As human behavior increasingly shifts to the digital world, protecting our digital assets is of critical importance and even more so for businesses. Lloyds’s of London estimates that a serious cyber attack could cost $120B in loss to the global economy; the same cost as Hurricane Katrina. According to Kaspersky Lab, a single cyber attack costs an enterprise on average of $1.3M. With all this at stake, businesses are coming to realize they need to be proactive when it comes to understanding their security risks. SecurityScorecard is a continuous monitoring platform that identifies and rates your company’s security risk instantly. The platform can be used also to assess the security risk of external parties like potential partners, clients, and vendors.
Today, we sit down with CEO and Founder Aleksandr Yampolskiy to talk about the state of security, the company’s future plans, and the most recent round of funding.
Who were your investors and how much did you raise?
$27.5M in a Series C Funding Round led by Nokia Growth Partners. The other investors in the round were Moody’s Corporation, AXA, Intel Capital, Sequoia Capital, GV, Boldstart Ventures, Two Sigma Ventures, and Evolution Equity Partners.
Tell us about your product or service.
The SecurityScorecard Platform allows companies to instantly rate and understand the security risk of any company in the world.
Hundreds of companies use our platform to continuously monitor the security posture of their own organization as well as third-party vendors, and to report to their Board of Directors how they compare to others.
What inspired you to start the company?
I was a CISO at Gilt Groupe. My cofounder Sam and I were assessing the security of a large financial provider that offered a fraud prevention product for vetting all e-commerce transactions. We spent weeks talking to them and reviewing their daunting 30-page security Q&A questionnaire. At the same time, our Financial Controller was standing outside my office every day impatiently asking: ‘Why are we not expediting the security assessment? We need this product yesterday!’ We started poking around using passive security research methods and discovered signs on the Internet that that company was compromised. We could have lost our data if we rushed the deal. After discovering the vendor’s security issues, we incorporated specific legal provisions into the contract to protect the company. This experience highlighted how important – and difficult – it is to monitor the security posture of your vendors and business partners.
Sophisticated cyber attacks jeopardize businesses every minute of every day – just look at what happened at Equifax. SecurityScorecard identifies vulnerabilities, active exploits, and advanced threats and then rates risk using an easy to understand score, and enables collaboration amongst companies. What’s unique about our company is that we rate more companies than any other company in the market today. We also believe that the value of security rating – is to drive collaboration amongst companies in the ecosystem. Security ratings by themselves are tablestakes and need to drive action.
What market you are targeting and how big is it?
We cut across a few categories including security ratings and vendor risk management. The overall market that we play in exceeds $7B.
How has your business changed since we last spoke this time last year? We are more than two times larger in almost every aspect, customer, headcount, and revenue. In addition, we are now 100% channel focused and we believe that is the fastest path to market for us and the best path for our customers as well. We are continuing to grow at triple digit rates every year.
You previously had GV on your cap table from the last round and this round includes a number of investors including NGP, Moody’s AXA, and Intel. What has that process been like working with strategic investors at this stage?
It is very important that we bring in strategic investors from both a technology and With strategic investors it’s about finding the right fit, either from a technology, industry or market perspective. It a bit more of deep dive into the relationship versus something that is purely financial. This is a fantastic group of visionary companies, and they will help us accelerate our reach in the market.
What was the funding process like?
We were highly selective in who we wanted to include in this round. Obviously with logos like we have many investors have shown interest in our company, so the round was completely oversubscribed.
What are the biggest challenges that you faced while raising capital?
Similar to the above, who was the ideal fit for us from a strategic standpoint.
What factors about your business led your investors to write the check?
Our business is growing rapidly and the market is very large. We have proven that we can execute and that customers – including some of the best-known brands in the world – find value in our platform.
What are the milestones you plan to achieve in the next six months?
We plan on growing head count significantly, bringing new products to market, expanding our geographic footprint, and continuing our channel-first focus.
What advice can you offer companies in New York that do not have a fresh injection of capital in the bank?
Cyber-security in particular is a very hot space. Fresh capital shows the market that investors believe your product will continue on its rapid trajectory. Mayor de Blasio was in SecurityScorecard offices a few months ago and emphasized importance of creating new security jobs in the city.
Where do you see the company going now over the near term?
We will continue to strive to provide value to our customers as the leading security ratings company. As we add more capabilities to the platform we are confident our customers will grow even more delighted with our platform.
Where is your favorite fall destination in the city?
I love to go walking or biking in Prospect Park in Brooklyn. It’s beautiful and relaxing, and a small oasis to escape in a busy city.