Global Ambitions: Why More EU Cybersecurity Startups Need to Scale Internationally
EU Cyber Builders Challenges and Why the Google for Startups Growth Academy for Cybersecurity Startups Makes Sense
Hello Cyber Builders 🖐🏼
In the dynamic world of cybersecurity, forging ahead often means transcending local markets and venturing into international ones. Today, I'm stepping away from our ongoing series on software and security to spotlight a catalyst for such global expansion: the Google for Startups - EU Cybersecurity program. This initiative isn't just a testament to the vivacity of the European cybersecurity ecosystem; it's a much-needed bridge connecting our homegrown EU ventures to the broad horizons of the international stage.
Join me in exploring why this program isn't merely beneficial but fundamentally essential for EU cyber startups determined to make their mark worldwide.
Challenges Facing EU Cybersecurity
Over the past ten years, the EU cybersecurity ecosystem has witnessed significant growth and maturation. In various areas, multiple teams and organizations have reached a certain level of maturity:
In enterprises, cyber teams - not a single individual acting as a subject matter expert - have formed. It led to the creating of positions such as CISO, Security Ops (SOC Analyst), Risk Manager, etc. Cybersecurity has become a career path where professionals have multiple positions and progress through seniority levels.
The market is now full of specialized service companies able to perform Audits, Consulting, Penetration Testing, and many other services. All significant service actors have a cybersecurity practice.
Hundreds of technological startups were born in the UK, France, Germany, Netherlands, and the Nordics. Early-stage capital is well structured and available for good cybersecurity product teams.
Government agencies have hired hundreds of specialists. The French ANSSI has 600 employees, and the German BSI has 1441 employees. This staffing level enables hiring experts in various fields, developing Threat Intelligence teams, and acting as a high-level consulting group for the public sector (ministries, local governments, etc..)
Although the ecosystem has achieved a certain level of maturity, it suffers from several shortcomings:
If the enterprises have staffed their cybersecurity teams, mid-market and SMBs still have very few resources within their IT teams. Buyers of all sizes are too conservative and reluctant to buy innovative startup products.
Technological startups often focus too much on their local markets and need to pay more attention to the European and international markets, even in the early stages of their development. However, in a technological environment where development speed is crucial and convincing customers take time (there is an incompressible Time to Trust!), thinking globally and building an international company is essential.
Government agencies promote deterministic approaches based on cryptography or hardware security, for example. We have seen this in the previous article on certification schemes (see Understanding the Impact of the EU Certification Scheme on Cyber Builders). Moreover, their actions strongly focus on large corporations and public sectors - protecting the states and less on SMBs and individuals. Lastly, ENISA, the EU agency, is only staffed with 110 employees, which is too few to be able to define sensitive EU-wide regulations.
We need entrepreneurs who think globally and act faster, creating solutions that go beyond the needs of their local users. As buyers, we need to support them in adopting their products more quickly. Public bodies must foster their market with easy-to-adopt (and to understand) regulations.
It will accelerate with AI.
Some would say - I already hear them - that we must take time to “set things correctly.” This thinking highlights a significant misunderstanding of the economics of technology and cybersecurity.
In a market where new threats are discovered every month, and any new technology is creating new cybersecurity issues, speed and capacity to change are the cardinal values.
Artificial Intelligence (AI) is expected to be the top technological subject of 2023 (and 2024 for sure), and it will have multiple implications for cyber attacks. Therefore, it is crucial to develop a cybersecurity capacity tailored to artificial intelligence to evaluate the new vulnerabilities introduced by AI-built new software components. Like databases, programming languages, and application middleware, each tool has specific vulnerabilities that must be addressed, discovered, and remedied. The same logic applies to AI, and as we integrate more AI - LLMs or ML models - in our software, we need to secure AI.
Cyber Builders must act quickly and develop innovative solutions to either leverage AI to tackle the latest threats and cybersecurity challenges or secure AI by limiting AI-built component weaknesses and risks.
Push for Global Reach: Google Growth Academy
Based on these views, I wanted to highlight one step forward in the right direction—a program designed to push EU cybersecurity startups to think globally and scale.
This is the second edition of the Google for Startups Growth Academy: AI for Cybersecurity program. The program is designed to support startups in Europe and the U.S. leveraging AI technology to drive growth and innovation in the Cybersecurity market. With a focus on responsible practices, the program aims to equip startups with comprehensive skills and strategies for sustainable growth. Participants will gain valuable insights into internationalization strategies and have access to a wide range of Google tools and products tailored to their specific needs. The program aims to empower startups to scale their businesses and thrive in the competitive market by providing these resources.
Check out their webpage: Growth Academy: Cybersecurity - Google for Startups.
Learn more and apply before November 12 → https://goo.gle/45k48je
I have no affiliation with Google; neither is Google sponsoring this post. I am covering this program here because it makes sense to help solve the abovementioned issues.
Feedback from previous participants at the Google for Startups
I am not directly involved, so I ask for feedback from some entrepreneurs in the latest cohort. Thanks, Philippe and Joao, for your kind answers to my questions and for providing a quote.
For the founders of CrowdSec, this program has been a place of uncensored sharing with other founders. We have also established high-level relationships with influential individuals in the Google Galaxy, benefited from relevant mentorship advice, and gained a better understanding of our ecosystem. We exit it with new connections, friends, and ideas for our GTM.
Philippe Humeau - Crowdsec CEO (LinkedIn)
With the Google for Startups program, we found founders in our field going through the same issues we at eID Easy had been going through. The selection process is thorough, and Google picks the best in the area. We benefited from the mentors from Google and their network. Cybersecurity is a sector where knowledge sharing in a safe environment is required, and Google gave us exactly that.
Joao Rei - eID Easy CMO (LinkedIn)
The quotes speak for themselves!
Advocating for Substantial Global Scale-up Programs for EU Cyber Builders
We need more programs of this type, where large international companies allow entrepreneurs to quickly confront what it means to be at the scale of a group that covers the entire planet, has tens of thousands of collaborators and tremendous heterogeneity, for whom cybersecurity is always closely related to its activity and business.
I'm not saying that entrepreneurs and EU Cyber Builders should waste time in open innovation programs where they don't know the objectives and whether it will lead to any concrete collaboration. There are too many programs of this type where, because it is valued to work with a startup, collaborators from large companies, often the most recognized ones, can spend time with entrepreneurs, see their presentations, and exchange with them. We need to go beyond this zoo effect where executives meet startups like we would see lions in a cage.
As said, speed is material. EU startups will accelerate with better feedback and more field experimentation.
Radical Candor Is Required.
Entrepreneurs need a true collaboration: in-depth discussion, unfiltered exchanges, real-world tests (not on a test lab), and - most importantly - direct feedback to help them understand which part of their product is exciting and which isn't.
Startups would better know soon that their solution could never be deployed in the company because it lacks a key element, because the company has chosen to address the problem in another way, or simply because implementing it internationally looks pretty complicated.
All these direct feedbacks are gifts for entrepreneurs. The role of security practitioners and IT leaders at large companies is to provide this type of direct, unfiltered feedback without trying to say “nice things” like “Oh, it is interesting” or “very innovative.” If they know they will never order such a product, they better say it quickly and upfront. Entrepreneurs will pivot (e.g. change).
From Collaboration to Acquisition: My Journey with Cisco's Start-Up Program
I was privileged to participate in a similar program in France in 2016, organized by Cisco. This program provided us with an unparalleled opportunity to engage with numerous Cisco executives, not only in France and Europe but also on an international scale. Our primary objective was to validate and implement the solution offered by my startup, Sentryo.
As ambitious entrepreneurs, we seized this chance to establish direct connections with the product managers and the teams responsible for manufacturing industrial routers. This enabled us to gain valuable insights into seamlessly integrating our technology into their devices and collaborating with their skilled engineers.
During these interactions, we shared our vision of embedding security within industrial networks, simplifying cybersecurity measures, ensuring their relevance in critical areas, and optimizing their effectiveness while limiting friction for industrial organizations.
Fast forward three years, Sentryo was acquired by none other than Cisco. Our initial vision is now part of the Industrial IoT portfolio of the Californian global networking leader, helping sustain high growth.
Acquisition is not the goal of startup programs, but it could be one of its outcomes if there is a deep match. It will never happen overnight. Strategic M&A takes a lot of time for people from both companies to get to know each other and eventually decide to work together as colleagues.
Conclusion
As we stand on the precipice of a new era in cybersecurity, the time for European innovation to flourish on the global stage is now. Scaling up within the robust European ecosystem—infused with knowledge, talent, and ingenuity—is vital for competing and leading in international markets. Initiatives like Google's startup program are instrumental, but they're just the beginning.
So, I'd like to call upon fellow European Cyber Builders: let us approach these programs not as mere participants but as visionaries eager to contribute to an evolving narrative. Let's be proactive, embrace internationalization, and leverage every resource available to craft solutions that are not only groundbreaking but also globally resonant.
Together, we can redefine cybersecurity, shape its future, and protect our digital world—one innovation at a time.
Laurent 💚
Would you like more content?
Checkout: https://startup.google.com/programs/growth-academy/cyber-security/
Watch the video below.