CyberTech scene in Estonia by Marily Hendrikson
As Estonia is one of the most digitally advanced societies in the world, strengthening the cybersecurity startup ecosystem has been a governmental focus area since 2017. Seeing the market trends, Startup Estonia and Estonian Ministry of Defence decided in 2017 to experiment with two national strengths - CyberTech expertise and startup mindset. CyberTech focus area at Startup Estonia was established to cooperate on developing the CyberTech startup ecosystem. The insights of the two years working with the ecosystem are shared by Marily Hendrikson, the Cyber Defence Project Lead at Startup Estonia.
Our CyberTech Startup Landscape
When I started off as CyberTech project lead at Startup Estonia a bit more than two years ago, I knew that the CyberTech competence in the country is very high (read the bonus section below about the roots of CyberTech in Estonia) and also our startup community is strong. But we only had a handful of CyberTech startups, so I started off with a belief that joining the existing two strong communities is the most sustainable approach to build the CyberTech ecosystem. My role is to bring the different communities and competencies together, paving the way for creating new startups & ensuring the smooth growth of existing ones.
In order to grow the number of new startups we have four vital approaches:
- raise awareness of the opportunities in CyberTech sector
- onboard new people and support organisations into the CyberTech community
- support the establishment of new startups
- support the sustainable growth of existing startups.
We consider a startup belonging into the CyberTech sector, when one of their core value-added factors comes from cyber security (read more from our CyberTech focus page). Our CyberTech startups are rather diverse - working on identification, verification, authentication, fraud, threat and data breach prevention, VPN, cyber hygiene, skills upgrading, access management, log file analysis and many other solutions.
Today, we count more than 60 companies and startups in this domain. Several governmental institutions and over 40 critical infrastructure service providers play a vital role in keeping Estonia's cyberspace. The leading private players in the Estonian cyber security industry are Cybernetica AS, Guardtime and Clarified Security.
During the last two years there have been some great changes in the CyberTech startup ecosystem. We started with mapping out the landscape, identifying the key members of the ecosystem and potential future developments. Starting from 2017, fifteen new startups were established and the total number of CyberTech startups reached 26 by the end of 2018. This doesn't include teams who have not yet registered their companies, nor teams being developed as startups inside bigger companies. CyberTech startup sector makes up 6% of our startup scene when we take into account government and employment taxes, turnover and headcount. And as the CyberTech startups numbers are growing, then it is clear that Estonia is up and coming cybersecurity country.
The people's number employed by CyberTech startups grew during 2017 and 2018 notable 325% - from 59 people (2017 I Q) to 192 (2018 IV Q).
CyberTech startups paid €2,1M in employment taxes in 2018, which meant 118% growth in a year (€1,1M in 2017).
The largest CyberTech investment so far happened in 2018, when Veriff raised 6,6M EUR. Offering online verification services to companies around the globe, they are currently one of the fastest growing and the most desirable startups in Estonia. They increased their staff by 325% within 6 months and are still growing. The startup with the highest turnover is Messente Communications, offering authentication services since 2013. Last year, they managed to create almost 7M EUR turnover with just 13 people. Another notable startup is Threod Systems, developing outstanding unmanned aircraft and sub-systems for intelligence collection and surveillance tasks. Most of the CyberTech startups offer B2B services and products with one exemption - Seguru focuses on B2C market, integrating intrusion detection and prevention into a users mobile devices. The startup with the fastest turnover growth (2408%) during one year is SpectX. Their solution can instantly analyze raw logs in their current location, without any data preparation and the volumes are unlimited.
The core of every startup ecosystem are the skilled people, a number of startup support organisations and the willingness to grow together. It is a pleasure to see that ecosystem responded to Startup Estonia initiative quickly and during the two years five new support organisations with cybersecurity focus were established and there are also several other support organisations, adding cybersecurity competencies to their side focus. In January 2018, a new hackerspace/makerspace k-Space opened up in Tallinn near the TalTech and Tehnopol incubator. In the beginning of 2019, Startup Wise Guys accelerator opened their first cybersecurity, defence and AI batch CyberNorth in Tallinn. Since this spring, Forwardspace together with Web application security platform WebArx Security is organising Capture The Flag exercises and trainings for the youth in Pärnu. Hedman Partners, a law firm is offering its expertise across the spectrum of corporate legal services, has established a special lawyers position consulting in cyber security legal matters. Find the full list of support organisations with CyberTech expertise here.
Klaid Mägi, Executive Vice President at CybExer Technologies: “Looking from the maturity perspective, Estonian cyber security ecosystem is getting better every day. It’s not fast, but it is important to know that it is improving. The awareness and knowledge is on the rise and as proof, we see that more organisations and agencies using Cybexer e-learning platform to educate their employees about cyber threats. Currently one third of working aged Estonians should have a way of accessing this platform, and this number is also increasing. On the other hand it is great to admit that Estonian private companies and public agencies do more different trainings and exercises to build internal capacity and preparedness for possible upcoming incidents and crises. CybExer Technologies, as a leading cyber awareness company, is always happy to help anyone improve their capabilities and knowledge.”
There are several international CyberTech meetup groups like Let's speak about cyber security @, Let's speak about cyber security @Tartu @ and TallinnSec, gathering more than 900 people in total. At the Estonian flagship startup and tech event Latitude59, we are going to have a CyberTech session to compliment all of that. Speakers will be addressing the most burning questions in cyber security. Why does meeting privacy requirements not make my app secure? Why does it matter to me? What are future financial implications for me as a startup? And why as an investor should I care? Are there examples of success out there? All of these questions will be addressed on 16th of May, at Latitude59.
Check out our latest Startup in Estonia podcast episode with Ralph Echemendia, the Ethical Hacker on Cyber Security
e-Governance Academy annual conference 2018: Governance for Digital Citizens
Raul Rikk, the National Cyber Security Policy Director at the Ministry of Economic Affairs and Communications: “In today’s complex digital world, smart cybersecurity solutions are not born in isolation. Innovation and business development takes place during the interaction between needs, knowledge and money. Supportive ecosystems for customers, businesses and academia are no longer an exception, but a prerequisite for global competition.”
The number of CyberTech startups and teams has reached 39 by the end of April 2019. The growing numbers show that Estonia is up and coming cybersecurity country. This is also the very reason why CyberTech focus is one of the strategic focuses in Startup Estonia until 2022. During the four years we will place Estonia's CyberTech sector on the long-lasting startup mode together with the Ministry of Economic Affairs and Communications.
Please find all the cyber security-related events in Estonia and in the region here.
BONUS - The roots of CyberTech in Estonia
The actual roots of Estonian cyber security expertise lay in 1960s, when the applied research unit of the Institute of Cybernetics of the Academy of Sciences of Estonia was established. Officially, Estonian government started off with digitalisation already in 1997. The driver behind it was a necessity to provide better public services for all of the citizens. Estonians developed and implemented the x-Road, which allows the nation’s various public and private sector e-service information systems to link up and function in harmony. To ensure secure transfers, all outgoing data is digitally signed and encrypted, and all incoming data is authenticated and logged. It has a versatile security solution: authentication, multi-level authorisation, high-level system for processing logs, and data traffic that is encrypted and signed. Six years after Estonia gained independence, electronic-governance (e-governance) was launched; e-taxation came in 2000, digital ID in 2002 and so on.
Estonian Incident Response Department (CERT-EE) has been operating since 2006. Its duty is to assist Estonian Internet users in the implementation of preventive measures in order to reduce possible damage from security incidents and to help them in responding to security threats. In 2007 Estonia faced cyber-attacks that have been widely acknowledged as the world’s first cyber war. That was the turning point for Estonia’s internal cybersecurity policy and dynamic digital ecosystem development.
Because in cyberspace there are no country borders and the solution to 95% of cybercrimes is in essence international, then international cooperation and competence raising vital parts of any digital ecosystem. This is also the reason why we have NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) in Tallinn since 2008. It is an independent international military organisation that focuses on research, development, training and education in both the technical and non-technical aspects of cyber defence. In 2008 Estonia was one of the first countries in the world to create a cybersecurity strategy. The current strategy is in place until the end of 2022.
Today there are several organisations that develop the cyber security competence in Estonia - universities, public sector institutions, organisations who provide critical infrastructure services in Estonia and private sector. Cyber security is thought at Master's and Bachelor's level at TalTech and University of Tartu since 2010. Volunteer-based cyber army was established in Estonia in 2011 and Cyber Command in 2018.
Blogpost written by: Marily Hendrikson (Startup Estonia)
Data crunched by: Moonika Mällo and Marily Hendrikson (Startup Estonia)
Graphs by: Paula Repp (MadeBY)