, we struggle to support these promising start-ups and enable them to access the funding they need to grow. They face all manner of difficulty, above all in addressing end users. In most cases, American or Israeli giants take over innovative players to ensure, with more or less suitability, that the concepts promoted are marketed.
Playing in the big league
Based on this observation, it is saddening to see Europe missing out on the strong potential for development that cybersecurity represents. Indeed, if financial analysts are to be believed, the global cybersecurity market is constantly growing. In 2004, it was worth $3.5 billion. Between 2015 and 2020, its worth is projected to go from $75 billion to $170 billion. Moreover, according to Dow Jones VentureSource (a database that consolidates companies having received funds worldwide), a dozen cybersecurity start-ups have each raised $100 million or more since 2014! Even so, money is not everything.
What is keeping us from carving out a piece of the lion’s share for ourselves?
This was the subject of a round table that I had the honour of facilitating during the latest edition of the FIC. Facing me were Alain Bouillé, President of the Experts’ Club in Information Security and Digital Affairs (CESIN); Philippe Gaillard, head of Fonds Cyber Capital; Christophe Pagezy, co-CEO of the start-up Prove & Run, which received the FIC 2017 Innovative SME Award; and Alexis Caurette, Vice Chair of the European Cyber Security Organisation (ECSO).
Ideas, but difficulty accessing the market
What were the lessons to be learned from the discussion? Many players in France and Europe are inventing « disruptive » technologies or uses and innovating in the field of cybersecurity. While they have ideas and mastery of technological and R&D challenges, these start-ups and SMEs most often struggle to access the market or the funding they need. In order for their ideas, and more generally their business, to survive, usually they must hand over their innovation to large groups or investors established outside Europe and in a better position to make the most of them…or not. Often, the future of these ideas depends on the priorities and financial interests of their buyers.
Start-ups and SMBs need purchase orders!
The fact is that there is a space to allow these ideas to advance differently. To achieve this, the existing ecosystem consisting of start-ups, SMEs, investors, users and institutional support must function better. There are funding solutions such as the French Research Tax Credit (CIR), BPI France assistance… Some specialised investors such as Cyber Capital are also prepared to take risks. There are also accelerators and incubators within large groups (Michelin, Cisco, BMW…) as well as dedicated accelerators and incubators such as Axeleo. Everybody will find an interest in talking to each other.
End clients or buyers of cybersecurity solutions must also be able to take risks and learn to work with and trust start-ups and SMEs by giving them a chance to test and develop their solutions in full collaboration. Currently, despite the efforts made (for example, « business pitch » presentations of solutions by Hexatrust players to CESIN participants) and a few large groups acting as facilitators, large groups and administrations do not play the game enough when they have the opportunity. SMEs are capable of offering solutions tailored to the needs of French clients, unlike large technology companies, which offer « off-the-shelf » products and have trouble customising their product according to the needs of the domestic or European market. It is no secret: start-ups and SMEs need clients and orders. However, they also need partners and integrators capable of helping them to improve their solutions. Often, for a major end client, the risk is limited and the benefit may be considerable in terms of innovation.
It is clear that the beneficiaries of cybersecurity solutions today are lost, both in the deluge of technological solutions available on the market and set up within their organisations, and in the successive take-overs of small and large companies by large American or Israeli groups (for example, on the cloud access security broker [CASB] market in 2016). It is also important for suppliers of cybersecurity solutions made in France to take the time to better understand the needs of CISOs.
Investing from Europe
If a start-up has one or more clients, it should be able to access investors and funding more easily. Obviously, this must not prevent European venture capitalists from fulfilling their role and identifying ideas with strong potential very far upstream to better support their development. Europe still lacks funds to support launching ideas to allow them to flourish.
European institutions, through the assistance and support programmes that they implement, also have their importance. Innovative companies, clients and even investors could undoubtedly support even more joint projects as part of Horizon 2020, a uropean Commission programme for research and innovation.
Towards a virtuous ecosystem
In any case, a framework of trust must continue to be developed between these stakeholders at the level of the European Union. This virtuous ecosystem will allow champions to emerge. The independence of our market with regard to cybersecurity issues and our digital sovereignty are at stake.
Initiatives such as that of the ECSO constitute the impetus required to develop this dynamic. Future european regulations will probably also help to get a european badge of trust to « get off the ground. »
The last barrier also concerns the European Union and has to do with the market itself. At the level of the continent, cybersecurity players face a highly fragmented market. In this context, it is essential to effectively implement a single economic and digital market. This market is needed to allow young ventures to grow and reach a critical size, but also to allow the investors who help them to exit at the right time — to be able to better reinvest in other start-ups, thus completing the circle.
In order for solutions to be better rolled out at the level of our market, all players in the ecosystem — start-ups, SMEs, capital ventures, customers, the ECSO… — collectively have a role to play. It is a matter of learning and growing together.
Written by François Gratiolet, founder of BUSINESS DIGITAL SECURITY, a strategy and marketing consultancy, following the round table « How to Stimulate Innovation and the Development of Cybersecurity Start-ups » at the FIC 2017.