All Resources

UK Cyber Flywheel Round 2: From Alignment to Execution

Published on
April 14, 2026
Contributors
Mariana Padilla
Community Evangelist

Last week, over 150 senior leaders from across the UK cyber ecosystem gathered at the QEII Centre in London for the second UK Cyber Flywheel.

Bringing together CISOs, founders, government leaders, and investors, the Flywheel is designed with a simple goal: to better connect the people who build, buy, and back UK cyber companies and turn that alignment into real, measurable outcomes.

If the first Flywheel proved there was appetite for collaboration, Round 2 made one thing clear. The focus has now shifted to execution.

Engagement at 10 Downing Street

Ahead of the Flywheel, a select group of founders and CISOs were invited to 10 Downing Street for a private visit and discussion.

The session brought together senior security leaders, UK cyber founders, and government representatives to continue the conversation around strengthening the UK’s cyber ecosystem. Discussions focused on barriers to adoption, opportunities for closer collaboration, and the role government can play in supporting UK cyber innovation.

The visit underscored the level of engagement across government, industry, and startups, and set the tone for the more action-oriented discussions that followed.

That set the stage for the Flywheel itself.

Who Was in the Room

Those discussions carried directly into the Flywheel itself, where that same cross-section of leaders came together in a more focused, working environment.

The room included:

  • Senior CISOs from leading UK enterprises
  • Founders from high-growth UK cyber startups
  • UK Government and public sector representatives
  • Venture capital and angel investors

The session was intentionally structured to drive interaction, not observation.

Key Themes: Where the Ecosystem Aligns and Where It Doesn’t

1. The UK doesn’t lack innovation. It lacks deployment pathways
There was strong consensus that the UK is producing high-quality cyber startups. The challenge is not creation, but adoption.

Multiple founders highlighted a consistent gap between building a product and getting it into real enterprise environments.

Early-stage companies are struggling to secure design partnerships, navigate procurement processes, and move from pilot to production within UK organisations. While interest exists, it often does not translate into meaningful deployment.

As a result, many founders are looking outside the UK for traction earlier than expected.

As Harry Wetherald, Founder & CEO of Maze, shared: “It’s early days, but people are starting to notice the momentum. I had coffee with a US-based VC at RSA a few weeks ago where he said, ‘you know what’s weird, every startup we meet this week seems to be from the UK, what’s going on?’”

“It’s early days, but people are starting to notice the momentum. I had coffee with a US-based VC at RSA a few weeks ago where he said, ‘you know what’s weird, every startup we meet this week seems to be from the UK, what’s going on?’”

2. CISOs want earlier engagement, but risk remains a blocker

Enterprise security leaders expressed real interest in engaging earlier in a startup’s lifecycle, particularly through design partnerships.

However, that intent often runs into internal friction. CISOs pointed to challenges including securing internal buy-in, navigating procurement processes designed for established vendors, and meeting compliance and risk requirements that are difficult for early-stage companies to satisfy.

Even when there is enthusiasm at the individual level, translating that into a live deployment can be slow and complex.

At the same time, there is a broader mindset shift underway. Cybersecurity is increasingly seen as a shared responsibility across the ecosystem, not something any one organisation can solve alone.

3. Government’s role remains a point of tension
One of the most debated topics of the day was the role of government in the ecosystem.

In one of the more direct moments from the VC panel, a participant noted:“Government needs to get out of the way in a lot of cases. There’s a perception of ownership over cybersecurity, but not enough actual buying from early-stage companies.”

This perspective was grounded in specific challenges raised throughout the day. Founders and investors pointed to limited procurement from early-stage companies, complex and slow purchasing processes, and restricted access to opportunities unless companies are already part of government-backed programmes.

These dynamics can unintentionally narrow the field of who gets visibility and make it harder for new entrants to gain traction.

At the same time, there were calls for more effective engagement, particularly in procurement reform and creating clearer, more accessible pathways for startups to work with public sector buyers.

Importantly, there was also recognition that intent is there. The Department for Science, Innovation and Technology (DSIT) played an integral role in supporting and shaping the Flywheel, reflecting a clear commitment from the government to engage with and strengthen the UK cyber ecosystem.

The takeaway is that HMG has a critical role to play, but how it shows up today is not yet fully aligned with what founders and buyers need.

4. Culture and ecosystem support still need to evolve
Beyond structural barriers, there was a consistent theme around culture.

As Oliver Legg, Co-Founder of Aspiron Ventures put it: “The UK generally lacks the culture of support and willingness to help entrepreneurship thrive.”

“The UK generally lacks the culture of support and willingness to help entrepreneurship thrive.”

More active support, whether through feedback, introductions, or design partnerships, was highlighted as a key lever for change.

Across the board, the message was clear. The ecosystem does not need more discussion. It needs action.

In practice, that means moving beyond panels and into tangible engagement. More CISOs taking meetings with early-stage companies. More design partnerships that lead to real deployments. More investors making introductions and supporting founders beyond capital. And more consistent pathways for startups to navigate procurement and scale within the UK.

The gap is not in understanding the problem. It is in turning intent into repeatable action across the ecosystem.

Pitch Competition: Innerworks Takes the Win

A core component of the day was the Flywheel pitch competition, where a select group of UK cyber startups presented directly to CISOs, investors, and government stakeholders.

Innerworks was selected as the winner, with founder Oliver Quie recognized for both the strength of the technology and the clarity of the problem being solved.

The competition reinforced what the Flywheel is designed to enable: direct exposure, real feedback, and pathways to further engagement.

From Conversation to Commitment: Agreed Next Steps

Unlike traditional events, the Flywheel is structured around outcomes. Participants were asked to commit to specific follow-on actions, including:

  • CISOs engaging directly with at least one UK startup
  • Founders making meaningful introductions across the ecosystem
  • Investors connecting companies with capital or strategic partners
  • Government representatives identifying ways to reduce friction in procurement

Momentum, of course, is key. As Alastair Paterson, CEO of Harmonic Security, noted:

“The UK has all the ingredients to build globally competitive cyber companies. What matters now is how quickly and effectively we turn alignment into action.”

What Comes Next

The work doesn’t end when the room clears.

Follow-on conversations are already underway across the ecosystem, with a focus on turning commitments into tangible outcomes. These include new design partnership discussions between CISOs and UK startups, increased founder access to enterprise buyers, and introductions that can accelerate both investment and commercial opportunities.

There is also a continued push to identify clearer, more repeatable pathways for startups to navigate procurement and move from initial engagement to real deployment.

The Flywheel is starting to turn. Now the focus is on ensuring those initial conversations translate into measurable progress across the ecosystem.

Our Resources

Related Posts

View All Resources

Engineering at Harmonic: Lessons from our latest experiments in model tuning

UK Cyber Flywheel Round 2: From Alignment to Execution

Making Sense of the Agentic AI Landscape

Build Your AI Guardrails Now

Gain the visibility and control you need to guide AI use with confidence.

Book A Demo
Harmonic Security company logo
As every employee adopts AI in their work, organizations need control and visibility. Harmonic delivers AI Governance and Control (AIGC), the intelligent control layer that secures and enables the AI-First workforce. By understanding user intent and data context in real time, Harmonic gives security leaders all they need to help their companies innovate at pace.
Products
AI Governance & Control Platform
Harmonic Protect
MCP Gateway
Company
ResourcesAbout UsPartner ProgramEventsCareersContact Us
© 2026 Harmonic Security
Trust CenterPrivacy PolicyTerms of Service
Glossary of Terms