At last, the Wake-up Call for European Cybersecurity

By Carlos Alberto Silva, Managing Partner, Carlos Moreira da Silva, Managing Partner, and Pedro Carreira, Principal at 33N Ventures as published in Insight Out #28.

 

A burgeoning market

As the cyber threat landscape continues to evolve and expand, only further accelerated by the threats of the war in Eastern Europe and the Middle East, the demand for robust cybersecurity solutions has never been greater.

For readers familiar with the industry, the trends are not new, however the sheer magnitude has been reaching new heights. Morgan Stanley reported more than 1,300 enterprises that have fallen victim to cyber extortion (Cy-X) from June to August 2023, 2.7 times the levels of a year ago. Chief

Information Security Officers (CISOs) have also increasingly reported concerns about Generative AI-Driven Attack Methods that will accelerate targeting corporate employees in an increasingly sophisticated way. As per Morgan Stanley, security software remains the number one priority on the

Chief Information Officer’s (CIO) list, with its priority increasing further in the third quarter of 2023, in counter-cycle with the overall macro-economic environment.

In Europe over the past decade, the continent has experienced a cybersecurity boom, fuelled by the global context, but also by key attractive characteristics of the European market:

• Cybersecurity spending in Europe is growing more than twice as fast as the overall market, reaching 111bn€/year by 2027
• Public defence and security spending has hit all-time highs, and is expected to continue accelerating
• The European Union has historically been among the fastest to respond to the growing threats and emerging technologies by enforcing EU-wide public strategies (case in point is the EU directive about AI)
• The European Union combined employs more software developers than the United States, representing a huge, addressable market

 

A breeding ground for cyber leaders

Europe has also emerged as a thriving breeding ground for cybersecurity start-ups. One such example is Darktrace, a UK-based company that utilizes artificial intelligence to detect and respond to cyber threats in real time. Founded in 2013, Darktrace has quickly become a global leader in cybersecurity, leading to its IPO in April 2021. Feedzai, a Portuguese-American company founded in Portugal in 2008, is yet another testament to Europe’s influence in the cybersecurity industry. Feedzai specializes in fraud prevention and anti-money laundering solutions, leveraging Europe’s deep engineering talent to build its platform, underpinned by top machine learning and artificial intelligence.

Analysts are consensual in identifying common patterns that position Europe as a breeding ground for cybersecurity start-ups:

• Abundant talent: Europe has a skilled workforce in computer science and cybersecurity, thanks to its top universities and research institutions
• Strong data protection regulations: The GDPR and similar regulations promote data security and privacy, driving demand for cybersecurity solutions
• Diverse market: Europe’s interconnected markets expose start-ups to a variety of cyber threats, making it an ideal testing ground for innovative security technologies
• Supportive ecosystems: European cities offer incubators, accelerators, and funding opportunities, fostering the growth of cybersecurity start-ups through mentorship and access to capital at pre-seed and seed stages

 

An opportunity, but with a flipside

Opportunities don’t come without challenges. Today, there are still key factors that hinder Europe from becoming a cybersecurity powerhouse:

• Heterogeneous market across different EU countries, with varying languages, laws, and culture (although acting as a single market on the surface)
• Funding gap at post seed stage, especially from specialized and supportive investors
• Lack of innovation-savvy sales and go-to-market partners, who are glad to support and work with innovative vendors
• Still an early pool of 2nd or 3rd timer founders and management teams, a by-product of being an emerging market that started a few years later than the U.S. and Israel

 

Founders and investors across Europe have, however, found the opportunity where others saw mostly challenges. 33N Ventures was built from the ground up to address these specific challenges. Starting in 2014, the team was involved in backing, turning around and growing one of the first pan-European Managed Security Service Providers (MSSPs). A key move was the consolidation with Luxembourg-based Excellium Services in 2020, a significant step towards becoming a top-5, pure pan-European player, which ended up attracting attention from Thales, who finally acquired the company in 2022. Derived from this expertise, the team simultaneously set out to invest and support what today are flagship cybersecurity SaaS providers such as Arctic Wolf in the U.S. and Feedzai in Europe, backing them from early-stage to pre-IPO.

 

A recipe for success

It is clear today that Europe won’t be a cybersecurity powerhouse overnight and a multi-stakeholder effort is needed. As a specialized investor, 33N is looking to address the European opportunity by providing:

• Domain expertise, namely on identifying key pain points in cybersecurity, the evolving threat landscape, innovative tech approaches and bottlenecks to scaling
• Direct access to market, via a network of CISOs and tech executives with deep expertise in key domains across cyber, while at the same time regional networks in key areas in Europe
• Indirect access to market, via a network of resellers and services partners across key regions in Europe

 

Corporates with strategic interest in cybersecurity have also seen benefits in collaborating with innovative vendors and specialized investors. One of the largest Iberian banks, for example, took a strategic position in 33N’s fund, contributing not only with a sizeable investment but also appointing a member to 33N’s Strategic Committee. Such collaborations bring valuable insights to 33N into the needs of a major player in the financial industry, while reciprocally magnifying the bank’s insight into the cybersecurity ecosystem and access to innovative vendors through 33N’s network.

Pan-European service providers also play a significant role in the adoption of innovative cybersecurity solutions. Christophe Bianco, co-founder of Luxembourg-based Excellium Services, reinforces this view on the European opportunity: “Europe has great potential to become a leading powerhouse in the global cybersecurity market, in line with the U.S. and Israel. Specialized service providers and investors are crucial partners in this endeavour, partnering with emerging vendors in an increasingly challenging cybersecurity landscape.”

We certainly expect the European defence, security and in particular, cybersecurity, to catch up quickly with the maturity of more advanced ecosystems. The answer will lie in making the most of the existing strengths, while benefiting from the right ties to advanced markets, such as the U.S. and Israel. 33N is absolutely committed to heavily contributing to this.