Growing the market for SDP products and services - SDP Breakout Padlet Summary - 09/11/2020

My thoughts and opinions have grown significantly since first penning this write up. After a handful months of trying to get a start up off the ground within this market, my views have matured and in turn I look back at this as a strange mix of naivete and an example of the Dunning-Kruger effect. As such, I believe I’ll re-write a new, updated version of this subject sometime in the near future.

Key Themes

Open source, Cobbler’s children, a move for more sociotechnical solutions and forced change vs gradual change.


To enable growth in the market, a focus on assessing SME’s and large companies appetite for change, socially and for the adoption of security tools, would be helpful to quantify how a new product/tool/service may enter the market.

All elements discussed suffered the effects of the personal bias of a handful of people either attempting to enter the market with a new product/start up or of those that have been working for years in some form of consultation. Due to this, certain barriers such as potential customers having a misguided understanding of what constitutes a developer should be taken as hypothesis and not fact.

There is a need for research to verifying and addressing these problems but it is difficult to convince companies to participate in the action research it would require.

The existing infrastructure for growing the market, such as accelerators and grants are quite well situated. There is a streamlined approach that takes one from the pre-idea stage, through to securing their first round of seed funding and beyond. These accelerators have been identified to have excellent teaching material in them.

With social changes being slow in companies, there is a perceived difficulty in convincing clients to adopt new security techniques and tools. This is gradually changing. Ransomware attacks and other breaches hitting companies in their pockets and a maturing cyber insurance industry new entries into the market are getting more ammunition when it comes to securing sales.


  • Difficulty in receiving grants (grants specifically tailored to SPD products)
  • Difficult for big companies to buy into any kind of social change and smaller companies lack awareness of why security is important
  • Difficulty in commercialisation of academic research
  • Companies have a preference for open source (‘free’ services)


  • Combined market of application security and digital design is valued at several billion
  • A push for sociotechnical security is occurring (Oct 2020)
  • Move to more HCI centred approaches and further away from ‘new tool that fixes x’
  • Maturation of the cyber security insurance market offers cyber security tool developers a stronger hand to play in deals with potential clients (easier to evaluate the saved cost of the product by lowering insurance costs etc)

My ‘Hot’ Takes

Whilst all the other text in this article and sister articles have been through my subjective lens, below is a little insight I felt required to omit from the official publications of these write ups, as they reflected my personal opinions and not that of RISCS or collegues I worked with on the day. Some of my insights may be due to my inexperience for leading breakout rooms (it was my first attempt!), not knowing how and when to move/direct the conversations on.

  • While the focus group appeared to discuss the barriers or issues with the market, I think this is mainly due to the fact that it’s rare to be able to air your grievances with people that are going through the same thing.

  • If you’re one of the lucky people to be selected into an accelerator, then the general route to entering the market has been streamlined nicely. The material being taught also seems to be very high class.

  • In terms of actually growing the market, not a huge amount was spoken. Companies appear to prefer open source products, so freemium models are more likely to succeed(?) and as the cyber insurance market grows, SPD tools value will rise. This is due to their being a monetary incentive for companies to demonstrably improve their security (especially in design) to ensure less payout for insurance.
  • It seems that with time, larger companies are realising the costs of weak security, with breaches and other issues hitting them in their pockets. Meaning it is beginning to see a gradual change where these larger companies are more likely to purchase tools.

Contact Information

Thanks for reading this far, if you have any questions or thoughts about this post, feel free to let me know at