€1bn in Cyber Security Research Funding Evaluated, Revealing Academic Trends and Threats for 2019 and Beyond

 Crossword Cybersecurity plc review of nearly 1,200 global projects finds Cyber Physical Systems, Privacy, IoT and Cryptography are the strongest cyber security areas to watch – But Artificial Intelligence is an “apparent omission”

 

London, UK – January 10, 2019  – Crossword Cybersecurity plc (AIM:CCS), the cyber security technology commercialisation company, has today released insights from its global review of academic cyber security research.  The new database looked at nearly 1,200 current and past research projects from academic institutions in the United Kingdom, United States, Europe, Australia, and Africa.  It reaffirmed the value of the cyber security research market, with reported funding of EU projects at over €1 billion.

The database identified several global trends by comparing the periods January 2008 to June 2013 with July 2013 to December 2018.

Significant differences can also be seen between regions. For instance, the EU appears distinctly focused on minimising Small & Medium Enterprises’ (SME) exposure to cyber security risk. Conversely, when compared with other regions, the US has a greater focus on the human component of cyber security. Other US top project funding areas include Cyber Physical Systems (as applied to smart cities and power grids), securing the cloud, cybercrime, and the privacy of Big Data sets (as applied to the scientific research community).

UK invests in securing the physical world

In the UK, the leading research verticals are critical infrastructure and securing the health sector (with 11 current projects each). Current funding across UK projects exceeds £70m, with quantum and IoT-related projects both more than doubling over five years.  There are currently nine new UK projects with a focus on Cyber Physical Systems.

The four UK projects with the greatest funding are in the fields of Safe and Trustworthy Robotics, Big Data Security, Cybercrime in the Cloud and Quantum Technology for Secure Communications.

The most notable UK decline was in big data projects, which have dropped by 85%.

Cryptography remains strong

There are currently 52 global projects with a cryptographic focus, and at least 39 current live EU projects featuring a cryptographic element. In the UK, this area has been consistently strong over the last ten years, with 18 projects starting between 2008 and mid 2013, and 19 projects from mid 2013 to now.

Tom Ilube, CEO at Crossword Cybersecurity plc said of the analysis, “The need to protect critical infrastructure has never been stronger as technology becomes more deeply embedded in every aspect of our daily lives.  However, one apparent omission is research solely focused on the application of AI techniques to complex cyber security problems. We hope to see more of that in the future, as the industry works to stay ahead of the constantly evolving cyber security landscape.”

The Crossword Cybersecurity database will be periodically updated, to deliver ongoing insight into the most prevalent cyber security research trends and investment areas. If you are interested in further details, please contact the Scientific Advisory Team at Crossword Cybersecurity on innovation@crosswordcybersecurity.com

Crossword Cybersecurity plc
Tel: +44 (0) 20 8973 2350
Email: info@crosswordcybersecurity.com
Tom Ilube, Chief Executive Officer
Mary Dowd, Finance Director

Grant Thornton (Nominated Adviser)
Tel: +44 (0) 20 7383 5100
Colin Aaronson / Jamie Barklem / Samuel Rowe

Hybridan LLP (Broker)
Tel: +44 (0)203 764 2341
Claire Louise Noyce

Media contact:
Ginger PR Ltd
Lorena Duke Lorena@gingerpr.co.uk
01932 485 300

About Crossword Cybersecurity

Crossword Cybersecurity plc (AIM:CCS) is a technology commercialisation company focusing exclusively on the cyber security sector. We work with research intensive European university partners to identify promising cyber security intellectual property (IP) from research that our industry partners tell us meet emerging real-world challenges.

Our specialist cyber security software engineering team work with our university partners to develop research concepts into fully-fledged commercial products, that we then take to market. Our consulting team work with clients to address their cyber security challenges- by providing strategy, assessment and risk management services.

Notes to editors

Research methodology

Crossword identified nearly 1,200 projects, primarily by obtaining data from national funding bodies including the UK Engineering and Physical Sciences Research Council, American National Science Foundation, Australian Research Council and the European Commission. As well as this, open-source searching of available publications was conducted, as well as talking with Crossword’s existing academic contacts.

This research extends that of the original Crossword Cybersecurity CLUE database which featured 412 projects from major UK and European universities. This is not a comprehensive list of all projects across the globe, but a snapshot based on readily accessible information. Crossword Cybersecurity continually works to aggregate details of cyber security projects, and will release updated findings in the future.

– ENDS –

Crossword Cybersecurity plc (AIM: CCS, “Crossword”, the “Company” or the “Group”), the technology and consulting company focusing on the cyber security sector, has received a notice exercising options to acquire 666 ordinary shares of 5p each (“Ordinary Shares”) at a price of £1.90 pence per Ordinary Share.

Settlement and dealings

Application will be made for the admission of 666 Ordinary Shares, pursuant to the option exercise, which rank pari passu with the Company’s existing issued Ordinary Shares, to be admitted to trading on AIM. Dealings on AIM are expected to commence at 8:00am on or around 4 January 2019 (“Admission”).

Total Voting Rights

For the purposes of the Financial Conduct Authority’s Disclosure Guidance and Transparency Rules (“DTRs”), following Admission, Crossword will have 4,680,396 Ordinary Shares in issue with voting rights attached. Crossword holds no shares in treasury. This figure of 4,680,396 may be used by shareholders in the Company as the denominator for the calculations by which they will determine if they are required to notify their interest in, or a change to their interest in the Company, under the DTRs.

The information contained within this announcement is deemed to constitute inside information as stipulated under the Market Abuse Regulations (EU) No. 596/2014. Upon the publication of this announcement, this inside information is now considered to be in the public domain.

Contacts

Crossword Cybersecurity plc – Tel: +44 (0) 20 8973 2350
Email: info@crosswordcybersecurity.com

Tom Ilube, Chief Executive Officer

Mary Dowd, Finance Director

 

Grant Thornton (Nominated Advisor) – Tel: +44 (0) 20 7383 5100

Colin Aaronson / Jamie Barklem / Samuel Rowe

 

Hybridan LLP (Broker) – Tel: +44 (0) 20 3764 2341

Claire Louise Noyce

 

About Crossword Cybersecurity plc

Crossword Cybersecurity plc focuses on the development and commercialisation of university research-based cyber security related software and cyber security consulting.  The Group’s specialist cyber security product development and software engineering teams work with its university partners to develop the research concept into a fully-fledged commercial product that it will then take to market. The Group’s aim is to build up a portfolio of revenue generating, intellectual property based, cyber security products. Rizikon Assurance, Crossword’s first product, is a SaaS platform that enables medium to large companies to assess the cyber maturity and GDPR readiness of their suppliers. Crossword’s team of expert cyber security consultants leverages years of experience in national security, defence and commercial cyber intelligence and operations to provide bespoke advice tailored to its clients’ business needs.

TR-1: Standard form for notification of major holdings

Crossword Cybersecurity plc (AIM: CCS, “Crossword”, the “Company” or the “Group”), the technology and consulting company focusing on the cyber security sector, is pleased to announce that following the cancellation of its shares from trading on NEX yesterday, Admission of the Company’s Shares to trading on AIM will take place at 8.00 a.m. today, 14 December 2018 (“Admission”). Dealings will commence under the ticker “CCS” and the Company’s ISIN is GB00BPFJXS57 and its SEDOL is BYX0M86.

On Admission, the Company will have a market capitalisation of approximately £13.6 million, following a successful placing and subscription of approximately £2.0 million before expenses (the “Fundraise”). The net proceeds of the Fundraise will principally be used to further develop the Group’s operations and to support existing and future contracts.

Following Admission, the total number of Ordinary Shares in the Company in issue will be 4,679,730; each with equal voting rights. The total voting rights figure can be used by shareholders as the denominator for the calculations by which they will determine whether they are required to notify their interest in, or a change of their interest in, the Company under the Disclosure Guidance and Transparency Rules of the Financial Conduct Authority.

The Company’s admission document, together with further details of the Company can be found on the Company’s website: www.crosswordcybersecurity.com

Tom Ilube, Crossword’s CEO, said:

“I am delighted that Crossword has reached this important milestone and I would like to thank Crossword’s existing and new shareholders for their continued support as the Company continues to grow. AIM is an excellent platform for Crossword to achieve its ambitious growth plans over the coming years.”

Contacts

Crossword Cybersecurity Plc – Tel: +44 (0) 20 8973 2350
– Email: info@crosswordcybersecurity.com

Tom Ilube, Chief Executive Officer

Mary Dowd, Finance Director

Grant Thornton (Nominated Adviser) – Tel: +44 (0) 20 7383 5100

Colin Aaronson / Jamie Barklem / Samuel Rowe

Hybridan LLP (Broker) – Tel: +44 (0) 203 764 2341

Claire Louise Noyce

 

About Crossword Cybersecurity plc

Crossword Cybersecurity plc focuses on the development and commercialisation of university research-based cyber security related software and cyber security consulting.  The Group’s specialist cyber security product development and software engineering teams work with its university partners to develop the research concept into a fully-fledged commercial product that it will then take to market. The Group’s aim is to build up a portfolio of revenue generating, intellectual property based, cyber security products. Rizikon Assurance, Crossword’s first product, is a SaaS platform that enables medium to large companies to assess the cyber maturity and GDPR readiness of their suppliers. Crossword’s team of expert cyber security consultants leverages years of experience in national security, defence and commercial cyber intelligence and operations to provide bespoke advice tailored to its clients’ business needs.

Please click below to view the Schedule 1 Update.

Schedule 1 Update

Crossword Cybersecurity Plc (NEX:CCS, “Crossword” the “Company” or the “Group”) is pleased to announce that it has successfully raised £2 million before expenses by way of a placing and subscription for shares (the “New Shares”), the net proceeds of which will be used to further develop the Group’s operations and to support existing and future contracts (the “Fundraise”).

The Fundraise is conditional on, amongst other things, admission of the Company’s existing ordinary shares (“Ordinary Shares”) and the New Shares to trading on AIM (“Admission”). Admission is expected to occur on Friday 14 December 2018.

Consequently, the Company will withdraw its Ordinary Shares from trading on the NEX Exchange Growth Market as at the close of business on Thursday 13 December 2018.

The directors of the Company accept responsibility for the contents of this announcement.

 

For further information, please contact:

 

Tom Ilube – CEO
Crossword Cybersecurity Plc
www.crosswordcybersecurity.com
Tel: +44 208 973 2350
Email: info@crosswordcybersecurity.com
Twitter: @crosswordcyber

NEX Exchange Corporate Advisor
Nick Michaels and Jon Isaacs Alfred Henry Corporate Finance Limited
www.alfredhenry.com
Tel: +44 207 251 3762

NEX Corporate Broker
Claire Louise Noyce – CEO, Hybridan LLP
Tel: +44 (0) 203 764 2341
Email: claire.noyce@hybridan.com

The information contained within this announcement is deemed by the Company to constitute inside information as stipulated under the Market Abuse Regulations (EU) No. 596/2014.

 

–  ENDS  –

Crossword Cybersecurity is a software company based in Richmond upon Thames, just on the edge of London.  The company was founded by Tom Ilube in early 2014 and makes products for companies to use in defence against online threats.

There are lots of cyber security companies out there, so you may ask ‘what makes Crossword special’? The twist is that we are a technology transfer company.  That means our products are based on research and ideas brought about by the brightest minds in academia.  We scour the research landscape across Europe, looking for the best ideas to commercialise.

When find a project we like, we acquire the intellectual property and collaborate with the researchers.  Our specialist cyber security software team build the program and hosting platform as appropriate.  All this allows us to bring the fruits of the research to market, so companies can use them on the frontline, in the defence against cyber criminals and hackers.

Cyber security is a hot topic at the moment, with more and more companies being attacked every year.  There have been a number of high profile breaches making the front pages of national and international press, but there are also many attacks on small and medium sized companies.

At Crossword, we passionately believe that everyone should do what they can to protect themselves, but understanding this technical field is not easy for the uninitiated.  We’re working to make the language and principles easier, from the boardroom of global corporations to the garage of local online retailers.

This is the first in a series of blogs, by which we aim to keep our followers updated on all things at Crossword.  Please share this article freely and follow us.

Ask your business, IT, and security managers the following questions to see where your enterprise stands:

If they can’t say yes to all these questions, you may still be compliant with regulations, but your company’s data and customers are not safe. If you don’t ask these questions, your customers and shareholders will – or will ask soon!

Jane Holl Lute (Board of Directors of the Center for Internet Security)

We are currently seeing a lot of disconnect between the Executive Board (of companies) and Cybersecurity professionals who work for them.  Although there has been a significant increase in Board Cybersecurity awareness, we believe they are still not sufficiently knowledgeable about Cybersecurity issues. 

There is a further issue in that Cybersecurity professionals are struggling to articulate the problems in a language that the Board understand.  Our view is supported by a recent survey by Harvey Nash, the recruitment firm, who found that of C-Level execs, 30% or less CEOs and COOs are well informed on Cybersecurity issues, and 20% or less CFOs and CMOs are well informed.

In a series of blogs, we will aim to address these issues, starting with the first part of the problem –  raising Board level awareness on Cybersecurity which will

The four areas we will cover are:

1.     Cybersecurity 101.  What are the key things, as an Executive, you need to know.  We will cover Risk Management basics; what are the different threats to your organisation – and how to mitigate them; what are the most common attacks; what does the attack surface of your organisation look like, and what are the most common vulnerabilities.  We will also provide a go-to glossary of common cybersecurity terms and jargon.

2.     Making your organisation more robust.  What are the main areas you should be asking your Information Security or IT team about.  Here we will break down the different areas of best practice Cybersecurity defence, which will allow you to ask the right questions of your IS team, and also allow you to dig below the surface to ensure you are satisfied that you are on top of what is going on.  We will cover the following topics (amongst others):

3.     Cybersecurity Macro Trends.  Once you understand the basics and have ensured your Information Security team have a robust plan, you then need to think about the future.  There is a lot of change currently happening within the Cybersecurity industry and it is important that you (a) have a strategy; and (b) this strategy is aligned with your overall business strategy.  You therefore need to be aware of some of the trends that are underway, to ensure your cyber strategy is incorporating these macro trends, and it is relevant.  As part of this section, we will look at the following trends:

4.     The future.  Linked to the previous section, we will look even further into the future and discuss what the future holds for the cybersecurity industry.  We will look at some of the technology advancements underway, including Artificial Intelligence, and what impact they will have on Cybersecurity defences and attackers.  We will discuss the potential cyber arms race between governments and corporations, and the hacking community, and how you can take advantage of the advances in technology to improve your Cybersecurity defences and to save money.

We hope you have enjoyed reading this and look forward to our next blog in the Cybersecurity for Busy Executives series.

Download this article in PDF

“Cyber security, computer security or IT security is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.

Cyber security includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection. Also, due to malpractice by operators, whether intentional or accidental, IT security is susceptible to being tricked into deviating from secure procedures through various methods.

The field is of growing importance due to the increasing reliance on computer systems and the Internet, wireless networks such as Bluetooth and Wi-Fi, the growth of “smart” devices, including smartphones, televisions and tiny devices as part of the Internet of Things.[1]

Ok, so here we are with the second blog in your Executive (Cyber) education. Firstly, I need to make an apology.  I made some grand statements in the last blog about providing practical advice.  That will come, but before we get to that, it is important to understand some basic Cybersecurity terms, as these underpin everything else.  Cybersecurity practitioners are a precise bunch – who can blame them, they have to be – so although practitioners need to be able to speak the same language as the board, Executives can meet them half way by understanding some of the key concepts and terms.

People are key to protecting your organisation, and they need to have the right level of understanding for them to be effective. The next few blogs will help raise your level of understanding.

It is not just about Technology…….

We will start with some context and basic explanations on what cybersecurity really is.  It is a common misconception that Cybersecurity is only about the technology that protects an organisation’s IT infrastructure, network, applications and devices (I will shorten these to IT Estate for ease) – and the data and information that they contain.  Yes, that is a very important part of it.  Cybersecurity, however, is a much wider concept.  It is also about empowering the people who have access to an organisation’s IT Estate and data; the culture of an organisation; policies and processes/procedures; the governance of the organisation; and lastly physically protecting the organisation itself.

 Let us delve a bit deeper into each one:

Cybersecurity can seem like a scary concept to non-practitioners, as it is assumed that it involves complicated technology that only expert developers and cyber professionals can understand.  Whilst that is not entirely untrue, good Cybersecurity is no different to the smooth running of any other part of an organisation.  There are complicated elements to it, as there are in a Finance Department, Strategy Department or on the production line of a car manufacturer, for example.  However, like all parts of an organisation, there is a need for clear understanding and communications at the interface between general management and Cybersecurity practitioners, and effective governance (with underlying policies) should seek to do just this.  Cybersecurity practitioners need to empower the people as well as enabling the Executive.

One of the reasons for a disconnect between the board, Executives and cybersecurity practitioners, is that practitioners can struggle to articulate cybersecurity in a language the management understands, and its applicability, i.e. in the context of the wider business.  This is to be expected.  Cybersecurity is a relatively new concept – the definition of cybersecurity only appeared on Wikipedia recently, and there is no seat on the board for the Chief Information Security Officer – but as it starts to establish itself even more, I would expect this to change.

To make the whole concept easier for you to understand, we have built a diagram below which shows a highly simplified example of what your organisation’s IT estate might look like, and how Cybersecurity applies to that.  As we go through this blog series, this will form the basis of how we describe the different concepts.  We will be using a fictional company XYZ Ltd.  The larger and more diversely technical an organisation, the more complicated this diagram can become, but it forms a good building block on which to explain the key concepts.

Most people’s understanding of cybersecurity is focussed on protecting the organisation itself and its customers’ interests, and people mistakenly believe good cybersecurity defence is simply building a wall around the organisation.  When you consider that the diagram above is a simplistic representation of an organisation and reality is that organisations could have over 2,000 third party suppliers and possibly 100 offices, organisations have multiple areas that hackers could target.  The image above does help to give us a starting point and we will add to this as we develop your knowledge.

So now, it is hopefully clearer that Cybersecurity is a much broader topic than people realise, and you now understand a little bit more about the different areas that are part of it.  Next week, we will move onto talking about the different type of attackers who could be targeting your organisation.  Until next time.

Download this article in PDF

[1] Wikipedia

If you’re involved in a startup company or tech-transfer then you have probably already heard of the ‘Valley of Death’. For those of us who have never heard the term, the Valley of Death is the gap the exists between an idea and the reality of a commercialised product. There are many great research ideas that look promising on paper, yet for some reason never realise their potential.

Why is this? There are numerous reasons, lack of publicity, lack of funding, overly protective IP licensing or even just poor management of the idea. But whatever the reasons behind it, the gap is real; half of UK startups fail within 5 years. Often these failures aren’t due to poor ideas, but instead are down to ineffective implementation.

Cyber security is an industry which suffers acutely from this problem. The field progresses at such a pace, meaning many threat mitigation ideas get left behind as the threat moves on.  It is also hard to find good software engineers who know how to program solutions quickly, innovatively and securely.

Many universities’ technology transfer departments are constrained by resources and expertise in this emerging field, so have limited experience with developing cyber security ideas.  These same issues mean publicising these ideas is not necessarily a priority either, so many of them are left unseen by industry (more on the complexities of technology transfer next week).  To assist in overcoming this problem we built CLUE, our European cyber security research database (see last week’s blog, ‘How CLUE’).  CLUE is a critical part of our business process, but the information we have put together is also interesting to the wider cyber security industry, so we made it freely available.

By doing so, we have also reached out to heads of IT, Chief Information Security Officers (and the dizzying volume of equivalent titles) to understand the existing and projected needs in the market.

That leaves a bit of a gap in the middle where the product is actually produced and taken to market.  Crossword has a team of specialist cyber security software engineers, based in Kraków.  Their role is to help turn the research into reality by building the products, specified in conjunction with the team in the UK and academic partners.

At Crossword we help bridge the valley of death by combining foundation knowledge of a technology from academics, the technical know-how to build the supporting structure and the business knowledge to lay the route to market.  We provide a mechanism for researchers looking for a pathway to commercialisation.

81% of large companies have reported a cyber breach at some point and the average cost of a breach is between £600k and £1.15m[1]

‘Nearly half of UK businesses identified at least one cyber security attack in 2016, according to UK government data.’[2]

In order to defend your organisation from cyberattacks, it is worth understanding the different profiles of attackers because some organisations will only be randomly targeted, whereas others, particularly large multi-national corporations, will be targeted specifically.  In order to protect your organisation as well as possible, it is important to understand the motives of the different types of potential attackers.  Each type will also likely use different methods of attacking your organisation and we will discuss different attack methods later in the series.

Broadly, these are the following different types of attackers:

1.     Cyber criminals

2.     State Sponsored

3.     Industrial Competitors

4.     Hackers

5.     Hacktivists

6.     Employees

We will now explore each one in more detail:

1.     Cyber Criminals.    This type of attacker has become far more prominent over the past 5 years since traditional criminals have realised it is easier to make money illicitly through cybercrime than traditional crime, and they are also less likely to get caught.  Issues around jurisdiction also mean that it is far harder to catch and bring charges against people who are committing cybercrime.  These types of hackers will generally commit fraud or make money from selling individuals’ or companies’ financial and sensitive personal data, looking to redirect funds.  Ransomware is also a common methodology.  Potential attackers have access to an entire ecosystem of tools which can be rented or purchased to help facilitate different types of attacks.  They are based all around the world, but there is a prominence in Eastern Bloc countries where there is a high standard of computer programming and a tendency to turn a blind eye to the state. 

Their characteristics are as follows:

2.     State Sponsored.  Often linked to Industrial Competitors (below) and they have overlapping goals, including spreading misinformation, facilitating economic instability, gaining economic advantage and to steal Intellectual Property.   They are:

3.     Industrial Competitors.  This group are more interested in gaining economic advantage for their own company and stealing Intellectual Property.  A recent study puts cost of cybercrime at $24 billion to $120 billion in the U.S. and up to $1 trillion globally.[3]

4.     Hackers.  This is a wide range of individuals and they will often work for some of the other types of attackers, and also draw some of their tools from the other groups.  These are often individuals who see breaking into an organisation as an intellectual challenge.  Often this is just a hobby for some, but for others they want to gain notoriety and to increase their standing within the hacking community, who communicate through forums and message boards.  State sponsored hackers often make some of their tools available for the rest of the Hacking community.  The two different types are:

a.     Hobbyist.  Often known as ‘script kiddies.’ 

b.     Professional Mercenary.  Can evolve from the ‘Hobbyists’ in order to make money.

5.     ‘Hacktivists.’  These are usually Hackers who are ideologically motivated, anarchists or anti-capitalists.  They usually attack companies or Governments for political or ideological reasons.  They attack commercial entities for anti-capitalist reasons or if they disagree with how the corporation behaves and what they stand for.  They may also be disaffected by social and economic inequality.

6.     Employees.  These can be malicious employees acting as insiders or those making errors accidentally.  We will mainly focus on malicious insiders in this instance.  This is more commonly known as the ‘Insider Threat,’ encompassing all threats from employees, malicious or accidental, and is often the largest vulnerability to any organisation.  This is contrasted between employees supplying information unwittingly to hackers who wish to gain access to the company’s IT estate and data; or disaffected employees who are maliciously stealing data or assisting hackers in their attempts to access the organisations IT estate and data.  We will discuss this in more detail in later blogs, but organisations with strong cultures, where employees genuinely buy into company goals, are less likely to have malicious insiders, and will also be more likely to spot insiders, malicious or otherwise. 

So, that’s the end of our third blog.  Next week we will be giving an overview of some of the most common attacks.

Download this article in PDF

[1] CESG, ‘Common Cyber Attacks: reducing the Impact.’

[2] City AM, ‘Access Denied: The fight against cyber criminals.’ – https://www.cityam.com/281657/access-denied-fight-against-cyber-criminals

[3] ‘The case for enhanced protection of trade secrets in the Trans-Pacific Partnership agreement,’ US Chamber of Commerce: