• Startup Wise Guys and CDP Venture Capital SGR organized a panel discussion about scaling opportunities for cybersecurity startups
• Experts from corporate and academic circles discussed the challenges and advantages of cooperation between corporations and cybersecurity startups
• They concluded that while such cooperation is challenging, it is quite rewarding for startups as it helps them build the necessary reputation to make them trusted

On September 27th, Startup Wise Guys and CDP Venture Capital SGR held a panel discussion dedicated to Scaling Your Cybersecurity Startup. It served as a preface to the accelerator’s coming Cyber Xcelerator program specifically for B2B Cyber or Defense A.I. startups.

Startup Wise Guys’ latest SaaS & Cyber batch graduated just a week prior and included at least three cybersecurity startups: eID Easy, MonkPhish, and Trusted Twin. The cybersecurity-related conclusions and ideas that arose during this batch’s training must have contributed to the topic of the present panel discussion. Thus, we may view the panel as a bridge between the recently graduated batch and the coming accelerator program.

These ideas primarily revolved around building a trusting and fruitful cooperation between startups and corporations. As such, the invited speakers represented the corporate side. They were Filippo Capocasale, Senior Engagement Manager at NTT DATA Italia and Massimo Tedeschi, Cyber Security Division CTO at Leonardo. They were aided by Gianluigi Greco, Head of the Department of Mathematics and Computer Science at the University of Calabria, who brought along the academic perspective.

The event started with greetings from Startup Wise Guys’ representatives Luīze Sila and Egita Polanska who briefly presented the coming acceleration program and passed the word on to the event’s moderator Elisa Grasso. Without further ado, the moderator and the speakers introduced themselves and moved on to the first question.

Q: Is collaboration with corporate clients a realistic way for a startup to scale up?

Mr Capocasale pointed out that he himself was a witness and participant of such upscaling. He told a story about how he started 20 years ago in a tiny company, based not in a garage in the Silicon Valley but an apartment in a peripheral town of Cosenza. At the time, cybersecurity was not as popular a theme as it is today, but his company had a vision that was ahead of their time and turned up at the right moment. Since then, he never changed his workplace and only watched mergers and acquisitions around him. He noticed that this is a long and difficult path, but it is well worth it because through association with a recognized corporation a company gains a lot of credibility.

Dr Greco specified that cooperation with a corporate client is beneficial for a startup but not mandatory. According to him, there are rare startups whose ideas are truly groundbreaking and they can do well on their own. The vast majority, however, have good ideas that are too abstract to present any value. To make good of themselves, they need to be pointed in the right direction in terms of practical application, – and that’s where the corporate side comes in. It serves as the bridge between a startup’s abstract idea and market needs, which is obviously necessary for scaling. In other words, a corporation molds a startup into becoming good enough to be able to help companies. In this situation, it’s necessary for startup entrepreneurs to understand where the superior competence of the corporate representatives begins.

Mr Tedeschi added that a corporate client will rarely ever waste their time digging into issues to understand which startup is objectively worthy of attention. That’s why reputation matters. To build its reputation, a startup needs to walk a path, which is better when guided. According to Mr Tedeschi, Leonardo picks startups for cooperation depending on the company’s present practical needs. This immediately puts the startup’s open innovation into market context, often national context.

Q: What ingredients does a startup need to work with a corporation?

Mr Capocasale listed two key ingredients: vision and timing. It means that a startup needs to have a vision of what will be needed in the future. If, on the other hand, a startup does something that’s already mainstream, then it doesn’t reveal any noteworthy vision and it’s probably already too late for that idea. According to him, if a corporation sees such a vision in a startup, it will not hesitate to try and cooperate.

Dr Greco began his answer by explaining that the University of Calabria had dozens of startups vetted in its own incubator. The school has a whole tradition of startups. So, experience shows that a startup will never be able to come up with a prototype instantly, and that’s why the previously mentioned timing is important. Because the path to a prototype is long, a startup’s vision must be ahead of its time: this way, when the prototype is ready, the time will be right.

For a corporation, on the other hand, it’s easy to point out the current needs of the market (because they are also the needs of this corporation), and it’s also the corporation’s role, according to Dr Greco. He also pointed out that cybersecurity startup entrepreneurs are often fanatics with very interesting and intricate ideas but without any clue about the practical implementation of those ideas. Whether a business is focusing on Mobile Threat Defense or Computer Activity, cybersecurity is a great idea for a budding entrepreneur. That’s why they benefit from being pointed in the direction of a corporation’s practical needs.

Mr Tedeschi argued that startups are sometimes too far into the future, and their solutions respond to issues that may arise at some point in the future. In this case, the corporation will need to map far ahead to see the possible practical application of a startup’s solution against a possible future issue. Such decision-making presents a challenge for corporations that need to put a startup’s capacity into the big picture of the corporation’s goals, as well as to integrate this startup and be able to put its capacity to good use.

Q: Do corporations feel scared to start working with startups?

Mr Capocasale began his answer from a distance: ‘Startups have superb belief in their idea. They have no doubt that their idea must work. Corporations may have a different opinion because they have a different view of the market.’ He shared that in his experience a corporation may have a different view on the application of a startup’s ideas than a startup originally intended, and this opened a new perspective. From this perspective, one may say that corporations are excited to work with startups.

On the other and, according to Mr Capocasale, corporations will often request that a startup’s solution is already appropriately certified, complies with the relevant regulations, etc. This is another thing that startups need to keep in mind and not see it as a lack of will to cooperate.

‘This is precisely why accelerators are needed – to create this dialog between startups and corporations,’ Dr Greco continued. Another benefit from accelerators that Dr Greco pointed out was the fact that the startups in an accelerator already underwent selection and would be mature enough to benefit from the dialog that such an environment offers. According to him, such a dialog within an accelerator minimizes risks for both parties. As such, Dr Greco suggests that startups should first go through an incubator, then an accelerator, and only then they may be ready to cooperate with a corporation full-scale.

Mr Tedesci added that there are additional factors that need to be taken into account. Cybersecurity, in Italy in particular, remains a legally grey area to a large extent. Corporations may be wary in this regard, but on the other hand, they are also willing to take on the duty to drive a startup through these formalities.

At this point, several questions from the audience accumulated and Ms Graso addressed those.

Q: How can a startup approach a corporation?

This was a question for Mr Capocasale. He answered that his company has a number of channels for communicating with startups, and it shouldn’t be a problem for startup entrepreneurs to reach the right person at NTT. If the corporation sees a practical application, then the cooperation is willing to invest its resources in helping the startup put together its proof of concept. This PoC gets evaluated, and the parties can establish cooperation based on the results of this evaluation.

Q: How to convince clients that they need cybersecurity services and make them trust the service provider?

Dr Greco took on this question. He agreed that many clients still fail to realize the importance of cybersecurity. ‘Both companies and public administrations gamble with these risks, and then they have to pay,’ he stated. He is convinced that cybersecurity will play a lot bigger role in the near future, and that’s why it’s imperative to raise awareness of the topic.

He mentioned that both cybersecurity itself and raising awareness about it hold an important place in Italy’s new National Resilience and Recovery Plan (NRRP). Among other things, it sets the direction for investments in cybersecurity.

Mr Tedeschi added that a lot of companies still practice a reaction approach to their cybersecurity. They only begin to pay attention to the issue after suffering a cyberattack. In this situation, a value proposition can be instrumental for building trust. In other words, if a startup can help out a corporation or a public administration that suffered a cyberattack, then this will be very beneficial. On a global scale, however, taking on cyberattack cases one by one is not a solution because their number will only grow, according to Mr Tedeschi. That’s why raising awareness and changing the attitude of companies and public administrations about cybersecurity remains imperative.

Q: Should we expect major investments in the cybersecurity sector?

Having read this question, Ms Grasso took it on herself first and, being an investor herself, answered that there should indeed be growing investors’ interest in the cybersecurity sector, not just within the mentioned accelerator program.

Mr Capocasale agreed with Mr Tedeschi that companies often understood cybersecurity as a cost rather than a value. Today, on the other hand, they finally begin to see cybersecurity as an investment in protecting the core business and not as a waste of resources. This is because no company works as an isolated node anymore: everybody is connected, and it makes everybody vulnerable to cyberattacks.

‘We are used to talking about cybersecurity in the context of the IT industry, but now it overlaps practically all industries,’ Mr Capocasale stated. For example, when cars drive automatically, they heavily rely on the exchange of data that needs to be protected for the sake of safety of everyone on the road.

Final Words

At this point, it was time to wrap up the discussion, and Ms Grasso asked the speakers to share some final words.

‘Try to agree with the needs of the corporations,’ Mr Tedesci chose to be laconic.

Dr Greco stressed that startups need to pay extra attention to usability and PoC.

Mr Capocasale pointed out that even the best ideas can fail if not presented correctly. So, the key is to build the right presentation around the core idea. ‘Be lucky, but help yourself to be lucky,’ he summed up.

With a lot of our daily activities shifted online as the result of the pandemic, the importance of cybersecurity has grown tremendously. Both startups and investors need to keep up with the dramatically increased demand in this area. Yet when cybersecurity startups arise, they have to struggle to convince their potential clients that they indeed need cybersecurity. Additionally, they face the issue of trust, which is particularly difficult to build where security is involved. In such a situation, setting their eyes on cooperating with a large corporation may be the most efficient way for a startup to build a reputation and a trusted name for itself.

LinkedIn users are welcome to watch the panel discussion in full here.