Last week Paladin Capital Group embarked on an expedition into the heart of European cyber at the Infosecurity Europe 2023 conference in the gargantuan ExCel centre in London. As the largest cybersecurity conference in Europe, InfoSec once again brought together cybersecurity experts, vendors and organizations boasting over 13,000 visitors and 300 exhibitors from around the world.

Despite gloomy economic and geopolitical news, the atmosphere was upbeat, no doubt partly due to cybersecurity budgets generally being protected, as they become even more crucial with conflict and disinformation campaigns commanding the headlines.

The dominating themes from the technologies on show were email security, security awareness training, and endpoint protection, each offering an array of exciting products. The tools highlighted the fact no matter how advanced the firewalls and systems an organization has, its greatest security weakness remains its people. We at Paladin have focused on this area for many years with investments in Secure Code Warrior, Rangeforce, PhishMe and Hack The Box among others. While AI was certainly top of mind with many participants and vendors busy figuring out how to harness it best, its security implications were still largely absent from discussions.

The email security sector showcased ground-breaking technologies designed to fortify organizations against ever-evolving threats. We saw the usual large firms with their booths, such as Mimecast, Egress and Tessian, but also smaller disruptors like Keepnet Labs, Hoxhunt and HornetSecurity, all with their own techniques whether it be a lifecycle approach, continuous customer education, or offering email security as part of a larger platform.

Email remains a critical conduit for information exchange and given how horizontal the problem of email security is, the market is expected to remain large. One estimate from SkyQuest anticipates a staggering 14% YoY growth to reach $20Bn in value by 2030.

The flaws of email are reflected in the most common email protocol, Simple Mail Transfer Protocol (or “SMTP”), which created in 1982 has remained relatively unchanged since. It now serves as a prime target for cybercriminals seeking to exploit vulnerabilities and gain unauthorized access to sensitive data. Its inherent lack of authentication and encryption make it prone for phishing attacks. While these can be reduced to an extent by Sender Policy Frameworks (SPF), DomainKey Identified Mails (DKIM) or even TLS that many servers now support, email still exposes the average end-user vulnerable to clicking something that they shouldn’t be.

Indeed, a major theme at the conference was the importance of security training, with companies focused on empowering the entire organization from developers to support personnel to front-line employees with the knowledge and skills they need to proactively combat cyber risks. Through interactive workshops, immersive simulations, and engaging educational content, those companies highlighted the need to cultivate a vigilant and cyber-aware workforce. By fostering a culture of cybersecurity consciousness, organizations can empower their employees to identify and respond to potential risks, ultimately minimizing the likelihood of successful cyberattacks.

These companies included the likes of KnowBe4 and OpenText as well as more emerging players such as CultureAI, Metacompliance and SoSafe, which said that CISOs are becoming more interested in implementing a holistic security culture within their organizations across functions and through levels.

Perhaps unexpectedly, it’s not just the average employee that needs security training, but also the more tech-savvy such as developers and security engineers who are in dire need of continuous upskilling, as the ever-evolving world of technology makes their knowledge quickly obsolete. The buzz around the booths of Hack The Box, Rangeforce and Secure Code Warrior illustrated the demand for developer training tools.

Just like email security, the security training market is huge, and capable of supporting multiple players. Its size was once estimated by A2Z Market Research at $10.1Bn in 2019, with it projected to reach $18.6Bn within a decade. That’s a long way from 2014 when Gartner valued the market at a mere $1Bn.

Finally, we saw about the same number of businesses present in both the endpoint and network protection areas. Both are relatively mature and established sectors within cybersecurity, and their technologies are ubiquitous, often being one of the first cyber products bought by their customers.

The endpoint protection providers showed off sophisticated systems to safeguard devices and networks, ensuring comprehensive security across all touchpoints. The most visible firms were Crowdstrike with their two-story tall robot and Darktrace with their full-sized Formula 1 car. That said, we saw an exciting number of emerging players such as Censornet and 4Securitas catering to customers in the small- and middle-market space that often don’t have access to easy to understand and affordable products.

InfoSec once again highlighted the global and mission critical nature of cybersecurity. We heard that first hand at our drinks event from our own portfolio companies, such as Expel, Firetail.io and Hubble, who flew in to join us from around the world, as well as our guests from Hadrian, Cytix, Curiosity Software, and many others building exciting new products within the security realm. AI was also top of mind and companies are busy exploring how to harness its full power.

The energy and enthusiasm of the startups we met was inspiring and we are excited by the opportunities ahead as we continue to build Paladin’s portfolio in Europe. Be sure to reach out to me at jraisanen@paladincapgroupuk.com or anyone else in the Paladin Capital Group team if you are building the next-generation cyber firm in Europe.