Ransomware hits the High Street: the high-profile ransomware attacks on Marks & Spencer, the Co-Op, and Harrods, bring discussion of cybersecurity to the fore again. Various discussions surrounding SIM swapping and reliance on passwords, third-party admin rights, and spear-phishing, all represent common-or-garden risks these days.

The Arms Race, to which the cybersecurity world must respond, typically generates robust technological responses, which renders human frailty the easiest path. Less tech savvy individuals will always represent easy prey to ne’er-do-wells, and gullibility is as old as mankind. The well-defended enterprise has better-informed staff, but also holds the higher value prizes.

In this report we try and break down the terminology of the cybersecurity ecosystem by depicting it as a walled city, with its defences, its guards, and its citizens. Through highlighting the points of attack, we then explain which cyber defences are applicable – and, in turn, how
investors in our smaller end of the UK market can participate in a sector with clear catalysts for growth.

Those who remember the 2017 WannaCry ransomware may recall that the parts of the NHS that were affected were those which had not updated their Windows PCs with a patch which had been released twelve months prior to the attack. In the resulting chaos, we heard of at
least one NHS Trust which did not even have anti-virus software within their environment. Apathy, inactivity, bureaucracy, whatever it maybe, means that while awareness of cyber risks is widespread, up-to-date defence is not always in place – and those who have it still have to
keep it updated. All round cybersecurity defence, and means of mitigation if (when) the worst happens, are must-haves, not nice-to-haves. The absence of budgets and responsibility (such as the appointment of a CISO, a Chief Information Security Officer) would make company
boards culpable – and they will be held to account.

In breaking down the threats and responses within an enterprise environment in this note, we discuss threats and solutions; and we identify the investor opportunities in defining the products, services and opportunities in the listed environment: NCC, Smarttech247, Celebrus, PCI Pal, Shearwater, Corero, Intercede, Skillcast, and GBG; and managed services providers iomart, Redcentric, and Maintel.

In addition, we provide our usual update to the Cavendish Tech indices, and provide updated data for take-out valuations in the UK listed tech environment for companies below £1.5bn market cap.

This is supplemented by data, and tombstones, from our Cavendish M&A team, highlighting the still stark contrast between public and private market valuations, particularly in cyber, where our group credentials excel.