Five Challenges Facing Security Startups

Not every security startup makes its founders multi-millionaires. For every billion-dollar success story, thousands of companies will develop security products you will never hear about, let alone buy. There isn’t much specific data about security startup failures, though around 90% of technology startups fail within the first three years, regardless of funding.

The odds are stacked against every new business, especially tech startups. However, by getting just five key elements right – leadership, staffing, product differentiation, engaging the market, and launch timing – a startup maximizes its chances of future prosperity.

A strong leadership team provides a solid base for growth. Founders must be cognizant of their own strengths and weaknesses and make tactical hires to fill skills gaps. With security engineering skills likely covered, the gap is usually business acumen, and that can easily be plugged with a seasoned entrepreneur.

When Eric Schmidt joined Google he was the ‘grownup’ needed to provide structure and bring investors onboard, propelling it forward. Security leadership teams need a blend of product development, sales, marketing and people skills to complement technical expertise.

Building on Strong Foundations

Many startups grow organically and steadily over time, while others expand rapidly with direct investment to exploit a market opportunity. Recruiting staff who share the founders’ vision, are prepared to work long hours, and can adapt to the changing demands of a fledgling business is no easy task, but is crucial for strong growth and preservation of the culture the founders instill in the company. 

Once the talent is onboard, the business must lock it in, keep employees engaged, and give them the responsibility and freedom to contribute towards company goals. Shedding those who don’t contribute is harsh, but startups cannot afford to carry extra weight.

To ensure availability of talent, especially those with niche security skills, location is an important factor. Much of the UK’s technical security expertise is based in and around Cheltenham, due in no small part to the GCHQ connection. Basing a fledgling business elsewhere may require flexibility around remote working.

A World of Difference

Differentiating a product from the competition is key. Incumbent security suppliers have a terrific advantage over newcomers because, unless there is a strong reason to change providers, the status quo endures. Security doesn’t lend itself well to ‘killer features’ and most security product features are anything but exciting.

However, the killer feature that allowed VHS to triumph over Betamax in the videotape wars was simply a 120-minute tape length, which was long enough to store a full feature film and therefore the clear choice for video rental businesses. It doesn’t have to be revolutionary, it just needs to solve a problem current offerings do not address, or solve the same problem more efficiently.

"Eric Schmidt was the ‘grownup’ needed to provide structure and bring investors on board, propelling [Google] forward"

Startups need to know and engage with the market by regularly asking themselves three questions: What are we offering? What does the market want? Can competitors pivot to do the same?

Startups cannot afford to waste time and funds developing products that the market is not willing to buy. This means having an intimate understanding of the security marketplace, the value of the market segment being targeted, and the shortcomings of competitors. Pre-empting the competition and their ability to evolve (or duplicate new ideas) is imperative.

A Two-Way Conversation

It is greatly important, however, to be able to communicate to the market about the product and what it can do better than any other security solution. Established players spend millions on marketing and advertising while startups must compete (in comparison) on a shoestring budget. Startups must use social media to engage the community, and provide thought leadership to generate ‘buzz’ and demonstrate their security credentials.

An online presence is however no substitute for interacting with the security community face-to-face and listening as well as talking.

Security products must function properly from day one and problems in a production environment can destroy confidence among early adopters. The first to market certainly has an advantage, but this should not be at the expense of a quality product. It must be thoroughly tested, piloted with multiple customers for detailed feedback, and revised before launch. Extra functionality can always be added later. Above all, the software must never become a security issue itself due to sloppy coding!

While the failure rate is high, there is no reason to abandon all hope. Financial investment is eventually key to company expansion, especially into the lucrative US market, but startups joining the playing field also benefit from the support and mentoring provided by the UK’s accelerator and incubator scene. Not that this alone guarantees success and riches, nothing does, but it may at the very least allow security startups to ‘fail fast’ or ‘fail better’, as folks in Silicon Valley like to say.

As long as lessons are learnt and applied the next time, there is no shame in failure.

What’s Hot on Infosecurity Magazine?