1 12

Tech Business Newsletter

scruttonbland.co.uk TECH Business

Welcome to our latest newsletter aimed at businesses working in the tech sector. With hybrid working practices now dominating the service industries, the need to develop innovative solutions to maintain productivity and system security across multiple workspaces has tested many. F ortunately for our region we have some of the best tech business support in the country. We are delighted to see Tim Robinson, Chief Operating Officer for Tech East writing about some of the business hubs that have been springing up across East Anglia, which have provided encouragement and a welcoming community of like-minded entrepreneurial members and business start-ups. Tech businesses may also be interested in hearing from our advisers who have given timely advice on their areas of expertise. Luke Morris, Corporate Finance Partner offers up some top tips for tech business owners wanting to sell their business. Ryan Pearcy, Director of our SB Digital service asks some pertinent questions

Speaking of entrepreneurs, we have an interview with PocDoc, a Cambridge-based digital health platform that allows anyone with a smartphone using the PocDoc app to test themselves for a range of major diseases and conditions. At a time when our national healthcare system is facing significant pressures, PocDoc’s founders say they hope their app may have the potential to take some of the strain away from public healthcare providers – which is something we can all get behind.

about managing information in the post-Covid world, as well offering some insights into some of the main reasons why tech businesses

may need assistance with their financial operations. And David Taylor, Insurance Executive suggests that there are good reasons why even the most sophisticated tech business may not be immune from the reach of cyber-hackers. We hope you enjoy this edition of our Tech newsletter. If you want to discuss any of the points raised, please get in touch your usual Scrutton Bland contact.

Content

3 Tech firms don’t need cyber insurance – do they?

8 A Doctor in your Pocket

10 Why tech companies need help with financial systems

4 Managing information security in the post-Covid world

6 Location, location, location: how support for start-ups in the East of England is spreading across the map

2 | SCRUTTON BLAND | TECH BUSINESS

Tech firms don’t need cyber insurance – do they?

A government report* earlier this year highlighted that cyber attacks are becoming more frequent. Almost one in three businesses (31 per cent) and a quarter of charities (26 per cent) said they now experience breaches or attacks at least once a week. Tech businesses may imagine that they are more resilient to cyber attacks but in fact they may be even more lucrative targets for attackers than those in other sectors.

Incident response support —Following a cyber incident, you will need to access a variety of experts who can help you to assess any damages and provide critical breach response support, such as legal assistance and incident response professionals who can help you evaluate the situation and follow the appropriate steps to contain a breach and notify affected parties. First-party coverage —There are a number of first-party costs associated with data breaches. Data recovery, cyber extortion and business interruptions expenses can add up quickly, often reaching six figures or more. Cyber liability policies can protect you from devastating financial harm, and help with costs associated with breach notification, security fixes, and identity theft protection. Third-party coverage —Many people overlook the third-party exposures associated with a cyber attack. For instance, if an email sent from your server has a virus that crashes the system of your client, you could be held liable for damages. Cyber liability policies can provide protection for these kinds of costs, reimbursing you for any defence costs, compliance- related fines or even media liability exposures related to defamation cases. A cyber liability insurance policy is specifically designed to address the risks other types of business liability coverage won’t cover. Talk to us about what may be right for your business, and let us help you become more resilient to cyber attacks.

This can be for a number of reasons, including:

• The data they hold is valuable and useful to criminals

• Some hackers may regard cracking a cutting-edge tech firm as a big ‘win’

• Tech organisations are often early adopters of new technology which may not be secure

• Many tech firms have corporate cultures that are designed to stimulate creativity and collaboration, which may result in a large ‘surface’ to protect Following a cyber incident, businesses may have to deal with some big problems, like business disruption, lost revenue and litigation. Fortunately, there are steps you can take to manage your exposure to these risks, not least ensuring you have a robust cyber liability insurance policy which will provide a number of important benefits: Loss mitigation services —Many people think cyber insurance policies only help organisations respond and recover from a breach, but the right cover can also offer proactive loss mitigation support. For instance, cyber liability insurance can provide access to anti-virus software and password generators, and online resources related to cyber security education that businesses can use to identify and mitigate key cyber exposures.

*Cyber Security Breaches Survey 2022 gov.uk

David Taylor Insurance Executive

TECH BUSINESS | SCRUTTON BLAND | 3

Managing information security in the post-Covid world

The majority of us have found ways to adapt during the past couple of years and some of us may even have been surprised about quite how successfully this has been achieved. This success, relies heavily on technology and many businesses have been working hard to allow the flexibilities that are required within their established IT infrastructures to enable staff to work remotely. However, in order to do so, many organisations are now needing to accept a higher level of risk.

T he technological risks facing businesses depends on the weakest link in an organisation and the weakest link can so often be a business’ number one asset: its people. When based in the secure environment of your office workplace, it is reasonable to feel comfortable that your IT team can deal with the risks facing them. Whereas when staff are working from home, the situation is significantly different. Data and information relating to customers, staff and the business are all assets on which all organisations depend and during the past year the rules of the game have changed. The move to homeworking arrangements in rapid time during lockdowns has increased the vulnerability of organisations to cyber-attacks. Staff have needed to access key systems and data through personal devices or open internet- channels. Overnight, work laptops were sharing home WiFi networks, making an organisation’s vulnerability to attack less clearly defined.

Only the minority of business continuity plans will have accounted for such rapid change and the services set up to monitor and analyse threats to the networks, servers and databases under normal circumstances have been impaired by detecting new behaviours in the changed IT environment. IT Services have needed to ensure they are mitigating the risks of remote access to sensitive data by securing homeworking devices with patch updates and managing access rights to ensure an acceptable level of security. The human behavioural element is critical to cyber and data security risk. With the dilution of personal interaction, staff can be more susceptible to phishing as they cannot immediately sense-check emails with colleagues. There is also greater potential for controls and safety measures not to be followed, as they are overlooked and ignored to save time and reduce stress.

There can be a perception from users that they can get away with poor practice when working from home, such as sharing confidential files via email whilst in some cases needing to use personal devices to conduct company business. The need to secure the homeworking environment is not expected to be temporary. Companies whose staff have successfully adapted to working remotely may choose to dispose of office space permanently. This will require companies to maintaining high information security standards, both on business premises and in the home working environment.

4 | SCRUTTON BLAND | TECH BUSINESS

What questions could you ask yourselves?

1. Do you know how the new

working environment has affected the IT controls in different parts of the business and what risks these changes pose? 2. Do you know if the business has performed a risk assessment to identify possible network weaknesses where their susceptibility to attack has increased in the last 12 months? 3. Has staff awareness of key cyber threats been raised? Have they been told what they should look out for? Has there been testing of staff awareness with simulated phishing attempts?

4. Are you assured that security

patches on personal devices are being updated to the same standard as on-premise devices?

The cyber threats facing all of us are multifaceted and on-going, with the current key risks relating to:- Phishing Malware Unauthorised network access Denial-of-Service attacks Data breach Spyware Software weaknesses

It is important to consider the extent to which any relaxing or changes in controls has increased the risk of data loss or security breaches by recognising what has changed. That applies externally (phishing attempts) and internally (staff cyber awareness training post crisis or security patching of homeworking devices not being managed as effectively as on-site). Staff awareness and understanding of information security risk is essential. This applies to protocols around the use, management and storing of confidential data to prevent data loss, and applies to ensuring workers know how to spot cybercrime to avoid people succumbing to phishing attempts which can result in damaging malware and ransomware attacks. Current thinking shows phishing attempts and malware infections are seen as the most likely threats to arise, highlighting the importance of staff behaviour, training and awareness in minimising cyber risk.

5. Have the right people ensured

that the perimeter of the business is truly understood? Are all devices with connectivity and network access secure?

6. Have new software applications (e.g. videoconferencing software)

been adequately vetted for potential security flaws and vulnerabilities?

An independent health check review of your IT risks at this time can offer meaningful assurances to you and your business and we would be delighted to talk to you about this.

Ryan Pearcy SB Digital Director

TECH BUSINESS | SCRUTTON BLAND | 5

Location, location, location: how support for start-ups in the East of England is spreading across the map

Google had its early days in a garage in Silicon Valley, and within a few years, that area of California became the centre of the IT entrepreneurial world. Being in the right place is a key consideration for ambitious entrepreneurs, and the UK is no different. The past few years have seen an explosion of entrepreneur- friendly co-working spaces, incubators and ‘hubs’ and not just in major cities.

6 | SCRUTTON BLAND | TECH BUSINESS

F or those entrepreneurs in the East of England it’s no longer necessary to get on a train to London, and the East of England’s hub scene has thrived during Covid. More and more frustrated executives have started to turn their big ideas into innovative businesses. Lockdown provided the perfect opportunity to reflect on work-life balance and realise the dream of ditching the commute, especially as they realised that there were great facilities to support them on their doorstep. Five years ago I could have listed the high quality startup hubs on one hand with fingers to spare: Cambridge had St John’s Innovation Centre. In Suffolk there was Innovation Martlesham at Adastral Park, 10 miles from Ipswich station. Norwich’s Whitespace had come and gone. Colchester had one under construction. Now in 2022 the picture has been transformed. West Suffolk has gained the EpiCentre in Haverhill, run by Oxford Innovation and is part of a national network which also includes The Innovation Centre at Knowledge Gateway in Colchester. Patch is running its ‘work near home’ concept in Chelmsford. Norwich has gained Akcela at Fuel Studios. In Lowestoft the Orbis Energy Centre is welcoming more and more tech startups as well as energy sector businesses, as is Hethel Innovation near Wymondham. And Cambridge has the Bradfield Centre on Cambridge which has incubated several successful start-ups that have gone onto scale-up and thrive. One of the most interesting recent developments has been Innovation Labs which started from humble beginnings with a small space in Stowmarket and has now grown to span a network of four hubs: the original one, Sudbury, Melton and now Ipswich. Tech start- ups in market towns – who would have thought it? What differentiates these hubs from traditional business centres and serviced offices? In a Word: ‘community’.

Once you’ve upgraded from your kitchen table or the local coffee shop you’ll need a bit more. Good tech start-up hubs mean more than just office space, broadband, printers and somewhere to plug in a kettle. They usually have a communal, open-plan layout with hotdesking for those who don’t need to come in every day. At the very least there will be some kind of community or ‘ecosystem’ manager who makes it their business to get to know all the members and regularly checks in with them about their needs. Often there will be a café. Regular events and meetups are hosted, whether in a dedicated events space or just by pushing desks to one side for more spontaneous gatherings. We’ve held some of our most successful Tech + Toast events in hubs. Perhaps most importantly, people can learn from each other. Nothing is more powerful than listening to the ‘warts and all’ experiences of other founders who will almost always be happy to share their experiences and business journeys. Innovation ‘is a contact sport’ and it’s the accidental meetings and collisions between people which can often lead to leaps forward in the development of a business. For example, a sales professional with a great business idea but no technical experience bumps into a software developer looking for a cool idea to work on and hey presto. Finally it’s worth remembering that hubs act as magnets for investors and others offering support. All businesses need ideas, money and people. You might bump into someone from Innovate UK or Tech Nation. Angel investors, Growth Hub advisers, lawyers, financial services specialists including R&D tax consultants, insurance brokers and accountants, university knowledge exchange teams all now know where to come to help businesses. If you’re looking to start a disruptive business, the chances are the right spot is now on your doorstep.

Tim Robinson , Chief Operating Officer, Tech East

TECH BUSINESS | SCRUTTON BLAND | 7

A Doctor in your Pocket PocDoc is an early-stage, venture capital backed digital healthcare company with a founding team that has over 30 years’ experience in point-of-care diagnostics, consumer technology and healthcare. Their main mission is to help individuals make changes in their personal lives, in order to reduce the risk of health problems and diseases, and to that end they have developed an app to rapidly check and assess the health of a patient through a pinprick test.

Can you say a bit about PocDoc and what it does? PocDoc is a digital health platform which has been developed to allow anyone with a smartphone or tablet to test themselves for a range of major diseases or conditions. It works via a fingerprick of blood, and the patient then receives a full health assessment that puts those results in context and can then be offered solutions to address any health-related issues that arise. The PocDoc platform has been designed to work with their own set of proprietary, quantitative blood tests which are being developed in house and are focused on preventative disease areas, with cardiovascular disease and diabetes as a primary focus.

Does it work for other tests, such as Covid? The platform can also integrate other existing rapid tests onto it, digitise the results and provide the same health assessment and follow-on care pathways. During the Covid-19 pandemic, PocDoc adapted its technology platform and expanded its services to become a leader in offering workplace screenings for Covid-19. The PocDoc team can provide a full end to end solution, including rapid tests, healthcare staff, logistics and the PocDoc app which collects the results, provides individual Health Certificates including Fit to Fly) and offers full reporting to the employer.

How did PocDoc begin? When did the founders spot a gap in the market and how difficult (or easy!) it was to get things moving after that? Around 5 years ago one of our founders was having a discussion with their father about how hard it was to get convenient affordable preventative healthcare checks done. Their father had had his cholesterol checked by his GP and found it was elevated. Following a period of lifestyle adjustment he wanted to get his cholesterol checked again to see if it had normalised but he couldn’t find a provider to do it quickly and easily. We then designed a simple point-of-care test that would allow him to test his cholesterol at home at his convenience using his smartphone as the diagnostic reader.

PocDoc is a client of our Business Advisory team. We spoke to them to learn more about their work in the medtech, digital health and consumer technology sectors, and PocDoc, their all-in-one testing solution app.

8 | SCRUTTON BLAND | TECH BUSINESS

Can you say something about the way you went about securing seed funding? We closed our seed round last year with MMC and Forward Partners. Our strategy for securing seed funding was to talk to a number of different potential partners before moving forward with those who shared our vision and passion for the business idea.

Kiran and Steve, your founders, live in Switzerland but most of your team is in the UK. Can you say why you decided to do that? The UK is at the forefront of digital medtech innovation and is a great place to base a startup. We have been able to recruit great talent, have been backed by great UK- based VCs and are part of a thriving startup ecosystem. Back when we started PocDoc (pre Covid) the plan was for the founders to relocate back to the UK to run the company. But then Covid got in the way and now, after 2+ years of successful remote working, we don’t feel that is a necessary move.

How do you see PocDoc fitting in with existing healthcare providers? And what are the plans for developing the app? PocDoc has the potential to take strain away from public healthcare providers, providing a simple affordable tool to triage and screen patients outside of conventional healthcare settings. Not only will this free up valuable doctor time but it will also help reach a community of individuals who normally shy away from face- to-face appointments with their physicians. We have lots of plans for PocDoc. Firstly we will be rolling out PocDoc’s lipid tests to pharmacies and other healthcare settings. In parallel we will be working on a version of the product that can be used, at home, by untrained people. We are also developing our R&D pipeline including tests for prediabetes and hormone tracking.

The initial steps once we had worked on a concept were fairly easy. We patented the idea, built a simple prototype to demonstrate feasibility and then raised an angel round of financing to open our dedicated lab space in Cambridge. However, moving from prototype to product was much more challenging than we initially expected! Every part of the device and manufacturing process has to be tested, validated and verified which is a time-consuming process.

www.mypocdoc.co.uk

TECH BUSINESS | SCRUTTON BLAND | 9

O ne of the main things we can say about tech companies is that they understand technology. They see the benefits of cloud-based systems, understand APIs and appreciate a good User Interface. This leads them to base their operations and finance on modern cloud technology. But the saying goes that “The cobbler always wears the worst shoes” and although that may be an exaggeration for the technology sector, it does highlight an issue in that those in the tech sector tend to avoid seeking advice and guidance for their own systems. The world of integrated API-driven systems is still new and is growing at an incredible rate. Those systems that have the widest and deepest integrations tend to benefit over those that have none. This has led to the drive-in development of pre-built integrations and with it an incredibly complex ecosystem of potential systems you can link together in a plug-and-play style. Systems grow by finding a niche, then expand into other areas, with some getting purchased and absorbed or even shelved. It is a minefield in selecting the right software and even more challenging linking them together to maximise the efficiencies and business insights that can be achieved.

Why tech companies need help with financial systems

Technology companies are great at selecting systems that enhance their operations, be that automating invoicing and payments, managing staff expenses or even utilising a modern cash flow forecasting tool. But generally all decisions are made either in silo or from the operation system as the core. With virtually all systems having a direct or indirect link to the finance ledger, starting with operations in mind is counter-intuitive to maximising your system structure. Selecting the right finance system is key and working back from there to build out an integrated operational and management system structure will provide greater benefits than the alternative approach. So why seek an external consultant? Well you don’t know what you don’t know, and with such a vast array of options it is impossible to keep on top of the fast changing landscape of integrated cloud systems. Partnering with a specialist in this field enables you to build your systems from the ground up that automate where possible, plug in new systems as you need them, generate the insights you need and allow for the hockey-stick like growth that you hope to achieve. The SB Digital team has been created to be this partner to businesses. To advise on their systems and support as the landscape changes.

Ryan Pearcy SB Digital Director

1 0 | SCRUTTON BLAND | TECH BUSINESS

TECH BUSINESS | SCRUTTON BLAND | 1 1

Meet the Team We have a long-standing association with the tech sector and our specialists have a thorough understanding of the opportunities and challenges facing the industry.

We seek to build long-term, trusted relationships with our clients. It is important to us that we understand our clients’ business and personal aims and objectives, in order that we can provide bespoke and personal advice.

Get in touch with a member of the team to see how they can help you.

James Tucker Business Advisory and Cloud Accounting Partner james.tucker@ scruttonbland.co.uk 01473 945761 Simon Pinion Business Advisory and Cloud Accounting Partner simon.pinion@ scruttonbland.co.uk 01206 417202 Chris George Tax Advisory Director chris.george@ scruttonbland.co.uk 01473 945836

Ryan Pearcy SB Digital Director ryan.pearcy@ scruttonbland.co.uk 01206 417218

Luke Morris Corporate Finance Partner luke.morris@ scruttonbland.co.uk 01473 945731

Emma Emerson Insurance Director emma.emerson@ scruttonbland.co.uk 01206 417175

David Taylor Insurance Executive david.taylor@ scruttonbland.co.uk 01473 945748

Adam Smith Corporate Services Partner adam.smith@ scruttonbland.co.uk 01473 945866

0330 058 6559 scruttonbland.co.uk

@scruttonbland

Scrutton Bland Insurance Brokers Limited is authorised and regulated by the Financial Conduct Authority. Our FCA registered number is 828934. 0747/09/2022/MKTG

Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12

www.scruttonbland.co.uk

Made with FlippingBook Learn more on our blog