Axio gets $23M to help companies quantify cyber risk – TechCrunch

AsioThe cybersecurity risk assessment platform, today announced the completion of a $23 million Series B funding round led by Temasek’s ISTARI, with participation from investors NFP Ventures, IA Capital Group and former BP CEO Bob Dudley. Axio CEO Scott Kannry told TechCrunch that the proceeds — bringing New York-based Axio’s total capital raised to $30 million — will be used to develop product and engineering teams, support go-to-market features, and expand in “key regions.” to expand.

Axio was co-founded in 2016 by Kannry and Dave White, who say they were inspired by the difficulties companies often encounter when making cybersecurity investment decisions. Kannry led the cyber insurance team at Aon for several years, and Dave, from Carnegie Mellon University, spent most of his career building cybersecurity frameworks, including the model adopted by the U.S. Department of Energy – C2M2 (Cybersecurity Capability Mature degree model).

“We saw how CEOs and boards struggled with discussions about cyber risk. At the time, the prevailing view was that cyber is fundamentally a technology problem that is solved by IT operators’ investment in IT,” Kannry told TechCrunch said in an email interview. “Now, given the wave of high-profile breaches affecting nearly every sector, industry and organizational size, boards and CEOs recognize that cybersecurity is fundamentally a business issue that actually needs to be discussed from a financial perspective.”

Kannry said Axio is designed to help companies answer questions such as whether they should invest in network controls (such as endpoint security) versus cyber insurance, and how much budget security teams need to reduce the likelihood of loss. The product generates reports that quantify cyber risk in financial terms without resorting to scores and technical jargon, allowing departments to enter information to generate metrics showing whether a company is improving over time.

Startups like BitSight offer similar products to assess the likelihood of an organization being compromised. But Kannry says what sets Axio apart is its focus on modeling the impact of network scenarios. In other words, Axio is less concerned with probability when assessing risk and more concerned with its worst impact.

Axio recently introduced dynamic scenarios that allow companies to model “what-if” scenarios to help them understand how to prioritize security controls. It also has strategic partnerships with several large cyber insurance companies, which Kannry said utilize Axio’s platform as part of their cyber insurance underwriting process.


Image Source: Asio

“Our platform allows security leaders to baseline their existing security controls, quantify their cyber risk in dollars, and stress test their insurance coverage to see if they are adequately covered. [It moves] Moving beyond traditional and compliance-driven cybersecurity approaches to more risk-based models [look] From an overall and spending perspective, in terms of cybersecurity,” Kannry said. “Over the past two years, we have seen a significant increase in the number of security leaders using our platform to assess and quantify their cyber risk. Many of our core customers in the energy and critical infrastructure sectors, while in some cases spending millions of dollars annually on cybersecurity controls, were shut down following high-profile attacks such as SolarWinds and the ransomware-related Colonial shutdown. They began to critically evaluate their network program pipeline. At the same time, cyber insurers and reinsurers are asking us to provide deeper, quantitative risk visibility to support their underwriting teams. “

Indeed, businesses, especially public ones, are under pressure to better manage cyber risk.Earlier this year, the U.S. Securities and Exchange Commission suggested New reporting rules related to the cybersecurity posture and policies of all public companies. Although not formally adopted, the proposed requirements include regular updates on previously disclosed cybersecurity incidents and disclosure of management’s role in mitigating risk and implementing cybersecurity procedures.

At the same time, some forms of cyber-attacks are becoming more common. according to According to a 2022 report from cybersecurity firm Sophos, 66% of organizations were attacked by ransomware last year, compared to just 37% in 2020.

Spurred by these pressures, Gartner predict By 2025, 40% of public boards will have a dedicated cybersecurity committee.

“Despite a significant increase in cybersecurity spending in recent years, cyber threats continue to pose a significant challenge to companies across all industries, especially critical infrastructure operators, who have historically been at the heart of our customer base,” added Kannry. “State-sponsored cyberattacks, geopolitical instability, and the rise of ‘ransomware-as-a-service’ have all demonstrated the vulnerability of critical infrastructure sectors…pandemic [also] Transformed the cyber risk landscape for our clients, especially in critical infrastructure. Companies are going remote, enabling remote access to employees and systems, and introducing a range of new technologies and collaboration tools that introduce additional attack vectors. “

The cybersecurity industry, once a VC darling, has recently been hit by layoffs due to macroeconomic factors. But Kannry said Axio has had no problems protecting its customers, which now number more than 350 companies, including utilities, oil and gas suppliers, and energy grid trade associations.

While he declined to disclose financial numbers, Kannry said he was “very pleased” with the size of the funding round and the terms of the deal, which he expects will allow Axio to double the size of its 35-person team by the end of the year. “We have an aggressive product roadmap through 2023,” he said. “[We’ll] A portion of the funding will be used to accelerate investments in our artificial intelligence, machine learning and data science teams to add deeper automation capabilities. “

Source link

Leave a Reply

Your email address will not be published.