XMCO, a French firm specialising in cybersecurity, has experienced strong growth, the curve of which closely follows that of the rise in cyber risks. On the occasion of its 20th anniversary, Marc Behar, its founder and president, looks back at the key stages in XMCO’s development, and forward to the need for companies, particularly SMEs, to gauge the threats that now directly target them.
How has XMCO’s growth matched the growth of cyber threats in recent years?
Marc Behar. When I started out in 2002, the first service I offered was penetration tests. The application of “hacker” practices against our clients’ cybersecurity was almost non-existent in France at the time. XMCO then gradually developed as the market grew, to expand the preventive approach of its set of services (exposure monitoring, technical intelligence, etc.), until the turning point of 2010 and the arrival of the smartphone.
This minor revolution has opened up access systems, set the stage for remote working and accelerated the digitalisation of VSEs and SMEs. All these advances have given a huge boost to e-commerce… and of course, cyber attacks. With this increase in attacks, demand from our long-standing customers increased, as did the number of new customers. This enabled us to sustain growth that had previously been exclusively organic.
When and why did you decide to go with a private equity fund?
M.B.By 2017 there were thirty of us, and at that stage our toolkit was no longer adequate. It became difficult to get enough visibility to follow everything that was happening and I had to face the facts: XMCO needed new ways to manage the business and track its growth. This is what led us to bring Initiative & Finance into the capital. We have now reached a new milestone of 75 employees.
As regards the strategy aspect, we already had the knowledge and vision – this being our core business. On the other hand, the Initiative & Finance teams helped us to ask the right questions about how to manage the business and then to put the appropriate tools and processes in place.Thanks to their experience, we have developed our own toolkit for monitoring production, costs, salaries, time management, etc. These tools not only allow us to better calculate ROI, but also to directly measure the effects of strategic decisions (a new sales approach, for example) and therefore to adapt.
XMCO’s growth is partly linked to the growth in cyber attacks. How do you work with companies to improve their response to this threat?
M.B. The pandemic has increased the threat hugely, it is true, but it is part of the constant increase seen since that famous turning point in 2010. Above all, it has shown the actual risk for companies which, until now, have allocated few technical and human resources to their IT departments. I am talking in particular about SMEs: previously, they were relatively unaffected by cyber attacks, which mainly targeted large groups and public-sector entities. These attacks are multiplying and becoming more systematic, targeting smaller companies which are also more vulnerable, lacking the internal structures and/or skills to deal with them.
For SMEs, this is the major challenge for the years to come. But, pending the capability to acquire better technical resources, measures can be taken to limit the first source of vulnerability in any organisation: the human factor. Training employees to recognise risky e-mails, using dual authentication, running regular system updates and data backups are all ways of protecting your company. It is basically a matter of applying the same precautions taken in real life to online activities. If SMEs could succeed in doing this, many cyber attacks would be avoided.
What are the next steps in XMCO‘s development?
M. B. Improving our offering and the services we provide to companies in response to risk: as we have seen, they need them! I have the same impression as 20 years ago: that we are at the beginning of the road… and I have the same ambition to continue on our way without yet knowing what form our growth will take. What is certain, however, is that without the support of Initiative & Finance we would certainly not be where we are today: it is a partnership based on mutual respect and a shared strategic view of the business.
I would even say that their presence brought me, on a personal level, recognition of the work accomplished.We often talk about the loneliness of CEOs in their responsibilities and decision-making, but thanks to what we have put in place internally, in terms of processes and tools, I never feel alone any more. And that, for an entrepreneur, is very important.