As ECSC heads for a £15 million stock float, how will the Bradford-based company compete in cyber security?
With the UK set to go it alone as a trading nation after the EU Referendum, the country will need companies that are capable of growing and thriving.
The Government is recognising the importance of technology companies in powering the UK economy. The Autumn Statement from Philip Hammond pledged new funding for innovation as part of a ‘Productivity Fund’.
But much of the power will have to come from the companies themselves. With an initial public offering scheduled for December, Bradford-based cyber security company ECSC is hoping to become one of these companies.
The company was founded in 2000 and provides managed services, incident response, PCI DSS and ISO 27001 consultancy. It claims to be the UK’s longest running full service information and cyber security service provider.
Initially, according to CEO Ian Mann, a former advisor to GCHQ, the company was funded by family and friends but has been self-financing for some time.
So why IPO now, 16 years later?
“This is something we’ve been building up to,” Mann tells CBR. “We needed to get to a certain size.”
He says that the company now has the capability, size and management team to make it scalable.
Although Mann says that the recent spate of high-profile cyber attacks have increased demand for its services, he believes that 2016 has not seen a “step change” in cyber security.
What there has been, he says, is a general iterative increase in awareness. Cyber security was an IT issue but is now a board issue.
The company aims to raise around £5 million, placing 2,994,011 new shares and giving the company an anticipated market capitalisation of £15 million. The IPO will take place on 14 December on AIM, the UK’s junior stock market.
The company has had acquisition approaches before, according to Mann. However, Mann says that an IPO offered “the best prospects.”
Crucially, the company has been able to bring on an experienced board including Nigel Payne, previously CEO of Sportingbet Plc, as Non-Executive Chairman.
Also present as non-executive directors are David Mathewson, former Chief Financial Officer of Playtech Group and Steve Vaughan, previously CEO of Phoenix IT, Communisis and Sunstar.
The money from the IPO will allow the company to accelerate its growth strategy, with plans to quadruple its workforce from 50 to 200.
The company is opening a new support centre in Australia, which will allow it to provide round-the-clock customer service.
Generally discussion of the UK tech scene focuses on a small group of companies based in London. However, despite having an incident response centre within the M5, the company still operates primarily out of Bradford in Yorkshire.
He says that the location offers cheaper real estate and access to skilled graduates from the local university.
“We don’t need a fancy London address,” Mann says.
Mann says that the UK’s decision to the leave the European Union has not impacted the company’s plans.
“The change is not very significant for us. There are bits of legislation coming through from the European Commission that will strengthen requirements on companies. The Information Commissioner’s Office in the UK will implement this anyway.”
Regardless of whether the UK is in the EU or not, the market is still growing, Mann says, adding that the company has many international clients.
The important question is how a small, UK-based cyber security company can compete with the larger players in this market. ECSC offers an end-to-end security business, including incident response, penetration testing services and breach prevention.
The key, Mann says, will be the company’s reputation for quality of service. He cites the company’s blue chip clients and referrals.
“People don’t base security on price but trust.
“One of key challenges is to maintain the quality of service that people won’t necessarily get from larger players.”