Entrepreneur Dan Brett got involved when he heard GCHQ was launching a centre for start-ups near its Cheltenham headquarters
Security expert Dan Brett got involved in the cyber initiative when he heard GCHQ was launching a centre for start-ups © FT Montage

At 44 years old, Dan Brett is not a typical candidate for a tech accelerator. However, after a decade spent developing cyber security technology for banks, the entrepreneur threw his hat into the ring when he heard GCHQ was launching a centre for start-ups near its headquarters in Cheltenham.

“I’m not your young, sexy start-up hero,” said Mr Brett, who participated in the UK government’s accelerator programme last year and is working on a project to lure hackers into internet-based traps.

“But cyber crime is increasing and this scheme gives such good access. It’s like someone has been slowly boiling a big pan and it just gets hotter and hotter.”

At the accelerator, intelligence officials from GCHQ, the UK’s electronic intelligence service, and the National Cyber Security Centre (NCSC) meet coders over coffee and share complex cyber security puzzles — although many do not share their names to maintain anonymity. The start-ups develop solutions and are introduced to investors who could help them take their ideas to market.

Cyber security is seen as an increasingly important issue in the UK following the large-scale Petya and WannaCry attacks, and a number of serious data breaches at the NHS, TalkTalk, Yahoo and Tesco Bank.

Research from FireEye, a US-listed cyber security group, shows the UK was the target of one in eight malware attacks in Europe between January and September of last year, with only Germany and Belgium facing more attacks. This is due in part by the UK’s status as a centre for finance, manufacturing and technology.

As a result, the UK government has ramped up its investment in cyber defences and increasingly turned to the private sector for ideas.

The NHS became the victim of a global ransomware attack in May
The NHS fell victim to a global ransomware attack in May © PA

In 2015, then-chancellor George Osborne unveiled a five-year plan to invest £1.9bn in cyber security — more than double the UK’s previous programme — and create the NCSC.

This year, the start-up accelerator Mr Brett took part in will span nine months instead of three, and the UK government plans to open a second accelerator in London later this year.

The expansion marks a new approach from intelligence services, which have in the past refused to share information about cyber crime with private businesses.

Matt Hancock, digital minister at the department for culture, media and sport, said the idea behind the initiative is to give software engineers direct access to information about virulent international cyber crime so they can help develop fixes.

The new National Cyber Security Centre at Victoria in London
The new National Cyber Security Centre in Victoria, London © Nick Ansell/PA

“The [accelerator] has one foot in the secret side of the government and one foot in industry, so it can participate in the world,” said Mr Hancock. “There’s space for entirely private solutions.”

Some companies have welcomed the change after years of lobbying for more access to information about cyber threats.

“Government funding won’t be adequate [for start-ups],” said Kris Hagerman, chief executive of Sophos, the Oxfordshire-based cyber security group. “But any effort on the part of the government . . . to share information more effectively and to create an environment where it’s easier to start companies and easier for those companies to get running, is welcome.”

Other industry veterans have argued the NCSC has yet to prove it can understand the difficulties for businesses, which are reluctant to plough money into technology they do not understand.

“The principle is absolutely right. Some of the best technical innovations come from very smart people in very small numbers,” said Brian Lord, former deputy director for intelligence and cyber operations at GCHQ and now a managing director at Protection Group International. “But the NCSC probably doesn’t have the level of commercial acumen to work out the private sector.

“It has about two years to demonstrate that it has the capacity to defend UK industry otherwise it is just a white elephant,” he added.

Mr Brett agreed, saying more private investment will be crucial for start-ups.

“There is no cyber specific venture capital investment in the UK,” Mr Brett said. “They’re all a bit wary at this stage.”

Get alerts on Cyber Security when a new story is published

Copyright The Financial Times Limited 2022. All rights reserved.
Reuse this content (opens in new window) CommentsJump to comments section

Follow the topics in this article