Navigating cyber and compliance with Naq

We are living in an age where cyber security and data compliance are paramount, and startups and SMEs face the dual challenge of navigating between complex regulations and regulatory adherence.

At the heart of this crossroads is Naq Cyber, a company co-founded by NCSC alumnus, Nadia Kadhim, alongside former cyber security expert at NATO, Chris Clinton, who are making cyber security and compliance simple.

Speaking to Startups Magazine’s Associate Editor, Sheryl Miles, Nadia shares insights into Naq's inception, challenges, and strategies, as well as the shifting cyber security dynamics for startups and SMEs, and the pivotal role of compliance in today’s digital era.

"My journey to becoming CEO has legal origins. While I was a law student, I volunteered at various organisations – one of which focussed on child rights and child protection. Upon graduation I was offered a job at this organisation. It was around this time that GDPR was coming into force, and I was tasked with implementing this at the organisation.”

It was this foray into the complexities of GDPR that laid the groundwork for Naq.

The impact of GDPR

Naq's solution to the convoluted world of cyber security and compliance is elegantly simple yet innovative. "Our platform automates the manual and time-consuming compliance tasks, taking the admin out of compliance."

Nadia emphasises the significance of legislation like GDPR in shaping business strategies, where compliance is no longer a choice, but a prerequisite for businesses today; and with legislation constantly evolving, staying informed and adaptable is crucial for shaping effective business strategies and ensuring growth.

"Legislation and compliance regulation are fundamental to business strategies today. Now that compliance is an essential rather than a burden, legislation is becoming part of a licence to operate. Without the right compliance posture in place, companies, especially in these highly regulated sectors, simply can't do business. For companies to grow, sell, exist, they need compliance. And that realisation is definitely increasing. Legislation is also not static, so companies must stay aware and up to date on legislative changes to shape their strategy and their budgets.”

The cyber security shift

Reflecting on the cyber security landscape's evolution, Nadia observes: "When we started, cyber security wasn't new but there was definitely a lot less attention paid to it by companies and organisations, no matter their size."

However, over the past five years the perception of cyber security among businesses has shifted from a burdensome cost to a vital investment. This shift from viewing cyber security as a "burden" to an "investment" underscores the changing attitudes towards digital safety and regulatory compliance and reflects a broader understanding of cyber security's role in facilitating business growth and efficiency.

Challenges in cyber security and compliance

Nadia identifies a dual challenge: the complexity of navigating compliance requirements and the prohibitive costs associated with maintaining robust cyber security measures. She underscores the inception of Naq as a response to these hurdles, aiming to democratise access to comprehensive compliance solutions.

"The challenge is twofold. Firstly, companies often don’t know where to start when it comes to compliance and cyber security. The second element is the cost of maintaining strong compliance, which is often prohibitive for companies. For example, in healthcare 50% of innovators fail to go to market due to regulatory compliance burdens."

Addressing the future, Nadia emphasises the need for enhanced supply chain security and preparedness for emerging cyber threats.

"If you look at the supply chain due diligence, which is most common across the world right now, the way that risk is assessed and mitigated is all based on questionnaires and ‘someone's bright blue eyes’. In Dutch we say, “I won't believe you on your blue eyes”, which means I'm not just going to believe something because you say it’s true. This is actually what is happening in supply chains currently. Not only does this archaic method rely upon trust, it also is only able to provide a momentary snapshot. It is quite possible that what is captured is a momentary snapshot of a potentially fictional security posture. Enhancing supply chain security is something we are really passionate about, ensuring companies leverage our existing technology that helps automate compliance so they can implement appropriate information security and compliance measures.

Securing seed funding in a woman-led venture

Nadia’s experience in securing seed funding for Naq underscores the importance of preparation. She candidly shares the adjustments she made to counteract biases against female entrepreneurs, ultimately finding success with investors who shared her belief in Naq’s mission.

“I lead our investment efforts and I would say it was trial and error. I would have conversations in the beginning of our fundraising journey that I would do completely differently by the end of the roadshow. However, the basics still stand – being extremely well prepared, having all of your investment documents in order, knowing your metrics, and really knowing your vision and where you want to go. 

“But for me as a woman, I employed little tactics like slightly lowering my voice and adapting my body language, such as leaning back. The issue that we face as women is a prejudice against female entrepreneurs; we are being judged on traction, numbers, and proof, whereas men are often judged on promises, big vision, and the future.  

“However, with the fund that ended up investing in us I didn't have to employ any of those tactics, and I was just myself. At the end of the day, it is about finding the right partner, that believes in your vision and believes in you, your vision, your experience, and the way you look at the world.”

This underscores the importance of finding the right fit for you and your business. If you have to work harder and become someone else to secure funding, perhaps it is time to rethink who you want to be partnering with.

Forbes 30 Under 30

The recognition from Forbes 30 Under 30 served as a personal and professional milestone for Nadia.

“It has definitely had an impact on my personal belief ... I speak to so many founders, and we have two things in common. The first being imposter syndrome and the second being that we never give up, even when all of the evidence around us is telling us that we should in fact give up. The combination of these two things gives you what it takes to become the founder and CEO of a startup. So being one of the Forbes 30 under 30 gave me a little bit of a confidence boost, in the sense that I was like, ‘Hey, I'm a peer to these people’. That's very cool.”

Addressing Imposter Syndrome

Nadia views imposter syndrome not as a hurdle to be overcome but as a tool for personal and professional growth. It fosters a culture of continuous improvement and empathy, qualities she deems essential for effective leadership.

"I don't know if you can, or even should, overcome imposter syndrome. What I have learned is that I can use it to better myself, to push myself to reach new heights … When you have impostor syndrome, you are always striving to be better, which takes grit, determination, and resilience. It is no coincidence that these are also characteristics of a good entrepreneur. Imposter syndrome is helping me be a better leader on a very human level and lead with empathy and from a point of strength.”

The vitality of Cyber Runway Ignite

Programmes like Cyber Runway Ignite, the leadership programme funded by DSIT and delivered by Plexal, are vital for emerging talents in the cyber security domain. Nadia's experience highlights the programme's effectiveness.

"Cyber Runway Ignite was fundamental in my journey as a leader, and I'm incredibly grateful that it came onto my path at the time that it did ... Part of what made it so exceptional was that I was able to connect to other founders in the same stage, with the same problems, experiencing the same highs and lows. It was great to go through that together and learn from each other. It was the perfect stage and perfectly timed and something I feel more founders should have access to.”

Future trends

Looking ahead, Nadia highlights the need for businesses to stay abreast of regulatory changes and to anticipate new cyber threats facilitated by technological advancements. She stresses the importance of proactive engagement with emerging legislation and adopting innovative security measures to safeguard against evolving cyber risks.

“From a regulatory perspective, there's so much going on that businesses need to be prepared for. The increasing legislation and regulation, such as the EU’s Cyber security Act and the AI Act, are increasing the demands on supply chains, increasing the ways companies must prove and demonstrate their compliance.  

“Another trend to look out for is the ways in which criminals are using emerging technologies too. It might be that they are able to use certain new tools and techniques to invent new ways to carry out cyber attacks.”

Nadia’s insights are an insightful glimpse into the challenges and opportunities within the cyber security and compliance landscape. Her journey from a law student passionate about child rights to the CEO of a pioneering compliance automation platform exemplifies the transformative potential of combining legal insight with technological innovation.