AGUSTÍN MUÑOZ-GRANDES

Spain 2021 | TELECOMS & IT | VIP INTERVIEW

TBY talks to Agustín Muñoz-Grandes, CEO of S21Sec, about the growth of the company, pandemic-related spending increases, and the threat of cybercrime.

How has the company evolved over the last two years?

We have leveraged the last few years to consolidate our expertise on the market, positioning us among the top five European leaders as a pure player in cybersecurity services. The accelerated digital transformation that many companies have had to undergo, especially over the last two years, has enabled cybersecurity to become one of the priorities for executives across all sectors. We have guided those companies with suitable advice for the situation, during which teleworking was implemented as an almost exclusive form of working in many companies that did not have the necessary infrastructure, but we were able to support them with our expertise, providing solutions so they could continue their business without worrying about the possibility of a cyberattack bringing their business to a standstill. Also, one of the company's most important operations was having the support of Maxive Cybersecurity, a holding company that combines the expertise of S21sec, based in Spain, Portugal and Mexico, with that of Excellium, based in Luxembourg, which has an excellent positioning on the market. Both companies offer a wide range of services that harness the best practices and the experience of both companies as managed security service providers (MSSP). Our mission is to continue growing as one of the largest European pure players in MSSP.

Do you have clients from other European markets?

As I mentioned, we have a strong presence in Europe; we have major multinationals who entrust us with the management of their cybersecurity. Thanks to our geographical position, and our long trajectory, we have important clients in Spain, Portugal, and Benelux. In addition to our strong European presence, we have a headquarters in Mexico and that enables us to manage major operations in Latin America.

The pandemic has caused an increase in spending by companies in the ICT sector, and cybersecurity is the segment with the highest performance. How have you adapted to the increase in demand?

Indeed, as we mentioned previously, cybersecurity has positioned itself as one of the priorities for all companies. It is a matter that was still pending for many of them and the pandemic has highlighted its importance and even its urgency, in many cases. We have been on the front line to support, in an altruistic way, the hospitals and any entity from the health sector, to ensure they had our backing, in the areas where our headquarters are located, against any cyberattack, because regrettably such attacks did occur during the pandemic. Our team was 100% ready to telework without problems and the transition was easy for us. During lockdown we have had to carry out client interventions that were implemented perfectly, our teams enable us to manage many incidents remotely, but when it is necessary to go further and carry out actions physically on site, we did not suffer any setbacks. Demand has grown exponentially, teleworking turned companies into more vulnerable targets, we have witnessed a 300% increase in cyberattacks during the pandemic. Faced with these new challenges, where many clients have had to reinvent themselves by adapting their services, changing to e-commerce, invoicing and making orders online, etc., we have been monitoring the new tactics of cybercriminals to prevent and resolve possible security incidents that our clients may suffer, supporting them and guiding them at all times. Major cybersecurity challenges that everyone, both the clients and our team of experts, have emerged from stronger than before.

In terms of revenue, how were your 2020 results?

We closed with 116% goal achievement, with an added growth of around 12%, above sector average. Our goal was always to grow above 10%.

R&D has always been a main focus for S21Sec, which invests more than 10% of its profits in it. Have you maintained the same level of investment despite the pandemic?

Our investment in R+D has remained at the same level. Technology is always progressing so our knowledge must constantly grow. Our services adapt continuously to market changes and so too do our staff, who undergo ongoing training to be certified in the most cutting-edge technologies.

What is your strategy to attract talent and motivate it into this sector?

This is linked to the value proposition that we offer our clients, which I always want to be appealing for people at S21sec: we must understand that the management of cybersecurity services is not only rooted in the understanding of the business of clients, but rather in how the use of technology affects them. Our objective is to advise clients so they can take the best cybersecurity decisions based on data, because we study their business in order to protect them from possible vulnerabilities that could endanger the continuity of their business. We constantly learn from the tactics of cybercriminals with the intention of anticipating their movements. We have a cyber-intelligence department that investigates cybercrimes, analyzing how and from where gangs of cybercriminals operate, which is really appealing to students who leave university in search of innovative and disruptive working challenges. We also collaborate with national and international organizations to combat cybercrime, thus protecting the critical infrastructures of countries.

You collaborate with IESE in master sessions for managers. One of the points that you were focused on changing is the concept that cybersecurity decisions should not be delegated to the IT teams of companies. Who should take decisions related to cybersecurity?

When they take our courses, most of the executive directors tell us that they prefer to delegate. In these courses, we highlight the importance of cybersecurity in companies due to the impact that an incident can have on the continuity of their business. It is important for executives to be aware of the implications that cybersecurity crimes now have, both in terms of legislation and malpractice. They need to be aware of the importance of legal compliance with GDPR, for example, or the need to train the staff to limit risks due to malpractice. We remind them in training that people continue to be the weakest link in the cybersecurity chain, and that shows the invaluable need for a suitable action plan adapted to the company, its sector, and the nature of its business. Today, a cybersecurity attack can affect the business processes of a company, the prices of its shares, its public image, besides the impact in the media and the market; therefore, we try to create awareness about this matter. It is the senior management that must establish a responsibilities map and a complete cybersecurity plan, they must know how much time they need to restore their business if they suffer a cyberattack, because this can have an impact worth thousands of Euros that can be contained or avoided with good planning. At present, most executive directors know that they must lead the digital transformation of their companies in order to harness the possibilities offered by new technologies and adapt their business model to new challenges and the new era. They must also be aware that this involves certain risks that must be addressed, both in terms of finances and company image.

What public-private collaboration opportunities exist in this area of cybersecurity?

There are COVID-19 recovery funds which can be fully harnessed, as well as several that have been allocated to encourage the digital transformation of companies, which could help them to fund part of the investments they need to make in different technologies, infrastructures, etc. We also need to bear in mind that there are public grants aimed at helping countries to develop industrially in a secure way, which means that there are plans to allocate funds to cybersecurity.

What are your objectives for the rest of the year?

We are aiming to consolidate our project for European growth, and we have considered other acquisitions. We want to continue to grow and maintain our position of innovation and leadership as benchmarks for the industry within the context of the COVID-19 environment, where work forces are scattered around or teleworking. Lastly, our aim is to strengthen our position as a leader for the management of these secure environments, security in the cloud and accompanying companies through their detection protocols and response to cybersecurity incidents.