Darktrace uses advanced artificial intelligence to shield clients ranging from T-Mobile to the Church of England from online attacks. Two of its founders, co-CEO Poppy Gustafsson and technology director Dave Palmer, discuss the demands of running their £1.25 billion unicorn – and explain why data security represents an opportunity as well as an obligation
How does Darktrace’s AI technology – the Enterprise Immune System – protect businesses’ data?
Poppy Gustafsson: “When AI lies at the core of your business, the maths involved is pretty complex, so we’re big on biological metaphors. The human immune system has an innate sense of self. By virtue of that, it can identify anomalies, such as viruses and bacteria, it has never seen before. Our technology replicates this. It monitors the ‘pattern of life’ – the normal behaviour of every device on a network. It can identify when that pattern changes and respond autonomously.”
Can you give an example of the technology in use?
PG: “Say you clicked on an email attachment that, unbeknownst to you, contained malware. Darktrace can very quickly spot that you have introduced it into your network and can stop the attack in progress. This means that the humans in your company will have to clean up one laptop rather than the entire network.”
How do you go about explaining a complex data security product to potential clients?
Dave Palmer: “We have a videogame-style interface that draws you a picture of, say, a laptop that is grabbing data from a part of your network, trying to guess passwords and shipping this information to Austria while being controlled from Portugal. If we wrote a paragraph about that, you would get your head around the concept, but when you see a picture it’s more powerful. We do a lot of work on improving human-computer interaction, which I think is often missing in this industry. How do you invent something clever, but build it in such a way that businesses can truly adopt it?”
Last year Darktrace completed a funding round that took its valuation up to £1.25 billion. What have you learnt about generating investment?
PG: “Each of our investors has got something unique to bring us. Whether we’re expanding into new territories or diversifying our product portfolio, we can tap into their expertise. My advice is to remember that investors can provide a lot more than money. Make sure that you pick those that can give you what you need for the next stage of your development.”
DP: “We go looking for the trends and breakthroughs that appear to have near- infinite potential. If we were to have 10 ideas for growing the business, for instance, we’d focus on the one that could be scaled up to cover a billion people if China were to knock on our door and say: ‘We want to protect the whole country.’”
You have offices in 40 countries and employ almost 900 people. How do you go about finding the right talent for your business?
PG: “When you are doing something that hasn’t been done before, there is no rulebook that says: ‘You should hire this person.’ We bring in people who are really good at stuff, whether they have a background in traditional computer science, languages or whatever. If you can look at a problem from a lot of perspectives, you’re going to get the answer. That’s important to us as a business – we don’t have preconceptions about how you should solve a particular problem.”
Women comprise about 40 per cent of your workforce – a far higher proportion than you’d find at the average tech company. How do you ensure that all your offices around the world are so inclusive?
DP: “We always back our values. For example, early on we had an engagement with a potential customer, working at a very traditional organisation outside the UK, who said he wasn’t prepared to work with a female engineer. We chose not to do business with him. Because it has strong leaders such as Poppy and Nicole [Eagan, her co-CEO], Darktrace is attractive to women who want to join what’s seen as a male-orientated industry. I bet there isn’t another cyber security company in the world that has the balances we have.”
PG: “I can remember another [would-be client] commenting that he genuinely believed that women were detrimental to the workforce. What we’re doing is of huge importance. We’re protecting businesses and nations and their ability to operate, so it’s crucial that I can convey that message and that everyone here has a sense of purpose. We pride ourselves on being a meritocracy. We support our brilliant people and push them hard to be ambitious. We’re all unique and we have our own regional specifics, but we’re all part of Darktrace and have this purpose we’re working collectively to achieve.”
You have built a very broad client base, including Drax power station, Metro Bank, T-Mobile, the Church of England and the City of Las Vegas. What advice would you offer new tech entrepreneurs for getting that crucial first customer on board?
PG: “You cannot overstate the importance of landing your first customer in the history of a business. From that point your product development accelerates, because your client will say: ‘Can you make it do A, B or C?’ and you’ll think: ‘That’s a great idea.’ But you must always consider the trade-off between your commercial and technical ambitions. Technical teams want to build the solution to what they think is the problem, while commercial teams want to sell something that hasn’t yet been built. You can’t have one fully leading the other; the two have to be in lockstep.”
DP: “It’s helpful to remember that your early customers are likely to see themselves as innovators, but they’re unlikely to be the same type of client you’ll be selling to in two years. They may want to have a direct line into your product strategy and to help shape your future, which has pros and cons. They’ll also probably want to tell their friends about this amazing new company they’ve discovered. You can capitalise on that to the hilt.”
Why should data security be a primary concern in the boardroom?
PG: “Businesses are realising that cyber is one of the most pervasive risks today. A big data security breach can undermine trust in your company or even stop it from functioning. And it’s not only businesses – think about the smart cities of the future, for instance. If you have traffic lights with IP addresses, you need to ensure that they’re secure. As we embrace these brilliant and exciting new technologies, we have to be mindful of the threats they invite.”
DP: “If your organisation can no longer perform its fundamental activities, how long do you think it will last?”
How have cyber attacks on businesses evolved?
DP: “There’s been a big shift from criminals sneaking around networks for months or even years trying to steal a pot of gold – whether that’s data or actual money – to high-impact attacks that seek to do as much damage as possible within a few minutes and then extort victims for money to undo the damage. Most mid-sized businesses won’t have a 24-hour security team, so, if a manager opens an email attachment on Friday evening, will they come back to a smoking wasteland of a business on Monday morning? That’s a huge shift, which stretches the capabilities of most firms.”
PG: “Think about the rate of change of technology. My smartphone is the oldest piece of technology that my daughter will be able to summon up when she looks back at her earliest memory. I find that fascinating. On the flipside, there is no way that you can plug the skills gap and train humans to tackle cyber threats at the same rate at which the technology is developing. This means that cyber security is a problem that has to be solved by the technology itself, which is where Darktrace comes in.”
Are some businesses right to think they are less at risk than others?
DP: “This way of thinking is a huge error…
The full interview can be read exclusively by IoD members in the latest issue of Director magazine, out from 28 March.
Become a member of the IoD
The IoD has a range of memberships for directors, founders and co-founders, providing all the resources and facilities needed to enhance your business. To find out more about membership offerings and to join today, visit iod.com/membership