BAE Systems Spins-Off SOC.OS
An Easy Decision
It is exciting when a leading supplier of cybersecurity systems like BAE Systems leverages its market insights, product development know-how as well as quality and security processes to invest in building a SaaS solution specifically to help mid-sized companies manage their security posture and response capabilities.
SOC.OS delivers trusted, big-company Security Operations Center (SOC) capabilities for companies with restricted budgets who are working to improve their cyber maturity levels. Upon launch, it had already been embraced by a strong customer base of UK firms to rave reviews. This has only been made possible due to the extensive time and effort that the SOC.OS team continually invests in understanding the specific and ever-changing security needs of its customers and using this info to build and iterate their product.
Just as a shop owner would never think to not have a lock on the door, comprehensive cybersecurity solutions are no longer optional business expenses — but instead, necessities for long-term survival.
The story became even more exciting when we learned that part of the plan for this product and team involved gaining support from investors. We jumped at the opportunity.
Mid-Market Security as an Evergreen Investment
The security solutions market is large, growing, and has dynamics and incentive structures that make it difficult to see how this market might shrink, let alone disappear.
- In 2017 alone, cybercrime cost the world $600B in 2018, up from $445B in 2014, and estimates for the Value at Risk from cybercrime over the next 5 years are $5.2tr.
- On the demand side, estimates on the global market size for information security range from $170bn to $134bn in 2022 (~10% CAGR).
In the enterprise segment, companies have developed advanced AI and machine learning solutions to aggregate, analyze and correlate security alerts from multiple systems across their IT environments (firewalls, endpoint security, anti-virus, cloud security brokers, etc). The results are then triaged for reporting, alerting and response initiation. These solutions are complex and costly for enterprises to deploy — and clearly out of reach for smaller companies.
The battle of defending against and responding to malicious activity across the digital estate remains constant.
As such, there are very few realistic and economical options available to under-resourced security teams that enable them to perform the tasks needed to be more informed and efficient, such as:
- Quantifying security risks
- Managing security alerts
- Integrating and coordinating security tools at all levels of the kill chain
- Tracking performance of the different security technologies
Tapping into the Lucrative Mid-Sized Security Market
While smaller businesses often face the same cyber threats that strike large companies; and with small and medium enterprises (SMEs) representing 99.9% of all private enterprise in the US, about 50% of the private workforce and more than 40% of GDP, the potential economic benefit of a well-protected economic base of SMEs is hard to underestimate.
The 72% of these companies that suffer cyber attacks will spend an average of $1.2m dealing with the aftermath. This constitutes a disproportionately weighty burden on their bottom lines. No wonder they consistently rank cybersecurity as one of their top three priorities.
Up to this point, the issue has been exacerbated by overburdened, internal IT or security staff working with old systems and being forced to monitor multiple dashboards and screens while simultaneously trying to analyze 100s — if not 1000s — of separate alerts every day. In fact, citing lack of personnel, budget and skills, only 30% of teams rate their security posture being “very high”. The current state of affairs is clearly not sustainable and certainly not secure.
SMEs have recognized that their success is, in no small part, dependent upon their ability to draw comprehensive security insights from tools spanning a variety of devices and cloud services. Only then can they engage in a more efficient process of data triage, interpretation and presentation that will empower teams to confidently make decisions that will not only mitigate risk, but also improve overall operations.
Bringing Together Superior Experience and Talent
At Speedinvest, we have seen strong inbound in security startups across Europe. Many of them focus on protecting the growing attack surface created by more connected and distributed endpoints. Part of our thesis around security is:
- The application of AI is required to fully reap the benefits of the exploding amount of telemetry/data that is available from mature security devices/systems.
- There is a huge opportunity around intuitive and easy-to-use tools for “security citizens” in smaller companies primarily.
With this in mind, we are happy to be teaming up with Hoxton Ventures to support SOC.OS along their journey. We are very impressed not only with what the team has achieved so far, but also with their continuous focus on customer feedback and ability to deliver additional value with every release. The energy in the room when the team talks about helping their customers is palpable.
Exciting Growth Potential
Now that SOC.OS stands on its own feet, the task ahead is clear. The goal is to grow beyond the initial cohort of enthusiastic customers in order to move to service the UK’s expansive medium enterprise market, as well as scale internationally into the US. An ambitious goal to be sure, but just as a shop owner would never think to not have a lock on the door, comprehensive cybersecurity solutions are no longer optional business expenses — but instead, necessities for long-term survival.
Read more from BAE Systems