From May, every time there is a data breach it has to be notified publicly
Cyber security is big news at the moment. It seems that every other week there are reports that yet another company has been attacked.
US credit score giant Equifax reported in September that around 145million of its customers had their accounts hacked earlier this year, with more than 15 million of those in the UK.
That’s an awful lot of sensitive information to be stolen, but pales in comparison to the three billion accounts that Yahoo recently revealed were breached back in 2013. That’s almost half of the world’s population.
And they are just a couple of examples we know about.
At the moment firms are under no real obligation to disclose when their systems have been compromised, although that is set to change pretty soon with the introduction of new data protection rules (GDPR) next year.
From May, every time there is a data breach it has to be notified publicly, something that bodes well for Osirium Technologies and its chief executive David Guyatt.
Stand by for the number of breaches announced to double in 2018 as a result of the new rules, he says.
Simply put, Osirium is a cyber security specialist and the more publicity generated by database hacks, the larger the potential for its software.
Markets are becoming aware of this potential, too. Since the last results in September, the value of the AIM-listed group has risen by two-thirds but brokers such as Stifel believe this is just the start.
Osirium’s software has twin customer benefits, said the broker, lower cyber risk and more productive IT departments.
‘The product attributes of ‘simple to use’ and ‘easy to deploy’ technology are resonating with target upper mid-market customers,’ the broker added, which was evident in the last interim results with bookings ahead by 393 per cent year-on-year and revenue up by 59 per cent.
Privileged access management security (PAM) is expected to be worth US2 bn by 2020
Guyatt explains it like this: ‘Every piece of IT kit has privileged access, which is what the technical staff [sysadmins] use to manage networks, maintain, upgrade and so on.
‘Most cyber attacks look eventually to get hold of privileged accounts, so imagine a world where you have no control over the people who have this privileged access to your IT systems.’
‘Orisium’s product makes sure that the right level of privileges are granted to the right people so that they can do their jobs, but without opening up huge golden arches for cyber attackers.’
Banks, financial services companies and insurers are major users of privileged access management security (PAM), a market globally expected to be worth more than US$2 billion by 2020.
Early versions of PAM needed an ‘army of consultants’ to run as it was so complicated, says Guyatt.
A legacy of this is that many larger organisations have 3-4 times as many privileged accounts as users.
When an employee or contractor leaves, often their credentials are never erased, usernames/passwords being hard to change.
Osirium’s functionality ensures that routine IT processes are packaged as tasks and automated.
Introducing this task automation has been a game changer and gives an important competitive advantage, believes Guyatt.
‘We are the first in cyber security space to do this.
‘We don’t give sysadmins access to privileged accounts, they just press the button and Osirium does the task for them.’
Osirium is still in its early stages and Stifel expects sales to jump from an estimated £600,000 this year to £900,000 in 2018, which is as far it is estimating currently, but it acknowledges the opportunity further out is substantial.
After taking on eight customers in the first half of 2017, the same number again were signed up in the next three months and evidence of the build-up in momentum says Guyatt.
Osirium bills by subscription, with subscription terms typically lasting between 12-36 months.
As a SaaS/pay-as you-go business, the underlying financial model is cash-generative and its operations generate annuity revenue streams, says Stifel.
Customers so far have also typically upgraded both the services and the number of devices being monitored.
Small software companies can suffer growing pains but Osirium’s management should have the experience to make the most of the opportunity.
Guyatt was a co-founder of Content Technologies (CT) -an early UK tech investor of the type now called unicorns.
Fellow co-founder Andy Harris is Osirium’s chief technology officer and Catherine Jamieson, another CT veteran, is chief operating officer.
Content Technologies sold its MIMEsweeper software business in 2000 for around £670million and Guyatt believes the mood now is similar due to the growing cyber attack threat.
‘Awareness, understanding and intelligent budgeting for projects is what’s forcing it [the market] forward now.’
At 161p, Osirium, which floated last year at 156p, is valued at about £17million.