According to IBM, the average cost of a data breach is $4M and as we move into an era where more and organizations are leveraging their data with partner integrations, this risk compounds. Understanding where your organization ranks in terms of security risk is critical as is understanding where your partners stand. SecurityScorecard is a cybersecurity rating platform that provides near-instant analysis of a companies security risk. The platform presently features over 1.8M businesses and plans to cover 20M business by year-end. The rating and analysis provided contextualizes cybersecurity risk so that all parties involved – including vendors and suppliers – can interpret and assess any vulnerabilities within a business operation. There has been an increasing number of use cases including underwriting risk assessment by insurance companies and M&A due diligence.
AlleyWatch caught up with CEO and Cofounder Aleksandr Yampolskiy to learn more about the company’s impressive traction since the last time we spoke, future plans, and latest round of funding, which brings the total funding raised to $292.2M since the company’s founding in 2013.
Who were your investors and how much did you raise?
This Series E preferred stock financing round raised $180 million from investors including Silver Lake Waterman, funds and accounts advised by T. Rowe Price Associates, Inc., Kayne Anderson Rudnick, and Fitch Ventures, as well as existing investors Evolution Equity Partners, Accomplice, Riverwood Capital, Intel Capital, NGP Capital, AXA Venture Partners, GV (Google Ventures), and Boldstart Ventures.
Tell us about the product or service that SecurityScorecard offers.
SecurityScorecard continuously produces security ratings for nearly two million companies globally, 10x more than our nearest competitor. We calculate scores within minutes for any company in the world, with unmatched breadth and depth of data. We have over ~1300+ visionary customers and over 16,000+ engaged companies on our platform.
Using seven years of historical data, we give an “A-F” rating to companies, giving them an easy way to understand their cyber posture. We have shown (and it was validated by outside insurance firms) that companies with a bad score (F) are 7.7x more likely to be breached than companies with a good score. And the score is just where it starts. We deliver unique analytics to help businesses operate with situational awareness of the cyber risk landscape and make business decisions with more confidence.
What inspired the start of SecurityScorecard?
My cofounder Sam Kassoumeh and I had the idea for security ratings back in 2013 when we were trying to understand the risks posed by our extended ecosystem of vendors and business partners, in addition to trying to report our own cybersecurity health to our board of directors. We had no data to draw from and realized the huge need. This problem has only become more acute as companies become more interconnected and moved to the cloud.
How is SecurityScorecard different?
When we think of what sets us apart, several key differentiators come to mind:
- Breadth of Data: Unlike competitors, we continuously update our data and collect 80% of our data, gather 27B+ points per week, and run one of the largest malware sinkhole networks in the world. This enables us to continuously gather, attribute, and rate companies and provide real-time intelligence that does not require any manual inputs or curation.
- Fast Score in Minutes: This data enables us to give a ‘fast score’ within minutes, as opposed to days and weeks.
- 360-degree visibility: Our full platform gives customers a unified view of any company’s risk posture with the outside-in ratings and inside-out data from Atlas questionnaires. We are the only ratings provider that uses machine learning and security analytics to accelerate the vendor risk assessment process by 75%.
- Transparency: Our scoring methodology is the most trusted and transparent, and the industry’s first and only public Trust Portal. Our in-platform refute process is self-serve and a challenge is accepted or denied within 48 hours and updated in a Scorecard within 48-72 hours after – the fastest in the industry. This offers a superior user experience for our customers, and our customer success team has consistently been recognized by outside validators for their incredible dedication to support and remediation. Our scale, speed, and comprehensiveness is unmatched in the security ratings space.
- Largest ecosystem of cyber risk ratings: Our marketplace offers the largest ecosystem of apps and integrations, enabling our customers to gain operational scale through integrations, access continuous risk intelligence in other platforms they use, and gain more leverage out of their full security stack.
What market does SecurityScorecard target and how big is it?
Our target is any company that wants to understand and improve its cybersecurity posture and improve the cyber resilience of its ecosystem. We’ve already scored close to two million companies, and every company refers us to an average of seven other new companies which creates a strong network effect in our product.
It’s also been gratifying to see some of the big companies that were skeptical about us in the past become customers; we’ve continued adding to our customer base across industries like government agencies, banks, airlines, etc.
What’s your business model?
We’re a 100% cloud-based enterprise SaaS solution. No installation. Just a simple frictionless instant sign-up.
How has COVID-19 impacted the business?
As organizations work remotely, demand for our security ratings platform has grown, following several significant supply chain attacks and corresponding increased regulatory attention on cyber oversight of suppliers. We have seen a fundamental shift in budgets to cybersecurity ratings and have passed the tipping point where the depth of our data and network effects are driving broad market adoption. In fact, despite the business climate, in Q4-2020, total international recurring revenue grew over 61% YoY and total international customers grew 89% YoY. We’re on track to rate more than 20 million organizations by the end of this year.
What was the funding process like?
JP Morgan served as our sole placement agent and worked closely with us on this process. We were fortunate that the round was wildly oversubscribed — with great new strategic investors and many existing investors who also participated. It’s a testament to the fact that security ratings are a must-have for businesses worldwide.
What are the biggest challenges that you faced while raising capital?
As a CEO I’m always looking forward to our future. Fundraising conversations and the high positive reception we heard throughout the process amped me and the team up to continue to accelerate the great trajectory of our company. We would all often end the day ready to go focus 150% on continuing to propel forward in our mission to make the world safer. And now that we’ve closed a great Series E round, that’s exactly what we’re doing!
What factors about your business led your investors to write the check?
In short, our tech, our team, and the big future are what generated the high interest in SecurityScorecard. There is a massive future opportunity and our story is only beginning to get written. Investors saw that our data-centric approach to measure and communicate security will become the new standard for every company in the world. They also saw our team is solution-focused and highly customer-centric.
What are the milestones you plan to achieve in the next six months?
We plan to invest heavily in the following:
- Our product: We will be creating new avenues for our product to drive even further value to our customers. We look forward to taking some of the ideas we’ve had and accelerating them to get them in the hands of our customers before the end of 2021.
- International Growth: We will be investing in deepening our foothold in markets we have already successfully penetrated such as the UK, France, Japan, and Germany, but also expand that footprint more broadly into APAC, South America, and EMEA. We would like to expand our footprint to more than 100 countries.
- Channel and alliance partnerships: Channel and alliance partnerships are incredibly important to our business and we will invest to expand this network and provide even more value to our channel partners.
What advice can you offer companies in New York that do not have a fresh injection of capital in the bank?
Resilience is a key factor that I believe is important to anyone’s success. It’s cliche, but it’s not about how many times you fall down, it’s about how many times you get back up. I believe if you work hard, and keep growing and learning, doors will always open.
Resilience is a key factor that I believe is important to anyone’s success. It’s cliche, but it’s not about how many times you fall down, it’s about how many times you get back up. I believe if you work hard, and keep growing and learning, doors will always open.
Where do you see the company going now over the near term?
The new funding will further accelerate our corporate growth with planned investments across new product lines, global expansion, a broadening partner ecosystem, and added customer benefits and features to assess and mitigate cybersecurity risk in novel ways. We’ll also be scaling up to meet the escalating demand for our products and services.
What’s your favorite outdoor dining restaurant in NYC
That’s a tough one, there’s so much good food in NYC! Gemma at the Bowery Hotel is a recent discovery for me. Honestly though, it’s more about the people than the place for me– being able to enjoy time with my family outdoors brings me a lot of joy.