Despite the red weather warning from Storm Emma, a group of cyber security leaders and start-ups gathered to a roundtable evening amidst the snowy scenes. It's safe to say that there has always been a degree of healthy friction, both culturally and operationally, between large organisations and start-ups and the two don't always see eye-to-eye.

However, encouraged by an evening of fine food and wine as well as lively debate led by Stephen Bonner (Cyber Risk Partner), we sat down for what turned out to be long evening which ended just shy of the time our carriages turning to pumpkins. In addition to the food, we were there to chew and digest two over-arching topics in the security industry and the intersection between them for large organisations and start-ups.

  1. Users: How can users be empowered from the perspective of large organisations and start-ups?
  2. Innovation: How can large organisations take advantage of the innovation and pace of start-ups; how can start-ups engage effectively with large clients?

Starting from these two topics, the evening's discussion centred around six themes:

  1. The best way to engage users through technology.
  2. How to objectively assess the array of technologies which do the same or similar things.
  3. To be more successful, start-ups could use their agility to better understand clients' businesses and their drivers.
  4. Tools from start-ups should work seamlessly with a client's existing infrastructure investments.
  5. How to keep abreast of security frameworks and standards and how these can be implemented with technology.
  6. AOB.

Theme 1: All three start-ups who attended the evening stated that their products aim to assist - with machine learning algorithms - rather than inhibit user activities. Their goals are to protect users from doing potentially harmful things, as one start-up stated, their aim is to teach users how to 'lock their doors'.

Theme 2: There is a wide selection of products that perform the same functions, and four of security leaders at the table emphasised the importance of identifying the right products objectively. In an environment awash with products, even leaders in the field are sometimes left scratching their heads.

Theme 3: Five of the security leaders provided the following advice to start-ups: to be successful, start-ups need to understand their clients' business and drivers, as well as show a willingness to be part of a bigger mission. One of the security leaders, who has just formed a new partnership with a start-up, described the security environment as a puzzle with holes, which are used by adversaries. If start-ups can fill these holes and grow, they will get buy-in from enterprises.

Theme 4: Two security leaders, from two different industries, emphasised the importance of product compatibility with the existing infrastructure investments in large organisations. In their view, this is far more important to them than a start-up's ability to scale.

Theme 5: Two security leaders from highly regulated industries raised the issue of governance, risk management and compliance (GRC) and how to keep abreast of an increasing array of frameworks and standards. This is an issue for large organisations, and specifically with how to find technologies to assist with implementation, to ensure organisations are compliant with local and international jurisdictions.

Theme 6: The best accolades for start-ups come from their clients and investors; in fact, the clients are the best investors and revenue is key. Start-ups need to clearly and succinctly describe their products and how they solve pertinent issues for large organisations, and then deliver. The most successful companies have products that quickly deliver quantifiable benefits. Additionally, for buy-in, start-ups also need to be able to present the vision for their companies to a managing board.

Despite the arctic conditions outside, the temperature at the round table was decidedly warmer, fuelled by food and wine, as everyone came together for a lively debate. Participants were pleasantly surprised that everyone around the table felt at ease and willing to share experiences so freely. This was made possible by the openness and wisdom attendees kindly shared during the evening, and we hope everyone had a jolly good time as well. Whilst the turnout was good with representations of leaders from different industries, the weather was not kind and the resulting transport disruptions meant that several leaders were unable to attend. However, all of those who could not make the dinner at the Arctic Circle expressed interest in future events, so perhaps part two, a post thaw dinner?

To our participants at the event, we are extremely grateful you took time out of your diaries to attend, especially given the weather conditions on the day.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.