What corporates are seeking in partnerships with digital security startups and scale-ups
Ronen Gottlib, Cyber Innovation Director at Barclays, on what digital security startups need to know about working with corporates.
09 May 2022 • 3 minute read

Cyber security is an important issue for corporates. For financial providers like Barclays, it means even tighter security measures. In this article, Ronen Gottlib, Cyber Innovation Director at Barclays, explains what corporates need from digital security startups and how they can set up for success. The good news is that many corporates often find significant advantages to working with startups. Read on to find out why.
What are corporates seeking in partnerships with digital security startups?
Corporates are looking for disruptive and innovative ideas. Many of the big security companies have technologies that cover a lot of areas but many of these are generic or are difficult to translate to corporates that will have specific requirements. Take Barclays as an example. We’re a finance provider that needs very tight, regulatory-focussed security measures. That’s good news for digital security startups, particularly very early startups. The dream scenario is a corporate going into a design partnership with the startup—and that helps the two to quickly align with the emerging needs of the corporate. Startups have the advantage of being able to quickly resolve unique problems that sometimes the big players don't have the bandwidth or agility for. The benefit of working with startups is those close relationships and the quick responses.
What are some of the barriers to working together?
Often startups don't have experience working with big enterprises. Sometimes they lack understanding of the business value or drivers that are important to a corporate. It’s important to remember that big business is not just about the features or tech around a specific solution — although that is important. But there are many business-related values that a corporate needs from a solution or startup. This lack of understanding around the corporate’s goals can cause engagement between these parties to crash, or it might block progress on the rollout of some new functionality.
How should founders earn trust?
In the event of a security incident, startups should step up and proactively provide support, advice, and consultancy. They should also further develop the tool and educate the corporate on how to use it efficiently. If they can address the incident either before the event or without being asked — this is how you build trust and show the enterprise you're there for them.
Startups have the advantage of being agile, lean, and quick to respond. Startups to big security players are like Small Commando Unit (or SWAT team) to a division – while the latter have the massive resources the former is quick and able to solve unique and specific problems.
How can a startup go about building the relationship once they have a foot in the door?
Quick response, quick delivery, shorter times to add functionality, aligning to the needs of the corporate, and being that trusted advisor. Startups should also be proactive and attempt to develop new areas within the existing product. A startup that has been deployed within a corporate should be looking for ways to increase that deployment or produce more value for the enterprise.
Are there any pitfalls to watch out for when working with a corporate?
Speaking once again from the perspective of a financial organisation, regulation and lengthy, complex onboarding processes can be challenging. Startups need to avoid being involved with anything controversial. Carefully assess if there may be some sort of black mark that might be flagged during due diligence. And that includes all aspects of ESG in how you act as a business. It's not just about the technology so make sure you act to the corporate's standard. If you do have that black mark, make sure to be upfront. Show you've taken the right measures and that you have the right policies in place now. Nothing is carved in stone but it's better to have policies in place from the start.
Any final advice?
Digital security startups should start with the low-hanging fruits. You don't have to win the big corporates as your first goal. I suggest that you first establish a strong, wide base of low hanging fruits, those companies from which they can gain experience. At the same time, start an initial engagement with a corporate if possible. You do want enterprise feedback in the early days, but you don't need to win its business right off the bat. Start small and work on the corporates over time.
Barclays (including its employees, Directors and agents) accepts no responsibility and shall have no liability in contract, tort or otherwise to any person in connection with this content or the use of or reliance on any information or data set out in this content unless it expressly agrees otherwise in writing. It does not constitute an offer to sell or buy any security, investment, financial product or service and does not constitute investment, professional, legal or tax advice, or a recommendation with respect to any securities or financial instruments.
The information, statements and opinions contained in this content are of a general nature only and do not take into account your individual circumstances including any laws, policies, procedures or practices you, or your employer or businesses may have or be subject to. Although the statements of fact on this page have been obtained from and are based upon sources that Barclays believes to be reliable, Barclays does not guarantee their accuracy or completeness.
Topic
Related tags
DiSH
We’re bringing together experts in digital and cyber security from the public, private and academic sectors to help Greater Manchester’s digital security startups to innovate and grow.