What's happened?

UK cyber attacks are on the increase. Nearly half of all UK businesses reported a cyber breach in the past 12 months, according to the UK Government's Cyber Security Breaches Survey 2017.

Global Internet Protocol (IP) usage is expected to increase by 24% per annum over the next five years, according to Cisco’s forecasts, which puts customer data and market intelligence increasingly at risk.

In many respects, 2017 was the year of the cyber attack. The NHS was victim to the Wannacry scandal during May 2017, which resulted in 6,900 NHS appointments being cancelled and hackers demanding payment through cryptocurrency.

Even the cryptocurrency markets themselves are falling victim to hackers. NiceHash, who mine for digital currencies, announced that it was suspending its operations after 4,700 bitcoins were stolen from the site’s accounts. At the time of writing, the bitcoin value stolen was in the region of $80 million.

Businesses which hold personal data are more likely to be targeted. 51% of UK businesses consider protecting customer data to be their primary reason for investing in cybersecurity (Graph 1).

^{Source: Cyber Security Breaches Survey 2017}

So what are the threats?

The average cost of a cyber attack for a large business is estimated to be £20,000, with the most common attack being fraudulent emails, coaxing staff to reveal passwords or market intelligence, according to the Cyber Security Breaches Survey 2017.

As well as the financial costs of dealing with a cyber attack, global authorities are considering enforcing tougher regulations and fines. The UK Government is planning to introduce fines of up to £17 million for companies which do not have appropriate cybersecurity measures in place.

Talent gaps

Chancellor Phillip Hammond has announced £1.9 billion of investment to protect the UK from cyber attacks over the next five years. CyberFirst is a government scheme led by the National Cyber Security Centre (NCSC) which offers financial support and training to prepare undergraduates for a career in cybersecurity.

Universities have also recognised this as an opportunity and there are currently 25 NCSC certified cybersecurity Masters degrees on offer across UK universities. However, 14 of these degrees are offered in London and the South East, as indicated by the red dots on Map 1. In order for the regions to attract talent, regional universities need to offer more cyber related degrees.

Occupiers are now expanding their security functions and Cybersecurity Ventures estimate that the demand for relevant professionals will reach six million globally by 2021. Of this, around 1.5 million jobs will be unfilled, due to the shortage of skilled talent.

However, more is being invested in developing cyber skills. For example, software and web development academy, CodeClan has received funding from the Scottish Government to train coders over 16 week courses. Since they signed for 7,000 sq ft at Argyle House, Edinburgh in 2015, over 200 graduates have secured tech related jobs across Scotland. German based tech firm, KPV LAB recently leased 3,800 sq ft at One St Andrew Square, Edinburgh off the back of this growing talent pool.

^{Source: Savills Research, Company Databases}

How are companies responding?

Tech sector take up continues to grow and reached 1.6 million sq ft across the UK regions during 2017, three times the level during 2009 (Graph 2). Tech occupiers are now also willing to pay higher rents for higher quality space. Average regional rents in the tech sector increased by 29% over the past five years, above the all sector average of 24%.

Venture capital (VC) investment is a key indicator of latent office demand and the UK is witnessing an exponential increase in investment within the cybersecurity sector. £220m of venture capital investment was deployed in the UK during 2017, the strongest year on record and a 116% increase on 2016 (Graph 2). Given tech companies possess high proportions of client data, we expect this sector to invest further in cyber defence.

^{Source: Savills Research, Company Databases}

What are the challenges for the regions?

One challenge for the UK regions is attracting more cybersecurity investment to drive growth outside London. Since 2007, 49% of the UK’s cybersecurity venture capital investment has been pumped into London (Graph 3). Without this investment, regional startups could instead choose to expand their operations within London. The NCSC, for example was scheduled to be based at Cheltenham's GCHQ, though eventually opened in Victoria, London during 2016.

The proximity of talent has been a key factor in attracting VC investment to the regions. VC investment (blue dots, Map 1 above) has clustered around the NCSC approved degree locations, including Edinburgh and Oxford (red dots). Investors value local talent pools produced from the universities when making their investment decisions and we expect these cities will see strong growth in cyber related take up. Savills estimate that one million sq ft of office space will be taken by cybersecurity occupiers across the UK regions over the next five years.

^{Source: Company Databases}

Clusters are key

Creating clusters of cybersecurity businesses will be essential to delivering growth across the regional cities.

Tech accelerator, Level39 launched cybersecurity accelerator, Cyber39 in 2017, which now supports 22 fast growth cyber companies in One Canada Square, marking the largest concentration of cyber start-ups in London. Developers should take note of this success story in the capital and provide more collaborative workspace to create cyber clusters across the regions.

Collaboration does not just benefit the startups, however. Technology giants, Cisco and IBM announced that they will share their market intelligence between their research groups to help organisations detect and reduce cyber threats.

Who has signed for space?

Darktrace currently occupy the Platinum Building at St John’s Innovation Park, Cambridge on a temporary basis and have pre-let approximately 20,000 sq ft on a fifteen year lease at the Maurice Wilkes Building. This comes after raising $58 million of venture capital funding on its latest round of financing. Darktrace has remained in Cambridge since its inception in 2013, benefiting from a cluster of global technology occupiers nearby.

^{▲ Cybersecurity firm, Darktrace signed for 20,000 sq ft at the Maurice Wilkes Building, Cambridge during Q1 2017}

NCC Group has acquired several cyber companies and subsequently signed for 10,500 sq ft at Thorpe Park, Leeds and 60,246 sq ft at XYZ Spinningfields, Manchester, as their new head office during 2015.

Abingdon headquartered Sophos secured the highest Initial Public Offering (IPO) for a UK software company during 2015 after relocating within Abingdon Science Park. Sophos' share price has since risen 190% at the time of writing.

It is not just UK cybersecurity companies who are taking space across the UK regions. Silicon Valley headquartered Proofpoint expanded within Green Park, signing a new ten year lease of 8,400 sq ft at 100 Brook Drive, having outgrown their 4,165 sq ft suite in the same building.

How is cybersecurity likely to impact the office market?

More and more, employers are actively encouraging employees to work remotely. However, the growth in remote working will require further investment in cybersecurity.

Workers are also using their own smartphones and devices to send and receive data on unsecure public networks, compromising market intelligence. According to the Cyber Security Breaches Survey 2017, only 70% of UK companies have remote working cybersecurity policies and could be liable to penalties.

Flexible working could see occupiers hunt for more flexible lease terms too. Average regional lease length fell 6% from 6.7 years to 6.3 years between 2016 and 2017, which has provided a platform for growth for serviced office providers. Over the same period, regional serviced office take up rose 172% to 592,000 sq ft, as a "flight to flexibility" takes place.