What does this mean for the UK?
UK security firms have featured by their absence from the latest Cybersecurity 500, a recently set up global listing of the “hottest” firms in a booming sector. So far, only eleven come from Britain.
Launched last October by an Californian marketing and research outfit, the Cybersecurity 500 is intended as a picture of the industry based on the recommendations of a range of experts including CISOs, VCs, security professionals and even journalists encountered at global security events and during research.
Although firms can’t buy their way on to the list per se, they can buy one of several dozen ‘positions’ near the top of the list for a year’s duration, an important point to bear in mind when reading it. How many took up that option remains confidential.
The February ranking (monthly updates are promised) has FireEye in top spot, ahead of Moka5, with AlienVault, Norse, Easy Solutions, Splunk, Lancope, Narus, Veracode and CyberArk rounding out the top ten in that order.
In an industry often seen as built around large anti-virus and infrastructure firms such as Symantec, Trend Micro and McAfee, this is an unexpected list of names some not that well known. As it happens, Trend sits in 13th spot, McAfee (Intel Security) at 34 and Symantec at a lowly 159.
The firm behind the Cybersecurity 500 explains that the intention was to create a list of firms worth watching rather than simply reflecting size and revenue. It repeats that none of the companies listed paid anything simply to be included.
This, of course, is what makes such listings interesting – they eschew conventional and sometimes misleading measurements tilted towards what was successful in the past.
The overwhelming majority of the 500 are US-based firms even if a handful (Check Point, ESET, Cyberroam, Radware and Tufin) are really non-US firms with US subsidiaries. The US domination of ‘hot’ security and startups is still noteworthy.
The UK appearance would fit on the back of the proverbial cigarette packet, if such measures still count, and runs to the following firms: BAE Systems, Avecto, Boldon James, Mega AS, Protectimus, Sophos, Digital Shadows, BT, Acunetix, and Burp. The highest placed is Swivel Secure at number 197 with the other nine all at 350 or lower.
Meanwhile, Czech anti-virus firm AVG appears in 12th place, just ahead of Japanese firm Trend Micro in 13th place, Italy’s DFLabs in 17th place, Finland’s Codenomicon in 24th place, and Russia’s Kaspersky Lab in 31st place. By this measure, the UK is barely tepid never mind hot. Or perhaps it is simply that not many of them were willing to pay for a more prominent position.
One can always quibble with the judgments of a single list's methodology based partly on ‘buzz’ with an unknown number paying to be far higher up than they would otherwise be. There will be sceptics galore. But the absolute numbers of UK firms and the composition of the list as a whole is still interesting.
"We recognize the UK as one of the global leaders in cybersecurity innovation" said Cybersecurity Ventures founder and CEO, Steve Morgan, when contacted by Techworld.
"The UK has a rich ecosystem of cybersecurity product vendors, service providers, event producers, and media firms - and we are expecting substantially further representation of UK cybersecurity companies on the Cybersecurity 500 in our monthly editions coming up," he said.
The monthly nature of the Cybersecurity 500 allowed adjustments to be made to reflect new UK entrants, he said. Time will tell how seriously the list is taken by an industry short on even subjective measures of significance. But it’s a good bet that startup CEOs and their investors in particular won’t complain if they make it into the 500 at some point.
What is your take on this recent revelation?