Axio, the cybersecurity risk assessment platform, today announced the closing of a $23 million Series B round led by Temasek ISTARARI, with participation from investors NFP Ventures, IA Capital Group and former BP CEO Bob Dudley. Axio CEO Scott Canary told TechCrunch that the proceeds — which bring New York-based Axio’s total capital to $30 million — will support the product and engineering team’s development and go-to-market activities and expand in “key geographies.”
Accio was co-founded in 2016 by Canary and Dave White, who said they were motivated by the difficulty companies often face when making decisions around cybersecurity investments. Kanry led the cyber insurance team at Aon for several years, while Dave came from Carnegie Mellon and developed the majority of the cyber security framework model – C2M2 (Cyber Security Competency Maturity Model) – adopted by the US Department of Energy.
“We’ve seen CEOs and boards of directors struggle to even have conversations around cyber risk. At the time, the prevailing view was that cyber was essentially a technical problem, that investments in IT would be solved by the people running IT,” Canary said in an email interview with TechCrunch. In light of a wave of high-profile breaches impacting industry and organization size, boards and CEOs are realizing that cybersecurity is fundamentally a business problem that requires a discussion of financial considerations.
Axio is meant to help businesses answer questions like whether they should invest in cyber controls (eg, endpoint security) and cyber insurance, and how much budget a security team needs to minimize the risk of loss, Cannery said. The product produces results and reports that describe cyber risk at a financial level without using technical jargon, allowing departments to generate metrics that show whether or not a company is improving over time.
Startups like BitSight offer similar products that assess the likelihood of an organization being breached. Kanri, however, sets Axio apart by focusing on modeling the impact of cyber situations. In other words, Axio cares more about opportunities and their potential consequences when assessing risk.
Axio recently introduced dynamic scenarios that allow companies to model “what if” scenarios to help them understand how to prioritize their security controls. It has also entered into strategic partnerships with several large cyber insurers, which use Canary’s Accio platform as part of their cyber insurance underwriting process.
“Our platform allows security leaders to measure their cyber exposure in dollar terms based on existing security controls and test their insurance coverage to understand if they have adequate coverage. [It moves] From legacy and compliance-based approaches to cyber security to risk-based models [look] In the context of cyber security universal and cost,” Canary said. “Over the past two years, we’ve seen significant progress in security leaders using the platform to assess and measure their cyber risk. Many of our customers in power and critical infrastructure, despite spending in some cases millions of dollars a year in cybersecurity controls, began to seriously evaluate their cyber programs in the wake of high-profile attacks like SolarWinds and ransomware-related colony shutdowns. pipeline. At the same time, cyber insurers and reinsurers have asked us to provide deeper risk visibility to support their client groups.
It is certainly true that there is pressure on businesses, especially the public, to better manage cyber risk. Earlier this year, the U.S. Securities and Exchange Commission proposed new reporting rules for all publicly traded companies on cybersecurity postures and policies. While not formally adopted, the suggested requirements include timely updates on previously identified cybersecurity issues and disclosure of management’s role in mitigating risk and implementing cybersecurity procedures.
Meanwhile, some forms of cyber attacks are becoming more common. According to Sophos’ 2022 Cyber Security Report, 66 percent of organizations were hit by ransomware attacks last year, up from 37 percent in 2020.
Driven by these pressures, Gartner predicts that 40% of all public boards will have cybersecurity committees by 2025.
“Despite the significant increase in cyber security spending in recent years, cyber threats continue to be a major challenge for companies in all sectors, particularly critical infrastructure operators who have historically been our customer base,” Kanry added. “The rise of state-sponsored cyberattacks, geopolitical instability and ‘ransomware-as-a-service’ have all shown that the critical infrastructure sector is vulnerable… [also] It has revolutionized cyber risk for our customers, especially in the critical infrastructure sector. Companies were going remote, enabling remote access to employees and systems, and introducing a variety of new technologies and collaboration tools, introducing additional attack vectors.
The cybersecurity industry, once a VC darling, has taken a beating lately as macroeconomic factors take their toll. But Kanny says Axio has not had any problems in keeping customers, now with a total customer base of more than 350 companies, utilities, oil and gas suppliers and power grid trade associations.
While declining to disclose financials, Canary said he was “very happy” with the round size and terms of the deal, which is expected to allow Accio to double its 35-person team by the end of the year. “We have an aggressive product roadmap through 2023.”[We’ll] We will use the funds in part to accelerate investments in our AI, machine learning and data science teams to add deep automation capabilities.