axio, a cybersecurity risk assessment platform, today announced the closing of a $23 million Series B round led by ISTARI Temasek, with participation from investors NFP Ventures, IA Capital Group and former BP CEO Bob Dudley. ” key regions.
Axio was founded in 2016 by Cannri and Dave White, who say they were inspired by the difficulties companies often face when making cybersecurity investment decisions. Kannri spent several years leading the cyber insurance group at Aon, while Dave came from Carnegie Mellon and spent most of his career developing cyber security systems, including the US Department of Energy’s C2M2 (Cyber Security Capabilities Maturity Model).
“We have seen how CEOs and boards of directors struggled even as the discussion of cyber risks approached. At the time, it was widely believed that cybersecurity was essentially a technical problem solved through IT investment by the people who manage IT,” Cannri said in an emailed interview with TechCrunch. “Now, with a wave of high-profile breaches affecting virtually every sector, industry, and organization size, boards and CEOs are recognizing that cybersecurity is, at its core, a business issue that literally needs to be discussed from a financial standpoint.”
Axio aims to help businesses answer questions such as whether they should invest in cybersecurity (like endpoint security) or cyber insurance, and how much budget the security team needs to mitigate losses, Cannri said. The product creates reports that quantify cyber risk in financial terms without resorting to estimates and technical jargon, allowing departments to enter information to create metrics showing how a company is improving or not improving over time.
Startups like BitSite offer similar products that assess the likelihood of an organization being hacked. But Kannri says that Axio is distinguished by its emphasis on modeling the impact of cyber scenarios. In other words, Axio worries less about probabilities when evaluating risks and more about their serious consequences.
Axio recently introduced dynamic scripting, which allows companies to simulate “what if” scenarios to help them understand how to prioritize their security controls. It has also signed strategic partnerships with several major cyber insurers, which Kannri says use the Axio platform as part of their cyber insurance underwriting processes.
“Our platform allows security leaders to define the baselines of their existing security controls, quantify their cyber vulnerabilities in dollars, and stress test their insurance coverage to see if it is adequately covered. [It moves] In addition to outdated compliance-based approaches to cybersecurity, risk-based models that [look] in cybersecurity in general and in terms of costs,” Cannri said. “Over the past two years, we have seen a significant increase in the number of security leaders using our platform to assess and quantify their cyber risks. Many of our key energy and critical infrastructure clients, despite spending millions of dollars a year in some cases on cybersecurity oversight, have begun to critically evaluate their cyber programs following high-profile attacks such as SolarWinds and the closure of Colonial due to the program. – extortionist. Pipeline. At the same time, cyber insurers and reinsurers have been asking us to provide deeper quantitative risk information to support their underwriting teams.”
To be sure, there is pressure on businesses, especially state-owned ones, to better manage cyber risk. Earlier this year, the US Securities and Exchange Commission proposed new reporting rules regarding cybersecurity regulations and policies for all public companies. While not formally adopted, the proposed requirements include periodic updates on previously identified cybersecurity incidents and disclosure of management’s role in risk mitigation and the implementation of cybersecurity procedures.
Meanwhile, some forms of cyberattacks are becoming commonplace. According According to a 2022 report by cybersecurity firm Sophos, 66% of organizations were hit by ransomware attacks last year, up from 37% in 2020.
Influenced by this Gartner pressure predicts that by 2025, 40% of all state councils will have dedicated cybersecurity committees.
“Despite a significant increase in cybersecurity spending in recent years, cyber threats continue to pose significant challenges for companies in all sectors, especially for critical infrastructure operators who have historically formed the backbone of our customer base,” Cannri added. “The rise in state-sponsored cyberattacks, geopolitical instability, and ransomware as a service have all demonstrated the susceptibility of the critical infrastructure sector to attacks… Pandemic [also] have changed the cyber risk landscape for our clients, especially in the critical infrastructure sector. Companies have gone remote, providing remote access for employees and systems, and introducing a range of new technologies and collaboration tools that have created additional attack vectors.”
The cybersecurity industry, once the darling of venture capital, packed with layoffs lately, when macroeconomic factors take their toll. But Kannri says Axio has had no trouble attracting customers, and its customer base now includes more than 350 companies, including utilities, oil and gas suppliers and utility trade associations.
Although he declined to disclose financial details, Kannri said he was “very pleased” with the size of the round and the terms of the deal, which he expects will allow Axio to double the size of its 35-member team by the end of the year. “We have an aggressive product roadmap through 2023,” he said. “[We’ll] use the funds in part to accelerate investment in our AI, machine learning and data science teams to add deeper automation capabilities.”
Credit: techcrunch.com /