By Deborah Gage | July 14, 2016 7:30 a.m. ET
One of the hardest places for companies to protect from cyberattacks is the holes opened by companies closest to them—their partners, customers and vendors.
The most famous case may be Target Corp., which lost data on 40 million debit and credit accounts along with personal information for as many as 70 million customers after hackers penetrated its network in 2013 by stealing the credentials of a Target refrigeration contractor.
Target’s chief executive and its chief information officer resigned, and a proxy adviser, Institutional Shareholder Services, urged that seven of Target’s 10 board members be ousted for failing to protect the company.
In an effort to avoid similar problems and to set an industry standard for assessing security risks, venture capitalists and several large companies—some named and some not—have banded together to form CyberGRX, a startup that has been in the works for more than 18 months. GRX stands for Global Risk Exchange.
The Denver-based company has raised $9 million in a Series A round led by Allegis Capital and includes numerous other investors and advisers.
Some of them—including Aetna Chief Information Security Officer Jim Routh, MassMutual Chief Information Risk Officer Sri Dronamraju and Blackstone Chief Information Security Officer Jay Leek—are helping CyberGRX design a software platform and business processes that will guide companies in assessing their own security risks and the risks of their partners.
“If you’re shopping for a home, you can go to Zillow and there are countless homes, but you’re probably going to hire a home inspector to look at the piping and make sure there are no foundational issues,” said Chief Executive Fred Kneip, who previously headed security for the investment management firm Bridgewater Associates. “So let’s understand how you think about the core components of a cybersecurity program and its levels of maturity and effectiveness.”
Allegis Capital founder Bob Ackerman said he has been thinking about the problem since at least 2014 and couldn’t find companies on the market with a comprehensive enough approach. A Blackstone portfolio company, Optiv Security LLC, is also working on CyberGRX because its customers are concerned about third-party security risks, Mr. Ackerman said.
The challenge with current cybersecurity assessments is that they are labor-intensive, expensive and prone to disagreements over what questions should be asked and how they should be phrased, according to CyberGRX’s founders.
Photo: CyberGRX’s Fred Kneip.
Fortune 500 companies generally have thousands of partners and may only evaluate the most important ones, although “you don’t have to be a big partner to represent a significant cyberrisk,” Mr. Ackerman said.
Companies may be loath to admit they have risks. “If it’s self-reported, no one will say I don’t have [a password rotation policy],” said GV General Partner Karim Faris, an investor, although even asking the question can spark a company to get one.
Mr. Faris said CyberGRX’s success will depend on its ability to figure out the most effective set of questions that will work across a wide range of companies and balance those with on-site visits where inspectors know what to home in on.
Mr. Leek said CyberGRX relies on the strength of its relationships with chief information security officers at global companies who are collaborative, understand security risks and agree with CyberGRX’s approach.
CyberGRX expects to release a product in early 2017. Founders say a standard security assessment could provide a foundation for other industries, like cyber insurance.
Investors who participated in the funding include Blackstone, TenEleven Ventures, Rally Ventures, GV (formerly Google Ventures) and MassMutual Ventures along with several individuals and unnamed strategic investors.
Board members include Mr. Ackerman, Mr. Kneip, Mr. Leek, TenEleven Ventures founder Mark Hatfield, ClearSky Power & Technology Fund Managing Director Alex Weiss and Cylance CEO Stuart McClure.
Find more @Read More
Third-Party Cyber Risk Management Platform Company CyberGRX Closes $9M Series A Funding
Allegis Capital Leads Round with Participation from Major Cybersecurity Investors;
Platform Being Developed in Close Collaboration with Early Adopters at Leading Institutions
DENVER – July 14, 2016 – CyberGRX, provider of the most comprehensive third-party cyber risk management platform, today announced that it closed $9M in Series A funding led by Allegis Capital, with participation from Blackstone, TenEleven Ventures, Rally Ventures, GV (formerly Google Ventures), MassMutual Ventures and several other strategic investors. The company will use the funding to deliver the CyberGRX platform to market. The platform is developed in partnership with its early adopters, which include chief security and risk officers from Aetna, Blackstone, MassMutual and several other leading institutions across business sectors.
As enterprises’ dependence on their partner ecosystems grows, so does their exposure to breaches from these key vendors, partners and customers. A recent Ponemon Institute report, “ Data Risk in the Third-Party Ecosystem,” found that nearly half (49 percent) of all organizations had recently reported that they experienced a data breach caused by a vendor, and nearly three out of four (73 percent) enterprises expect third-party related incidents to increase. And the damage, both in terms of reputation and actual dollars and shareholder value lost, is real. A recent survey of 170 large enterprises by consulting firm Deloitte found that 28 percent of respondents had faced major business disruption due to third-party data breaches, and more than one in four (26 percent) organizations suffered reputational damage as a result. An astounding 87 percent of the enterprises surveyed admitted to “disruptive incidents” with third parties in the last 2-3 years. It is evident that boards, CEOs, business leaders, and risk and security managers need a better way to manage this exploding third-party cyber risk.
Despite this growing need, substantial inefficiencies continue to exist on both sides in the current approach. Enterprises focus the vast majority of their time collecting data, rather than performing risk management and mitigation processes to reduce the residual security risk third parties represent. At the same time, vendors and partners spend too much time, energy and money completing questionnaires and hosting on-site security assessments.
“CyberGRX is built by security practitioners who bring a risk-based perspective to security control assessment,” said Fred Kneip, CEO of CyberGRX. “CyberGRX helps enterprises not only automate and standardize the collection of information, but also prioritize, evaluate and remediate risk. Instead of incrementally improving what people do today, CyberGRX fundamentally changes the way organizations address cyber risk in an increasingly interdependent world.”
Commercially available in early 2017, CyberGRX provides the most comprehensive third-party cyber risk management platform, addressing existing inefficiencies and creating benefit for both enterprises and for their partners and vendors. Through its innovative design, automation and advanced analytics, the CyberGRX platform enables enterprises to cost-effectively and collaboratively identify, assess, mitigate and monitor an enterprise’s cyber risk exposure across its entire vendor, partner and customer ecosystem.
CyberGRX provides the most comprehensive third-party cyber risk management platform to cost-effectively identify, assess, mitigate and monitor an enterprise’s risk exposure across its entire partner ecosystem. Through automation and advanced analytics, the CyberGRX solution enables enterprises to collaboratively mitigate threats presented from their increasing interdependency on vendors, partners and customers. CyberGRX is based in Denver, CO with offices in McLean, VA. For more information, visit www.cybergrx.com or follow @CyberGRX1 on Twitter.
fama PR for CyberGRX
Find more @ https://www.cybergrx.com/press.htmlRead More
While last week was a fairly impressive week for B2B venture capital, investors swooped in on their dark horses to give an extra bump to B2B financial services startups.
The first came Thursday (June 23) when reports emerged that Apruve secured $2.25 million in venture capital funding led by TTV Capital and Allegis Capital. Apruve provides financial management solutions for small businesses that operate in the B2B eCommerce space. According to reports, it enables companies to accept online orders from business customers and provides instant credit for their sales.
The Series A funding will be used to scale up the company, reports said. “We believe Apruve is solving a fundamental problem that well enable more businesses to ride the $1.3 trillion wave of B2B eCommerce that is currently unfolding,” said TTV managing director Tom Smith in a statement. “Their solution takes on outdated accounts receivable processes, automates it then underwrites the credit risk for the seller.”
Apruve integrates into eCommerce platforms like Shopify, Magento and BigCommerce.
Across the pond, U.K. startup Satago raised about $6.3 million from backers for its eInvoicing solution, reports also said Thursday.
The company provides a database for companies to see how well other businesses are paying their invoices on time. It provides automated invoices, payment requests and reminders, and credit reporting solutions into its service, geared toward micro-businesses and freelancers that need to manage outstanding bills from clients.
The funding, provided by ESF Capital, coincides with Satago’s launch of Invoice Finance. The new service that provides freelancers with access to working capital by funding 85 percent of outstanding bills. The final 15 percent is provided once a company pays the invoice.
Find More: http://www.pymnts.com/news/b2b-payments/2016/b2b-fintech-venture-capital-satago-apruve/