Psybersafe: Mark Brown

Cybersecurity is a top priority for organisations of all sizes. Psybersafe is a new startup that provides accessible and data-based cyber security training for firms, empowering today's workforces to feel safe online.

Our experts

We are a team of writers, experimenters and researchers providing you with the best advice with zero bias or partiality. This article was authored by:

Name of founder: Mark Brown
Age of the founder: 56
Location: Oxfordshire
Date launched: May 2021
Number of employees: 6

What does your business do?

Psybersafe provides fun, engaging and behaviour-changing online cyber security training for organisations of all sizes.

We deliver the training in short episodes so that they don’t interrupt the working day and learners can fit them into their own timetable. We’re a committed, enthusiastic company, and we are 100% convinced that this is the way good training should be delivered. That’s reflected in our episodes, which include animations, informal language and allow the learner to make their own choices so the training is completely tailored to them.

Where did the idea for your business come from?

It was a question posed by a colleague – what can we do for clients on cyber security? I was working in an innovation incubator, so we were able to pitch for a bit of cash to work out whether there was something in our idea to ‘do something different’ for cyber training. We carried out market research, and a series of interviews and workshops, where we discovered that, in general, the way businesses train staff is not fit for purpose. We can tick the box of ‘training done’, but the training doesn’t change anything – let alone help people to act safely online. So, the idea of using proven behavioural science as a basis for training was born.

How did you know there was a market for it?

We had lots of conversations and testing with potential clients. The results convinced us that our premise – behaviour science-based cyber security training – was the right way to go. The challenge was, and still is, to ensure people want to do more than just tick the box. Unfortunately, cyber criminals and the increasing prevalence of cybercrime is reliant on ambivalence, so our job is to prove to employers and leaders that this training demonstrably helps to protect their organisations better.

What were you doing before launching your business?

I spent most of my career in financial markets, working with derivatives – mainly swaps – in London, New York, Singapore, Hong Kong, Sydney and Amsterdam. From 2009 on, I realised I wanted to take a different path and started studying psychology and behaviour.

Have you always dreamed of starting a business?

No! Not until 2009 when I got involved in organisational change and culture change within the bank I was then working for in Australia. I went off to study – executive coaching first, then a part-time degree in psychology. I carried on within financial markets, working for a Dutch bank in London and Amsterdam. There, I ended up moving to the bank’s innovation incubator, leading a number of initiatives. This gave me room to rethink my focus. When the opportunity presented itself to apply this to people's cyber security behaviour, I took the leap.

How did you finance your business?

The business is financed by me, as the primary investor, and client revenues.

Explain your business model and how you make money.

Psybersafe is a Software as a Service (SaaS) model. It’s an online platform of short, fun, behaviour-focused episodes for employees to go through every month. Companies buy a license for a number of employees, who then have independent access and follow the programme at their own pace. What’s different in the Psybersafe pricing model is that we don’t require a minimum number of ‘seats’. If you’re a company of 5 people, you’re just as vulnerable as a company of 50 or 500 or 5,000. But we don’t require you to pay for 50 people if you don’t need them.

The important thing to us is that the training is good, accessible for everyone and delivers better online security behaviours. In addition, add-on services, like a phishing campaign or bespoke cyber security campaign design, can be bolted on to the training – these help to emphasise the potential dangers and give people a chance to put their new behaviours into practice.

The programme can be run over multiple years which, from a behavioural perspective, we recommend as lasting behaviour change requires lasting intervention – you can’t change people’s behaviour with a one-time webinar! Once the training is embedded in an organisation, it’s natural that it becomes part of induction programmes so that all employees go through it as a matter of course.

What are the main challenges you have faced? And how did you overcome them?

The main challenge is balancing ongoing development of the Psybersafe journey itself and marketing Psybersafe, without overspending on either. As a very new company, we need to invest in profile and campaigns to help make our customers aware that we exist, and to show them the benefits of choosing our training. At the same time, we are constantly refining the training itself to make sure it has the right impact and the right results. So, like most start-ups, we’re juggling a lot of balls 24 hours a day!

What has your experience been of starting a business during a pandemic?

The pandemic was a double-edged sword. It took some pressure off as it felt that I did not need to rush to market. At the start of the pandemic, I began a consulting job on cybersecurity awareness, behaviour and culture. Because of this, I was receiving an income, but able to spend time developing the behaviour platform. My client became a Psybersafe client, so things were going well. Unfortunately, I caught Covid-19 just after Christmas 2020, as we were preparing to go live with the first large client. I was in hospital for 6 weeks with serious Covid-19 related complications – I was severely ill. But we kept things moving, albeit a lot more slowly, and the client was very understanding. We started the Psybersafe campaign two months late but, thankfully, successfully!

Describe your first breakthrough.

The first breakthrough was my first big client. They asked me how development was going because I’d spoken with them before about the right way to train people and showed them Version 1 – a precursor to Psybersafe – which resonated. That gave me the confidence to spend more time and money on the product.

Version 1, developed in 2017, had already received enough validation to convince me it was the right approach. The challenge has been to make it a viable business that can sustain itself profitably.

How has Brexit impacted your business? Do you think it will in the future?

Brexit itself has not really impacted us much – Psybersafe is SaaS based, so easy to ‘export’. I do get comments from people asking me why, for example, an Irish or Belgian company would use a UK cyber security provider. But Psybersafe speaks for itself. And as a behaviour science-based solution, we put Psybersafe close to the learner – in their language, with their familiar nuances.

What advice would you give to other aspiring business owners?

Be agile. Start small, test, learn and optimise. Check with your potential clients every step of the way: is this something you want and, importantly, are willing to pay for? How do you want it to look, feel, work? Don’t just take your idea and say, here it is, buy it! Don’t be put off if you are convinced that you’re onto something but make sure you test, test, test. Your potential client is your best test bed.

What is one resolution you have for your business this year?

To establish Psybersafe as a recognisable and reputable brand in the cyber security training sector. But we're a startup so we also need to continue to develop the year two Psybersafe path, and our Learner and Admin dashboards.

We also have a target number of clients to add, and we are starting a digital media campaign so we need to be on top of that, understanding what the channels are telling us and planning ahead accordingly.

How do you see your business developing in the next three years?

We aim to bring on two or three large clients a year and many smaller clients. This will allow us to share big company expertise with small firms.

Reaching this goal will mean expanding our customer success team and our content creators. Over the next three years, we will expand our training content carefully, with different types of interactions to support our behaviour change aims. The business will be self-sustaining and will continue to develop its behavioural science roots in other sectors, applying our expertise beyond cyber security into those areas that will benefit from our approach.

We have also committed to providing free licences to local schools – for every 1000 learner licences sold, for example, we offer 10 free licences to schools, to help safeguard them. To date, we’ve offered 200 licences to state schools in the UK.

If you're a business owner with a startup that's less than six months old, apply now to feature as one of our Just Started business profiles.

Helena is from Yorkshire and joined Startups in 2021 from a background in B2B communications. She has previously written for a popular fintech startup covering everything from money-saving tips to cultural reviews.

She is particularly interested in project management software and the films of Peter Jackson.

Leave a comment

Leave a reply

We value your comments but kindly requests all posts are on topic, constructive and respectful. Please review our commenting policy.

Back to Top