Inside the new £13.5m home of cyber security innovation

LORCA is hoping to propel the next generation of cyber security solutions onto the market. 

Sign Up

Get the New Statesman's Morning Call email.

From the exit to Stratford tube station, a free shuttle bus is available to take you to Here East, a “digital quarter” located in the Queen Elizabeth Olympic Park. Bespectacled millenials hop on board, clutching Pret coffees and tote bags. The bus pulls up at a set of airport-like glass buildings around a landscaped space where food trucks congregate. During the Olympics, these were the press and broadcast centres for the Games. Now, they’re home to the London Office for Rapid Cyber Security Advancement, or LORCA.

Set up by the Department for Culture, Media and Sport, LORCA is an “accelerator” to foster promising cyber security firms that are expected to have a significant impact on the safety of UK business, the state, and civil society. Its first “cohort” of nine small cyber security companies joined the centre in July 2018. LORCA’s director, Lydia Ragoonanan, explains that the firms will embark on “six months intensive support, [then] six months follow-on support to help them get to market quicker and have a real impact”.

LORCA chooses which startups to support, Ragoonanan says, by identifying gaps in security.“LORCA is focused on really understanding wider industry challenges, using those challenges as a way to articulate need and, based on that need, selecting scaling organisations.” The inspiration, she says, was the 2016 National Cyber Security Strategy, in which the government committed to make Britain “secure and resilient in cyberspace”. The strategy called for “an industry-led, industry-informed innovation centre based in London,” explains Ragoonanan, “and for that centre to play a key role in developing new and emerging cyber security innovations.” Alongside the innate value of security itself, cyber security’s contribution to the economy – “high growth, high-earning jobs” was a motivation for setting up the accelerator.

This year’s cohort was selected on the basis of three identified industry needs: privacy and making trust “a competitive advantage”; orchestration and gaining oversight “of everything going on within your architecture”; and using automation to “assist and help where the threats are”. Next year’s cohort will be based on user-centric security and securing supply chains, and the centre will be running a “needs accelerator” to understand specific issues in these areas.

DCMS has pumped £13.5m of initial investment into the centre, but the aim is for it to be self-sustaining after three years. To do this LORCA is “engaging a range of different corporate partners”. So far Lloyds and Deloitte have joined forces with the centre, offering commercial support to its members and enabling them to conduct product trials.

As well as having the opportunity to work with industry titans, the “innovators” have access to a legal team, and technical and engineering support from the Centre for Secure Information Technologies (CSIT). Each company has the chance to go abroad on a trade mission, to “understand and be prepared for international markets when they need to be,” says Ragoonanan. Perhaps most importantly, LORCA comes with plenty of contacts. Ragoonanan says the office makes “warm introductions for our cohort to industry leaders where we know that they have a need that we can match them with”.

Finally, they have use of the swanky Plexal site at Here East, complete with an indoor “park” and open-plan modern working spaces designed to encourage collaboration. For many in the cohort, this is a significant advantage as it allows them to host meetings and work in close proximity to their colleagues without paying for an office. Tim Ward, director of cohort member Think Cyber Security, admits that his team are “digital nomads, working at home”, but he uses the space to meet potential investors and industry contacts.

Think Cyber Security is “applying behavioural science” to cyber security with its Red Flags product, which drip-feeds security training “30 seconds at a time” to employees for lasting, more effective security awareness. “The research shows that 90 per cent of cyber attacks start with the human user… your people really need to be your last line of defence,” says Ward. “There’s lots of theory, behavioural and learning science out there that’s not really being applied.”

LORCA does not provide any funding to the companies in its cohort, unlike some other accelerators, and Ward concedes it would be “quite good” if it did. However, “instead they’re giving us help, and I suppose the onus is on us to utilise the help, and get as much out of it.” Think Cyber Security, he says, has benefited particularly from the work it’s been able to do with Deloitte. “They steer us and give us advice, and they’ve created lots of connections for us.”

Before joining LORCA, Think Cyber Security won an Innovate UK grant, and was “starting to get a little bit of sales traction, so it felt that it was the right time to engage with something like [LORCA] to get publicity, and to get support on scaling.” With such a results focus – LORCA wants to grow up to 2,000 jobs and bring in £40m of investment over three years – the accelerator looks to companies that are “programme fit”, meaning that they are not startups, but ready to be grown and “make a material difference,” explains Ragoonanan.

John Tolhurst, chief commercial officer at Ioetec, which has developed a software solution that secures internet-of-things (IoT) devices using encryption and authentication, says that the stakes for his organisation are “very, very high. It’s kind of win or lose.” He is currently on the hunt for a “seed fund”, and is using LORCA’s contacts for that purpose.

“We need to commercialise the business; that’s what LORCA is about for us,” he  explains. “It’s that rapid advancement, traction in the marketplace.”

“The programme is fantastic,” he says. For an organisation of Iotech’s size, getting a key meeting could take three to six months, whereas “we could achieve it in a fortnight here”. What he wants to get out of LORCA is clear: “The marker [of success] will be that we are funded with the seed fund we’re seeking now; we’ll achieve that by securing a number of proof-of-concept projects.”

For Ward, getting the most out of the accelerator will mean maing the most of its opportunities for having “some trials running, if not completed, with either Deloitte or Lloyds, because the trial data is very useful for us.”

By the time they leave, Ragoonanan wants the cohort innovators to have “more clients, more revenue” and to be more financially stable. “One would hope they feel geared in a better informed, better position to be able to adapt to new markets.” However, she is also hopeful that they will feel “part of a community”. “A founder’s journey is quite lonely,” she reflects, “so feeling like this is somewhere you can come back to is important.”

Ragoonanan has plans to transition the accelerator into a “cluster”, where cyber security professionals and fledgling companies can gather, interact, and take advantage of the services LORCA provides. “I think one of the benefits of a cluster effect, and a benefit of having an actual location to do this,” she says, is that it can be “a home for those innovators to come to.”

Augusta Riddy is a Special Projects Writer at the New Statesman.