This Q&A appeared in Oxygen 250 2025, in which Cyberfort ranked 194th. You can download the full report here, courtesy of our partner Nebula Global Services.
One key fact people might recall about Cyberfort is that its datacentres are based in a former military nuclear bunker. Is that your main business?
When I joined [in January 2023], I had the same challenge you had. The old website had pictures of bunkers. And that’s all great – we have got a nuclear bunker and that’s where we store the data – and that’s our back-up and recovery service.
But that’s a small part of what we do in terms of turnover. We turn over roughly £25m, and £15m-£16m of that is from cybersecurity, and what we call cloud security is £9m.
We’re a cybersecurity business.
But we’re different to most cybersecurity businesses. Other than the big guys – the likes of an NCC – most will do just one thing, whether that’s cybersecurity consultancy, pen testing, or the SOC. Or maybe they do back-up services.
We deliver the whole end-to-end, and for a company our size that’s quite unique.
Your growth since 2019 has all been organic. Is M&A on the cards?
When I joined [at the start of 2023], I said we’d be looking to try and grow organically and inorganically.
It’s a challenge in this market to find good opportunities at the right price. But we believe we’ve found a couple – one of which we would hope to complete relatively soon. That’s going to take us from 200 to about 350 customers, and give us a slight international presence – it’s extending our customer portfolio in pen testing. We see a massive cross-sell opportunity in taking customers who have predominantly taken pen testing from an organisation and cross selling our SOC services.
You’ve been backed by Palatine since 2017. What are your longer-term ambitions?
We’re looking to try and grow the business through organic and inorganic growth strategies. And then probably there’ll be an event in two to three years’ time.
What threats are people not talking about enough?
Secure by design is going to become the de-facto standard and will continue to grow outside just government and critical national infrastructure. And then I think operational technology threats are going to continue to grow significantly.
