GDPR is short for general data protection regulation and the legislation means that from May next year everyone across the European Union (including the UK) will have the right to see information about them stored online.
Failure to comply will mean potentially swingeing fines, something in itself Guyatt is delighted about – ‘about time’ he told Proactive.
Regulation with teeth
“At long last we have regulatory stuff with teeth.”
But this isn’t the part of the new rules making Guyatt so chirpy.
What he is pleased about is that from May every time there is a data breach it has to be notified publicly.
While it may seem currently that a data breach is reported every week as it is, stand by for this to double next year as a result of the new rules, he says.
Why is this good for Osirium?
Simply, Osirium is a cyber security specialist and the more publicity generated by database hacks, the larger the potential for its software.
Markets are becoming aware of the potential. Since the last results in September, the value of the AIM-listed group has risen by two-thirds but brokers such as Stifel believe this is just the start.
Osirium’s software has twin customer benefits, said the broker, lower cyber risk and more productive IT departments.
“The product attributes of ‘simple to use’ and ‘easy to deploy’ technology are resonating with target upper mid-market customers,” it added, which was evident in the last interim results with bookings ahead by 393% year-on-year and revenue 59%.
Guyatt explains it like this: “Every piece of IT kit has privileged access, which is what the technical staff [sysadmins] use to manage networks, maintain, upgrade and so on.
“Most cyber attacks look eventually to get hold of privileged accounts, so imagine a world where you have no control over the people who have this privileged access to your IT systems.”
Control that access
“Orisium’s product makes sure that the right level of privileges are granted to the right people so that they can do their jobs, but without opening up huge golden arches for cyber attackers.”
Banks, financial services companies and insurers are major users of privileged access management security (PAM), a market globally expected to be worth more than US$2bn by 2020.
Early versions of PAM needed an ‘army of consultants’ to run as it was so complicated, says Guyatt.
A legacy of this is that many larger organisations have 3-4 times as many privileged accounts as users.
When an employee or contractor leaves, often their credentials are never erased, usernames/passwords being hard to change.
Osirium’s functionality ensures that routine IT processes are packaged as tasks and automated.
Introducing this task automation has been a game changer and gives an important competitive advantage, believes Guyatt.
“We are the first in cyber security space to do this.
“We don’t give sysadmins access to privileged accounts, they just press the button and Osirium does the task for them.”
Osirium is still in its early stages and Stifel expects sales to jump from an estimated £600,000 this year to £900,000 in 2018, which is as far it is estimating currently, but it acknowledges the opportunity further out is substantial.
After taking on eight customers in the first half of 2017, the same number again were signed in the next three months and evidence of the build-up in momentum says Guyatt.
Osirium bills by subscription, with subscription terms typically lasting between 12-36 months.
As a SaaS/pay-as you-go business, the underlying financial model is cash-generative and its operations generate annuity revenue streams, says Stifel.
Customers also so far have typically upgraded both the services and the number of devices being monitored.
Small software companies can suffer growing pains but Osirium’s management should have the experience to make the most of the opportunity.
Guyatt was a co-founder of Content Technologies (CT), (an early UK tech investor of the type now called unicorns).
Fellow co-founder Andy Harris is Osirium’s CTO and Catherine Jamieson, another CT veteran, is chief operating officer.
Content Technologies sold its MIMEsweeper software business in 2000 for around £670mln and Guyatt believes the mood is similar due to the growing cyber attack threat.
“Awareness, understanding and intelligent budgeting for projects is what’s forcing [the market] it forward now.”
At 161p, Osirium, which floated last year at 156p, is valued at about £17mln.