Cybersecurity is big business in Australia, and our well-regarded security expertise has fostered some big overseas successes – but turning that idea into a successful business takes a lot more than just piles of money.

Just ask Jeff Paine, founder and CEO of four-year-old, AI-based cybersecurity start-up ResponSight.

Paine’s fast-growing venture, which uses AI to detect changes in user behaviour that might suggest a cybersecurity attack, last year closed a $2m seed round, led by Sydney-based VC Carthona Capital.

That funding was crucial to the company’s growth, but even more valuable was the access it provided to strong mentorship support that had helped ResponSight’s management team avoid pitfalls during its rapid expansion.

A relative lack of competition and a sense of common purpose had meant local VCs “are much better at engaging with founders” than those in the United States, Paine told a panel session at the recent Australian Cyber Conference in Melbourne.

General interest in the VC community had helped start-ups engage with “Mentors are absolutely critical, and there’s a lot more interest from VCs in just knowing what’s out there, and in talking with people about what they’re trying to achieve.”

“Some people will tell you it’s easy to get money in the US,” Paine explained, “but it’s hard to get good money, smart money, or deeply engaged collaborative partner-style money.”

“And that’s what we look for in the ecosystem: who we can collaborate with, who we can partner with, and who is going to give us the insights that we need beyond a cheque.”

CyRise head of partnerships Kirstin McIntosh agreed, advising that entrepreneurs “don’t automatically look to the US – and even if you are, still think about how an Australian cybersecurity company can partner for a solution for the organisation.”

Moves like a $5.6m investment by CSIRO VC firm Main Sequence Ventures – which recently made its first cyber play with an investment in cybersecurity vendor Kasada – had added momentum for the local cyber industry.

Yet, McIntosh said, often “bureaucratic” funding processes favoured start-ups that had already been able to scale.

That was where partnering could help get cybersecurity start-ups over the line.

“We might not be able to scale as quickly or as rapidly, but we can absolutely do that in partnership,” she said. “And if we have a chance, we can show you how we can scale.”

Finding the opportunity

Potential start-up backers are watching carefully for start-up founders that create opportunities for themselves by developing new functionality – filling a functional gap that vendors might normally have taken months to address.

Using agile development processes and a considerable amount of determination, start-ups might turn around the new features within a week – and then offer them no-strings-attached access that lives or dies on the robustness of those capabilities.

Start-ups need to leverage this relative freedom to identify and develop their core value proposition, said Right Click Capital principal Ulric J. Ferner.

“The reason your product exists is not that it’s 10 percent better than what existing vendors are offering out there,” he explained. “It’s important for start-ups to be willing to take risks to get in, in some way.”

“If you’re a start-up and you believe in it, you believe that it’s ten times better – and once people see this great product and say ‘wow, I actually need this’, things start to happen.”

Yet start-up founders also need to make sure they don’t over-extend themselves, Prerana Mehta, chief of ecosystem development with industry development group AustCyber, added.

“There tends to be this ‘we won’t say no to anything’ mentality,” she said, “but you’ve got to be strategic, and know when to say no”.

That included situations where a potential corporate buyer requests full access to source code or source-code escrow, which Ferner called “a complete non-starter. It is about backing yourself and your product.”