Stopping MENA cyber attacks

Data breaches are costly.

In the Middle East, each breach costs about $8 million on average - the second-highest rate in the world, after the US.

But this is hardly a podium finish any region strives for.

Even with these high costs, the region remains far from self-reliant when it comes to cybersecurity solutions.

In 2023, only 5 cybersecurity startups raised funding - totalling $12.6 million.

That’s about 0.57% of total funding raised, and 1.02% of deal flow last year (excluding debt financing).

If you think that’s low, hold onto your (black)hats, because only $1 million was secured by 4 MENA-based cybersecurity startups the year before.

This all speaks to a common critique often levelled against the MENA startup tech ecosystem: that the lack of IP being built in the region - both for the region and beyond - points to a gulf in deep tech and engineering talent.

But try telling that to a certain Dubai-based cybersecurity startup founded in 2019.

Before raising a cent of pre-seed funding, spiderSilk had already discovered and disclosed vulnerabilities in companies like WeWork and MoviePass and collaborated with giants like Samsung Global, Huawei, and EA Games.

Their strategy of uncovering data breaches and sharing these findings with tech outlets like VICE and TechCrunch was a highly effective PR move that quickly shifted them from promise-based to evidence-based security.

In a practice that is unfortunately all too uncommon, Rami El Malak and Mossab Hussein were walking the walk while talking the talk.

🕸️ spiderSilk: re-imagining threat detection

spiderSilk simplifies cyber threat scanning, giving companies a clear understanding of where they are vulnerable to attacks.

But before we find ourselves ensnared in a spider's web (see what I did there?), I think it’s important to take a step back and establish what puts companies off from investing in cybersecurity infrastructure in the first place.

To this end, I’ve crudely identified three key factors, which I’ll call the “3 Cs”:

1. Complexity

2. Complacency

3. Cost

Let’s keep these 3 Cs in mind.

After securing a $500k pre-seed led by Global Ventures, with participation from FutureTech and angels like Careem co-founder Karl Magnus Olsson, Spidersilk got to work on its MVP.

Their goal was clear: to create "security as a service" for the global market, not just a regional solution.

⚙️ How it works?

Every company wants to secure its data, but mistakes happen.

To err is human after all.

But these misconfigurations can leave sensitive information exposed.

Security teams often juggle multiple tools to analyse external threats, making the process resource-intensive and complex.

SpiderSilk helps customers understand their attack surfaces by identifying exposed assets that shouldn't be accessible.

Their internet scanner maps out a company’s assets and attack surfaces to detect vulnerabilities and data exposures, while also simulating cyberattacks to highlight weaknesses.

It requires only an organisation’s name to provide a comprehensive view of all assets and vulnerabilities, with no need for integration or setup.

Cybersecurity experts validate any threats, ensuring security teams focus only on genuine risks, making organisations tougher targets.

The startup runs on a subscription model with prices that vary depending on the size of the organisation.

Remember those 3 Cs we mentioned? ✅ ✅ ✅

They’ve partnered with enterprise clients like ADNOC Group in the UAE, Seera Group in Saudi Arabia, and Qualtrics in the US. Last year, they signed their first 5-year agreements with global conglomerates like Unisys to provide Managed Security Service Provider (MSSP) services.

To date, the startup has raised $11.75 million, with the most recent investment round in November 2023, led by Wa’ed Ventures alongside STV and Global Ventures.

This funding will support SpiderSilk’s expansion into Saudi Arabia, where they plan to relocate their headquarters.

🔒 State of play

Overall, funding for MENA-based cybersecurity startups is modest by international standards.

Last year, global funding for cybersecurity startups dropped by 40% year-over-year but still accounted for about 2.5% of overall VC funding.

In contrast, MENA’s best year ever - this year - for cybersecurity funding only represented about 0.57% of the region’s total funding raised.

The takeaway? It's an exceedingly challenging market for startups in the region to secure capital.

This is further highlighted in Clearworld's recently published MENA Tech Startup Market Difficulty Report 2024:

• Only 4% of investors in MENA allocate funds to cybersecurity.

• Cybersecurity ranks 28th out of 30 sectors in terms of the number of active startups.

• It's easier to raise funding in 87% of other sectors.

• Cybersecurity funding is 11.1 times more difficult to secure than in the AI sector.

This all makes for pretty grim reading, but personally I think there’s grounds for optimism.

Sure, the region has been punching below its weight. No argument there.

But emerging markets often need a breakthrough startup to inspire other founders and demonstrate to VCs that success is achievable in non-traditional investment areas.

There is a recent exit to point to.

Lebanon-born cyber security company MYKI was acquired by US-based cloud management platform JumpCloud for an undisclosed amount in 2022.

The path being forged by spiderSilk will undoubtedly help further.

And it’s something that the founders themselves are conscious of.

As Rami El Malak, co-founder and CEO, said about their Series A round, “This investment is a watershed moment for the regional tech ecosystem, and we hope that it will open doors for more entrepreneurs to innovate in our space.”

Cynicism aside, there's a lot to be hopeful about.

Saudi Arabia’s National Cybersecurity Authority's launch of a Cybersecurity Accelerator program in 2022 is another positive development, aiming to support more than 45 startups over three years.

Startups like COGNNA, founded by Ibrahim Alshamrani and Ziyad Alshehri, raised $2.25 million after participating in this accelerator.

Other notable cybersecurity startups in the MENA region include:

CypherLeak, founded in 2022 by Mohamed Amine Belarbi, offers cyber risk monitoring and scoring technology that enhances cyber insurance underwriting in MENA.

Buguard, founded by Youssef Mohamed in 2021, is a Cairo-based offensive security and dark web monitoring company. It raised $500,000 in seed funding and has identified critical vulnerabilities for global tech giants, such as Yahoo, PayPal, Twitter, Snapchat, as well as the US Department of Defence.

FACEKI, founded in 2020 by Hamza Al-Ghatam, Mustafa Marhama, and Nabeel Radhi, is a Bahrain-based fraud protection platform that uses AI for biometric and digital identity verification, that raised an undisclosed seed round back in 2022.

FrontierZero, founded by Mohamed Morsy in 2023, simplifies SaaS management, licensing, and compliance, and recently raised $100k from VC firm Propeller.

⛰️ So, what’s next?

Investors need to be able to better evaluate security startups.

Simply throwing more capital at cybersecurity problems without understanding them won't benefit the region.

The inherently complex nature of cybersecurity means that “tourist” investors - those without deep sector knowledge - are going to struggle to grasp the nuances and potential of these startups.

It’s no surprise that half of the cybersecurity startups mentioned secured their first checks from investors with technical backgrounds or domain-specific expertise:

• FrontierZero raised $100k from Propeller, led by Tambi Jalouqa

• FACEKI secured an undisclosed seed round led by Nama Ventures, headed by Mohammed Alzubi.

• CypherLeak attracted $750k in seed funding from Qatar Insurance Company.

Whether SpiderSilk and others grow into successful businesses or not, their efforts will help to chart a course that future startups can build on.

The glass ceiling in the MENA cybersecurity startup ecosystem hasn’t shattered yet, but there are signs it’s starting to crack.

👋 Message from the team

Thanks for reading this week’s edition!

If you’re enjoying the newsletter, don’t forget to share it with a friend!

Have a question or any feedback? Just hit reply, or provide a rating below - we want to hear from you!!

Was this forwarded to you? Sign up here.