Skip to main content

Combatting CEOs cyber security concerns

By Fraser Wilson, Head of Financial Services at PwC Scotland and Colin Slater, Cyber Security Partner and Scotland Risk Leader.

For businesses with digital adoption high on their agenda, the arrival of the pandemic was undoubtedly a catalyst moment. Customers moved online in their droves benefitting subscription services from Spotify to Peloton. Retailers moved rapidly to refocus their operations to the web, and customer service channels and face to face’ services via video consultations, from high street banks to doctors surgeries, suddenly became normalised.

Scotland has a world leading FinTech ecosystem which has a key role in driving the innovations that allow businesses to transform customer experiences and adapt to a changing environment. However, the rapid pace of change has left many businesses feeling exposed to new risks.

Nearly two thirds (64%) of respondents to PwC’s 25th Annual CEO Survey said that they have significant concerns about cyber threats. In the UK, this outranked health risks, macroeconomic volatility and climate change as the threat to their business that CEOs are most concerned about, further cementing its elevation in business conscience.

And CEOs are right to worry. It’s an accepted fact that it’s not if but when a cyber attack will occur. CEOs’ main concern is around a catastrophic incident stunting business growth. As shown by the myriad of Ransomware cases, a successful cyber attack delivers more complex existential problems to solve. Associated issues we see, like not being able to pay salaries, deal with supply chains, place orders or give regulators the information they need; suddenly become pressing if you are in the midst of recovering your whole business.

Risk is a fundamental part of business. Companies are well practised at both mitigating risks and using them to take calculated business steps. Fintechs, in particular, have a role in both the defensive as well as proactive use of risk management. Being a good cyber citizen can be a huge market differentiator and demonstrating a good cyber posture and structure can also be hugely beneficial in any investment or deal situation. Being cyber aware and building a secure business are the foundational aspects for any fintech and will ultimately protect the valuable IP assets they are creating. While CEOs are right to be concerned, having an organisational approach to think cyber’ across all strategic and tactical decisions is key to success. Putting the right structures in place now ultimately will pay dividends in the market later.

Our recent announcement that we’re strengthening our financial services team in Scotland is part of our commitment to helping businesses embrace technology and improve resilience and agility. With our cyber security hub in Scotland we are expanding and delivering services around the world as well as on our doorstep. Our Managed Operations Centre of Excellence is located in Edinburgh, alongside our Threat Intelligence team, so our local footprint is something we are rightly proud of. We’re determined to help CEOs tackle their cyber concerns head on and drive the Fintech agenda in Scotland.

Being a woman entrepreneur in the fintech industry

To celebrate International Women’s Day 2022, we met with Lynne Darcey Quigley, founder and CEO at Scottish fintech Know-it.

Lynne, when did you decide to become an entrepreneur and why?

From a young age I knew I wanted to run my own business.

I’ve always been hardworking and was a skilled credit management consultant so understood that I could build something great by helping businesses in need of recovering unpaid invoices and increasing their cashflow.

I founded Darcey Quigley & Co in 2007 offering commercial debt recovery and sales ledger management that has grown to be one of the UK’s leading commercial debt recovery specialists.

 

What led you to launch Know-it?

Working in the credit industry for over 25 years and running one of the UK’s leading commercial debt recovery specialists for 15 years I seen businesses make the same credit management mistakes time and time again.

The businesses I help day to day could avoid the need to use a debt recovery partner if they had implemented a robust credit control process. However, there’s a perceived barrier to this, mainly time and cost.

But the problem of late payments is massive, SMEs in the UK are currently chasing £61 billion in late payments, an increase of 22% since 2020!

Realising the size of the issue with late payments I founded Know-it to give business owners a complete automated end-to-end credit management process that is cost effective. Our automation will save businesses valuable time and help them get paid quicker and boost their cashflow.

 

How will Know-it help businesses avoid problems associated with late payments and improve their cashflow?”

Know-it provides businesses with all the tools and intelligence needed for a watertight credit control process all in one easy to use platform. Know-it brings together the 3 key elements of the credit control process, we like to call the 3 C’s, Check- it, Chase-it, Collect-it.

Check-it gives businesses the facility to credit check and automatically monitor companies from across the UK with real-time data from independent and reliable sources in just one click. This intelligence will allow businesses to make more informed credit decisions and mitigate credit risk.

Chase-it automatically chases unpaid invoices when they’re due through email, letter and SMS. Our smart integration with leading accountancy packages means Chase-it knows which invoices are due when and how much is owed.

Collect-it offers a much needed safety net by providing the services of leading commercial debt recovery specialists Darcey Quigley & Co to Know-it users with problematic late payers.

 

What is it like to be a woman entrepreneur in the fintech industry?

It’s been fantastic so far! The Scottish fintech community is so vibrant I feel women are very well represented.

I feel very supported in the Scottish fintech space. Schemes such as AccelerateHER and Business Women Scotland are helping female entrepreneurs thrive.

 

Do you feel like investors, potential clients or other stakeholders approach female entrepreneurs differently?

No, it’s never been something I’ve experienced during my fintech journey so far, certainly not with potential clients, partners or other stakeholders.

We’re just getting started with our big push for investment but so far I haven’t experienced any feelings of being treated differently so far.

 

According to you, what should be done to ensure more gender diversity in tech?

I believe there’s a lack of awareness of the variety of careers available to women within the IT industry.

It’s not just about coding. There are so many other exciting jobs in the tech sector such as Project Management, Business Analysis, Solutions Architects, as well as a myriad of roles in supporting business functions. We are in tech and big advocates for our industry, so we need to educate girls and women to the variety of careers now available to them.

 

What does the future look like for Know-it? Any exciting developments you can share with us?

Having launched our beta late last year we have aggressive growth plans for 2022.

We’re actively seeking investment now to help us fund these plans.

Our goal is to make Know-it the best credit management platform possible so we’re taking feedback from our users onboard and are always developing our product to meet the needs of our users.

 

Scottish Edge round 19, just over 1 week to apply

Applications are open for Scottish EDGE Round 19 and firms have another week to get involved with the deadline at 2pm on Tuesday 15th February 2022.  Firms will compete to win awards, some of which could go up to £100,000.

Interested firms can apply via www.scottishedge.com and will need to complete the online application form which includes a 3-minute video pitch presentation.

Key Support for Round 19:

  • R19 Workshop ”“ an Online Workshop providing important information for businesses planning on applying is available on replay – https://youtu.be/skeiGHkgA1k

 

  • Impact Section Workshop ”“ a virtual workshop that focuses on the Impact section of the application process. It will take place on Wednesday 9th February, 3pm-4.30pm, register here.

 

  • R19 Support ”“ There is also lots of support available on the Scottish EDGE website including the Competition Brochure, a Blank Application Template and a 3-Minute Pitch Videos example.

UK-wide Investment Series announced by FinTech Alliance

 FinTech Alliance, the Government-backed digital ecosystem for UK FinTech, has launched its third annual Investment Series, announcing FinTech Scottland as a key partner. 

The series aims to bring FinTechs from around the UK together to learn about all aspects of a successful funding round and meet high-profile investors. 

FinTechs can: 

– Use the FinTech alliance platform for the duration, including the regulated Investment Hub. 

– Build their pitch deck with advice from FinTech leaders. 

– Network with high profile investors. 

– Learn from a series of hybrid workshops on pitching, negotiating deals and more. 

Signups are now open for the series, and the process will see a number of regional events across the UK to find the most innovative Seed and Series A FinTechs – including an event in Scotland. 

The signup deadline is 30 March, after which there will be a launch party during UK FinTech Week, with workshops running through May and a pitch day in June. 

Not ready to raise funds just yet? No problem! You can still take part in all workshops and build your network. 

We’re delighted to partner with FinTech Alliance on the series. 

Sign up here! 

For more information, email info@fintech-alliance.com 

Lessons as the latest IPO window starts to close

In recent weeks, there has been a flurry of news articles about the bumper run of IPOs, observed as economies globally look to plot a post-COVID recovery. Those ongoing and ultra-lax monetary policies buoy this, though that may be coming to an end. Floats are being postponed or prices slashed by prospective issuers, suggesting that it is inevitable that the window is starting to close ”“ for now anyway.

However, is this such a bad thing? Increasingly IPOs have been looking somewhat disorganised. Whilst fervent day one ‘pops’ in the share prices of newly issued stock may be headline-grabbing, ultimately, it suggests that the advisers have miscalled the market. Founders and early-stage investors could have got a far better price had a more considered approach been taken. Indeed, academic thinking from a little over twenty years ago always suggested that involvement in IPOs was a risky proposition. With savings in transaction costs and taxes offset by the fact that the previous investor ought to be selling at the top of the market and the opportunity cost of having capital tied up during the pre-IPO period.

It is also worth bearing in mind that even if IPO deal flow does become somewhat more constrained, the option is not being removed indefinitely. This market has always been cyclical, so that it will return. Given that, what takeaways are there from the frantic levels of activity seen over the last twelve months?

Arguably the most important for many will be ensuring that your cap table reflects the needs of the business at the time of float. What will an IPO mean for key staff and early-stage investors who have likely played an instrumental role in getting you this far? And how can these valuable participants be convinced to stick around for the next phase of the journey?

Secondly, there’s that opportunity to ensure your business is IPO-ready. Regardless of the time horizon here, there’s a raft of best practices that you can deploy to make sure your company is in the right shape to facilitate a listing. After all, you may find that time is of the essence at a future date and such preparedness has longevity ”“ investments now will yield results in the future. That combines to create a situation where you’re getting closer to having liquidity within your privately held business ”“ something that CrowdX is assisting with already, helping bolster the company’s reputation, its brand perception, and the early stages of institutional engagement.

This all means that it should be easier for prospective professional advisers to make more accurate assessments of your company’s value. Those ‘day-one-pops’ in share prices can largely be a simple transfer of wealth from your company to the institutions that can participate at the very outset. Don’t give away wealth unnecessarily.

Looking forward to a month of events

Welcome to September! I’m excited to write this month’s blog post where we highlight the 2021 FinTech Scotland Festival.

September is always a month the FinTech Scotland team look forward! It’s a time to celebrate fintech, learn about developments, meet new people, and reconnect with old friends who are driving forward fintech innovation across Scotland and across the world.

This year we’re especially grateful to be able to welcome back more in person, and face to face events as we continue to emerge from the necessary restrictions over the last 18 months.

The festival kicks off on the 16th of September with the DIGIT FinTech Summit and concludes with the Times Scotland and Canongate Publishing event on actions and initiatives to drive global fintech leadership on the 14th of October.

For the first time in a long time, we’ll get to see people in person! We’ll experience the atmosphere and energy that comes from fintech innovation and specifically through the people that make fintech.

Fintech entrepreneurs and leaders will share their experiences and talk about the innovations shaping financial services and the future digital economy. We’ll hear from Nucleus, Sustainably and LendingCrowd on their thoughts about the opportunity fintech continues to present and about the fintech Cluster in Scotland. Soar, MoneyMatix and Exizent will give views on the opportunities for fintech to contribute to building back better post COVID. Fintechs such as Pour, Striver, Women’s Coin, Amiqus, Modulr and Gigged.ai also plan to share their experiences and ambitions for the future.

We’ll be hearing directly from fintech entrepreneurs on topics such as fast-tracking innovation, the future of crypto, how blockchain is transforming society, avoiding team burnout in fintech and how to scale a fintech! YES and YES!

The diverse mix of events and topics covered during the festival continue to demonstrate the breath of opportunity and significant range of contribution that makes fintech unique, inclusive and collaborative. It’s this support from a wide range of committed participants that allows fintech innovation in Scotland to thrive.

Like every year, our partners are also very much involved and we’re looking forward to attend events from RBS, Pinsent Masons, BT, PwC, Deloitte, The University of Edinburgh, The University of Strathclyde, IBM, Merkle, Checkpoint, SDI and no less than 6 events from the FCA.

We’re particularly excited to welcome colleagues from across the UK and the world as we continue to build national and international collaboration, share knowledge, and learn about fintech developments across regions and geographies.

We’re privileged and inspired to see the leadership, experience and expertise that plan to contribute across all the events, and I’d like to extend my thanks to everyone involved.

I’ll look forward to hearing your experiences and updates across the duration of the festival and I’m very much looking forward to seeing many of you in the coming weeks.

All the best

Nicola

Protecting your fintech against cyber-crime

Large or small, no business is immune to the threat of cybercrime.  With ever-increasing reliance on technology, the consequences of a cyber-attack can range from temporary disruption of trading to complete financial failure. 

Cybercrime continues to evolve in terms of frequency, cost and complexity and the shift to homeworking brought about by the COVID-19 pandemic have seen cybercriminals further increase activity resulting in some disturbing statistics:

  • In the first 6 months of 2020, there was a staggering 715% increase in ransomware attacks compared to the same period in 20191
  • During the pandemic, there has been a reported 600% increase in malicious emails2
  • A business is now 15 times more likely to have a cyber incident compared to a fire or theft3

Whilst more companies are starting to purchase Cyber Insurance, the take-up of cyber cover in the UK remains low. According to Hiscox’s 2020 Cyber Readiness Report, 58% of cyber-security professionals surveyed said their organisations purchased a cyber insurance policy””either as standalone or as an add-on to an existing policy””compared to 41% in 2019

Some common misconceptions around the need for Cyber Insurance include:

  • Cybercriminals only target large companies 

Whilst cyber-attacks against high profile businesses such as British Airways and Travelex hit global headlines, small businesses are unfortunately not immune to cybercrime. 

Small businesses are often considered low hanging fruits by cyber criminals due to a lack of resources to invest in IT security and staff training. In 2019 46% of micro and small businesses experienced at least one cyberattack or breach4

  • A traditional insurance programme affords adequate protection for the consequences of a cyber incident.  

Unfortunately, in most cases, this is not the case. Cyber Insurance has evolved specifically to provide protection against emerging risks not catered for by a traditional insurance policy.

  •  IT security will provide adequate protection against cyber incident.

Whilst investment in IT security will inevitably make a company less vulnerable to cybercrime, increasingly sophisticated cybercriminals are capable of overcoming even the most robust of security systems

In addition, IT security cannot provide protection against the weakest link in any company’s security systems”“ human error. The UK Information Commissioner’s Office reported that the vast majority (90%) of UK cyber data breaches in 2019 were caused by human error5

The scope of cover provided under a cyber insurance policy may include (but is not limited to):

  • Costs to recover and/or recreate lost data and restore computer systems following a security breach
  • loss of revenue/profit increased cost of working and loss of future customers due to reputational damage following a cyber event
  • Legal liability as a result of a breach of personal data /confidential information
  • Inadvertent breach of intellectual property rights via cybermedia 
  • Financial loss as a result of social engineering attacks such as phishing scams

Importantly, however, one of the most valuable and often overlooked benefits of a Cyber policy is the critical incident support services provided in the event of a cyber incident to help a policyholder navigate both the immediate aftermath and the longer-term consequences of a cyber attack.

Critical incident support services include:

  • 24/7 access to IT forensics, data breach/legal experts and public relations advisers, to provide support in the event of an actual (or suspected) cyber incident
  • Support in complying with data protection legislation and notification obligations following a data breach
  • Access to specialist ransom and extortion advisers

 

For more information please contact garry.hill@pib-insurance.com

To the sprinters, the spoils!

The sheer complexity of data protection compliance can make it seem hard to get anywhere fast, but it is possible to get a lot done in a short timeframe, explains Wendy Spires, Consultant at data privacy tech company Trace.

 

As anyone experienced in this fiendishly complex area of compliance will tell you, data protection is an endurance sport which calls for organisations to stay on top of continually changing rules – and risks – that affect virtually every element of their operations. But while it certainly is a marathon, we’re increasingly seeing our client cover impressive amounts of ground via our “sprint” offering.

Organisations often split into two camps on their data protection today: those who view their GDPR programme as a “one and done” effort which can safely be consigned to the mists of 2018 and those more correctly see compliance as a continual process, but who are frequently daunted by about taking those first next steps.

At Trace, we pride ourselves on being both technically and commercially aware, so that our clients can leverage best practice in data compliance as a competitive advantage. But that also extends to seeing how clients can most fruitfully work with us. For start-ups and scale-ups, dedicating huge amounts of time and resources to data compliance isn’t always option, yet they need quantifiable results, fast. Enter our sprint offering.

Like many of our clients, smartKYC is at the cutting edge of technology as a provider of intelligence monitoring solutions which utilise AI. Also like others, it works in a hotly contested field. Maintaining the highest quality compliance is non-negotiable, but so too are staying ahead of competitive pressures and making data protection really work for the business.

 

Full steam ahead

By delivering a highly focused, yet flexible sprint programme, Trace was able to showcase the full benefits of our model and bench strength. And it was full steam ahead right from the start.

Our initial data protection audit was enriched by a deep-dive discovery session with management to confirm and lift up new areas to tackle to form a roadmap for the next year. This laid out, we then set about key tasks for the near term.

First among these was to get smartKYC up and running with the Trace privacy management platform, so that Records of Processing Activity and other key documentation were built ”“ and ready to be built further upon. We then drew on our internal auditing and accreditation expertise to tighten smartKYC’s infosec policies and procedures, while also advising on best practices in data retention, human resources, data transfers and more. We were even able to squeeze in some highly valuable work on data ethics and future developments on the technological side.

In short, we were able to get smartKYC’s data compliance programme in pretty good shape in a matter of just a few days ”“ and completely bust the myth that compliance has to be a gargantuan effort, and if you can’t do that then it’s best alone.

With the right focus and a team which understands your business quickly, we are proof that you can get a lot of mileage out of just a few days of support. The prize is staying on the pace on the pace of compliance without a huge commitment in time or costs. We say: to the sprinters, the spoils!

‘Aspiring Unicorns’ Supporting High Growth Tech Firms

Aspiring Unicorns, designed and delivered by leading law firm Addleshaw Goddard, provides high-growth tech businesses with access to crucial insights for supporting their business growth strategy.

The Aspiring Unicorns series comprises seven critical lessons for high-growth technology firms, sharing insight on key topics such as data and disputes to IP and investments. Delivered over the next coming months, the first instalment covers dispute revolution, providing businesses with useful steps on how to best avoid a dispute.

The Aspiring Unicorns series follows the recent announcement of the fifth cohort of UK tech companies to join the firm’s AG Elevate programme, a fast-track legal mentoring scheme for growing technology businesses. Across the UK, eleven companies were selected and will receive support and mentoring from specialist lawyers at Addleshaw Goddard.

David Anderson, a Corporate and Commercial Partner at Addleshaw Goddard who specialises in tech, said: “Following the success of our AG Elevate programme, and the continued growth across the UK tech industry, it felt like the perfect opportunity to launch the Aspiring Unicorns initiative.

“This series of content, revealed in instalments over the next few months, will provide accessible and crucial insight to high-growth tech businesses looking to scale up and strengthen their position within the market.

 Elvan Hussein, a Corporate Partner at Addleshaw Goddard, said “We’re encouraging high-growth tech firms and investors with a strong tech portfolio, to take full advantage of this fantastic resource.”

As part of the initiative, Addleshaw Goddard will host a number of related webinar sessions where chapters from the series will be discussed.

For more information about the Aspiring Unicorns programme, visit:  https://www.addleshawgoddard.com/en/insights/insights-briefings/2021/general/guide-aspiring-unicorns-supporting-high-growth-tech/

Not boring! Creative! And inclusive!

What does the future of fintech look like’ is a question we’ve been asking across the FinTech Scotland cluster all week. One very wise comment asked us to consider the question differently What should the future of fintech look like’?

From all the discussion so far, there are two comments that have struck a chord with me. It will not be boring’ and We need to teach the future’.

The range of possibilities is limitless and there’s no doubt the consensus so far is that it can help us advance the digital economy in a number of ways, all the while enabling financial inclusion and helping us drive towards our net zero goals.

 

It will not be boring! 

Enabling this future is a skilled workforce drawn from a broad talent pool and range of experiences. We have work to do to support the development of those skills but continuing to develop fintech for the future will need a team of creative artists and designers working with software developers, regulatory and legal expertise, who have access to cybersecurity expertise, data specialists, linguists, psychologists and more.

It provides a true opportunity for collaboration, partnership and change, and it creates an environment for innovation and creativity that builds trust through customer centred design with robust privacy and security.

The innovation will take us in different directions. We see new examples of that everyday especially when it comes to things like digital and crypto currencies, or the future of payments two key topics in the recent FinTech Scotland podcasts

 

We need to teach the future! 

As we think about the role of digital technology and FinTech for the future a broadly unanimous view is that our children are one step ahead and are already embracing it. Fictional digital currencies like Minecoins, Simoleons, Life Points, and others are well understood by the next generation.

As FinTech for the future develops, many of those contributing views want to see how it can deepen future generations understanding of financial services to build future personal financial resilience. Many more are hoping that we embrace the opportunity to encourage more girls, women, Black, Asian, Ethnic and other minorities into the industry.

The opportunity to excite and intrigue more of the next generation about fintech and technology is already here and the stories we tell now will help us build and teach our future.

Zumo, Leutheria, Nude, Sonik Pocket, Sustainably, Qpal, Guiide, Airfunders and Visible Capital are just a few of the Fintechs in the FinTech Scotland community that are shaping future stories to inspire us all.

If you have a view on What the future of FinTech should like like’ please get in touch. I’d love to hear it.