With data breaches both in government and in tech at the center of the news cycle every week, it may not come as a surprise that cybersecurity companies are raking in the dough. But while a company may deploy a security software to mitigate threats to its own platform, it’s not always clear if its partners that also have access to its data are doing the same.
Follow Crunchbase News on Twitter
CyberGRX, a Denver-based cybersecurity company, has picked up $30 million in Series C funding to address that uncertainty. The round was led by Scale Venture Partners, while Aetna Ventures, Bessemer Venture Partners, and other existing investors also participated in the round. The company has raised a known total of $59 million since its founding in 2015, according to Crunchbase.
With its risk management assessment software, CyberGRX allows its customers to view the extent to which a third-party partner is addressing their security needs. Fred Kneip, the founder and CEO of CyberGRX, told Crunchbase News that his company is addressing a neglected market.
“You’re seeing anywhere between 50 percent and 70 percent of breaches reported today, are through a third party. And so it’s a massive attack vector that has not been recognized,” he said, adding that the typical Fortune 500 company has between 5 and 10,000 third party partners ranging from payroll software to manufacturers to analytics providers.
Kneip told Crunchbase News that the company spoke to the team at Intuit to come up with the best way to assess the risk management criteria through a Turbo Tax-like system. He emphasized that his test, which is completed by the third parties, not only allows its customers to analyze potential risk, but also allows third parties to lessen the amount of time wasted on antiquated, paper-based assessments.
“One of our partners is ADP, which was assessed 4000 times last year — literally 4000 separate customers reached out and said, ‘Can you tell me about your security program?’,” he noted. “We do that assessment, once in a high-quality standardized way, and we validate the information […] then we house it in a central location and allow it to be used multiple times.”
While the company is not sharing revenue or valuation metrics, Kneip said that CyberGRX is connected with over 1000 third parties that have completed assessments. Further, he said that the funding will be specifically used to build out the company’s sales and marketing teams.
CyberGRX isn’t the only Colorado-based company to have scored funding this year. Denver-based Welltok picked up a $75 million Series E in April, too. And, according to Crunchbase, Colorado’s venture ecosystem has experienced a significant amount of growth over the past couple of years. Take a look:
Kneip, an East Coaster originally, believes that the Denver tech community may be becoming a more viable option for some than the Bay Area.
“You’re seeing a lot of these larger organizations from particular from the West Coast starting to look at Denver because, honestly, cost of living and a variety of other things are really contributing to people maybe not feeling that the Bay Area is the be all end all,” he said. “We’ve hired a bunch of people from San Francisco that have moved to Denver to be a part of CyberGRX and I think a lot of people are seeing that as well.”
With all of CyberGRX’s investors based in Silicon Valley, it may be the case that more investors are beginning to see that the benefits of community and low operational expenses are outweighing the costs of proximity.
Illustration Credit: Li Anne Dias
Editorial Update: This post has been updated to reflect that the company is connected to over 1000 third party partners, not 100.