The UK has rolled out a new security initiative called Secure Innovation, aimed specifically at helping tech startups defend themselves against cyber threats, particularly from hostile nations. This effort is a collaboration between the National Cyber Security Centre (NCSC) and the National Protective Security Authority (NPSA) within MI5. It’s also backed by the Five Eyes intelligence alliance, which includes Australia, Canada, New Zealand, and the US, and offers localized guidance for each country involved.
Secure Innovation is tailored for young and fast-growing tech companies, assisting them in creating targeted action plans. These plans help assess their security levels and find practical measures to safeguard their ideas, reputation, and future. The NCSC reports that over 500 organizations have already benefited from this initiative.
MI5’s director general, Ken McCallum, highlighted the threat posed by sophisticated nation-state actors like China, who are keen to steal the intellectual property of innovative startups. He emphasized that the Five Eyes Secure Innovation initiative is part of a broader strategy to unify allies and simplify security measures for companies operating globally.
Oz Alashe, CEO of CybSafe, commented on the common oversight among startups regarding cybersecurity. He noted that while it may not seem like a primary concern, it should be paramount for every founder. Small and medium-sized enterprises (SMEs) often face greater vulnerability to cyber attacks, which can lead to their downfall. Instead of viewing limited resources as a hindrance, startups should capitalize on their agility compared to larger, slower competitors.
Alashe pointed out that unlike big enterprises that have to spend heavily to enhance security across sprawling teams, startups can integrate security into their core operations from the beginning. With the rise of sophisticated cyber threats, instilling a security-first culture isn’t just advantageous; it’s essential.
The guidance specifically addresses companies at risk from Chinese espionage, sharing cautionary tales of organizations that suffered from state-sponsored industrial spying. It stresses the need for strong security leadership and basic protective measures, as well as the importance of securing supply chains and thoroughly vetting overseas partners, particularly those from China.
One example is Smiths (Harlow) Ltd, a UK precision engineering firm that faced significant setbacks after a Chinese partner, Future Aerospace, backed out of an £8 million investment. This partner exploited contractual clauses to access sensitive technical data and trained their engineers. The fallout included loss of contracts with high-profile organizations, leading Smiths into administration in early 2020.
The initiative also extends to guidance for investors in high-growth startups, urging them to evaluate security risks during their due diligence. Investors should look beyond a company’s internal security practices to consider potential “high-risk” investors who may pose additional threats or complicate future funding and sales due to issues related to foreign sanctions or export controls.