Interview: Federico Charosky, CEO of Edinburgh-based Quorum Cyber, on facing down hacker 'bullies'

But the firm opts for an unusual description of its cybersecurity remit, helping its customers to fend off threats, breaches, and cyber attacks, as fighting “bullies” and aiming “to help good people win”.

Charosky, who holds the chief executive reins, says the company’s good-versus-evil mission has personal roots, his origin story seeing him grow up in his native Argentina as a “geek”, and, lacking a social circle, finding refuge in computer games. "I realised that the characters that I was playing were all the characters that were legal, good, that were always fighting that fight, so I think it was my way of dealing with [bullies],” he says.

“For some reason, I stumbled upon an industry where it allows me to be that ‘stop’ or prevent good people from having bad days. And I think a lot of the people that work with us, whether they're employees or customers or partners, they all connect with that message. And I think that's one of the things that's working really well for us.”

Quorum Cyber says its workforce has now overtaken the 200 threshold, up from 25 five years ago and boosted by its opening of offices in London and Florida, while it has doubled its turnover for three consecutive years.

A Microsoft Solutions Partner for Security, it adds that it defends more than 150 organisations in Europe, North America, Asia and Australasia, encompassing higher education, housing, law, insurance and financial services, energy, professional services and retail.

Its mission, helping its customers prevent, stamp out, and tackle the fallout of cyber attacks, comes as such incidents continue to grab headlines, and can involve high costs financially but also in terms of privacy, and national as well as personal security. High-profile victims include, recently, the University of the West of Scotland, and the Scottish Environment Protection Agency back in 2020 with the latter alone estimated to have cost millions of pounds.

Issue

The UK government’s Cyber Security Breaches Survey 2022 found that in the previous 12 months, 39 per cent of businesses had identified a cyber attack, and a third of this group estimated that they were attacked at least once a week.

Charosky, speaking broadly about the issue of cyber attacks, is keen not to “victim-shame”. He adds that the expectation of the hacked organisation’s role in, say, tackling cyber security need to be taken into account, “but let's not forget that [they’re being attacked by] somebody evil doing bad things”.

Additionally, he has previously noted how “every company is an IT company now”, although the UK government survey also showed that only a fifth of firms surveyed reported having a formal incident response plan.

Charosky says he started his business to take a transparent approach to cyber security, rather than scaring and disorientating organisations into spending money. The Quorum Cyber boss is instead asking: “What are the actual things that can happen to you, that are likely to happen to you? What's the value of that bad day to you? How can we use a proportionate response and proportionate investment to get you to a better place, and make [your cyber security strategy] a conscious decision by stakeholders as opposed to an accidental or, worse, after the fact [measure]? [Also] the security isn't an end in itself – it’s just a way to enable those organisations to do what they're here to do.”

Quorum Cyber itself has attracted funding to help it do what it's here to do faster, including just under £3m in 2020 in a round led by Glasgow-based private equity house Maven Capital Partners, which achieved an overall money multiple return of 6.5 times cost in 2022 when it exited and UK private equity firm Livingbridge invested in the Scottish cyber security business. Livingbridge at the time deemed Charosky “an inspirational leader”, and cited research predicting that the managed detection and response market will grow to $2.15 billion (£1.7bn) by 2025, more than doubling from 2021.

Catalyst

Charosky says such financial fuel has been “fundamental” to his company’s upward trajectory. “We’re very focused on growth and scale, which requires oxygen, so those investments have provided the oxygen for us to be able to maintain that speed.” He adds that while the firm has grown organically to date, it is open to acquisitions, and in terms of its geographical spread, it is looking to gain further traction in the UK and US, and then in the Nordics, Europe, Middle East. “It might be that additional funding is helpful to do more than one at the same time. That's very much a future conversation.”

Returning to the present, the business says it now has a valuation of £150m – and Charosky is aiming for it to reach unicorn level – a tech firm with a valuation of at least $1bn (£787m). “I think that would be a lovely milestone,” he says, although stresses the need he sees to grow at a steady and purposeful rather than pedal-to-the-metal speed.

Quorum Cyber is also working to improve diversity and inclusion, focused on neurodiversity, social mobility, and boosting the cyber gender balance, saying the industry is typically around 82 per cent male. And the CEO, whose accolades include being an EY Entrepreneur Of The Year 2022 UK finalist, welcomes his role as leader, coming after serving as vice president at a bank in the Middle East, a senior role at a cyber security firm in the UK, and earning his “fair share of scars” with another start-up, for example.

“I keep saying to anybody that asks, [Quorum Cyber] is the hardest work I've ever done, but it’s the most fulfilling… to know that you're playing a part, almost like the glue or the umbrella that [pulls so many people together].”