It was recently estimated by the World Economic Forum that by 2025 there’ll be 463 exabytes of data created each day globally — that’s the equivalent of 212m DVDs, for those who remember them. That exponential growth of data sets up a skirmish between hackers trying to access that information and the cybersecurity startups trying to stop them — something investors are jumping on.
Cybersecurity startups raised around $1.8bn in 2022, matching the total funding that the sector drummed up in the year before. Digital asset investment platform Copper raised the biggest round of the year — a $180m Series C from Tiger Global Management and Barclays PLC — followed by Nord Security’s $100m raise.
But which up-and-coming startups are VCs watching in the space? Here are the companies they’ve clocked, with one caveat: they weren't allowed to pick any of their portfolio companies.
Damien Henault, partner at TempoCap
TempoCap is a European growth-stage technology fund with offices in London, Paris and Berlin focusing on enterprise software, cybersecurity and fintech.
Cado Security — UK
Cado Security is a cybersecurity forensics and incident response platform. As global enterprises are migrating more data to the cloud, cyber attacks on cloud infrastructures are increasing. Cado Security offers a fully automated forensic-level data capture and processing solution that allows security teams to improve their response time to incidents and move faster than the attackers.
HarfangLab — France
HarfangLab is a next-generation Endpoint Detection and Response (EDR) solution that uses real-time behavioural analysis and advanced AI to detect invisible attacks and home in on real and critical cyber threats. HarfangLab’s platform is easy to deploy and manage while still being able to handle complex threats, which is a particularly valuable characteristic given the significant shortage of skilled cybersecurity talent.
CounterCraft — Spain
CounterCraft generates a real-time actionable intel feed using its deception platform. The tech lures in attackers using decoy targets to learn about potential hacker behaviour and inform defence tactics before a real attack has happened.
OutThink — UK
Human error is actually one of the most significant vulnerabilities in cybersecurity, and the source of more than 82% of data breaches, according to a 2022 report by Verizon. OutThink is a cybersecurity training and awareness SaaS platform focused on identifying, managing and mitigating human risk. It provides chief information security officers with the tools to establish a strong cyber risk-aware culture in their organisation, building a human firewall with the workforce as the first line of defence.
Nick Kingsbury, partner at Amadeus Capital Partners
Amadeus Capital Partners is a global technology investor based in Cambridge.
General System — UK
General System has developed an indexing product that can capture massive data flows and analyse them for organisations in real time. Today, any real-time analysis is usually done only on summary data, and most data is only examined in forensic situations in relation to security risks. General System's underlying tech is aimed at the Internet of Things (IoT), both in cybersecurity and industrial applications, like capturing aircraft or vehicle data to inform companies on the behaviour and movement of their customers.
Venari — UK
Encrypted messages can act as a vector for injecting malware into an organisation. Venari provides a solution that examines both the metadata and encrypted payload of a message, using a combination of artificial intelligence, machine learning, behavioural analytics and a rules engine to provide valuable insights that can be used to improve the organisation’s ability to block potential attacks — all without decrypting the data.
RevEng — UK
RevEng uses machine learning to analyse binary code and detect potential malware. The company structures and executes binary code to identify suspicious behaviour, by searching for patterns within the code. Crucially, this approach allows companies to ensure that no malicious code is running on their systems, even if the original malicious binary code has been altered.
Alston Zecha, partner at Eight Roads Ventures
Eight Roads is a Series A-C venture firm with more than 50 years track record investing in Europe, China, India, Japan and the US.
Eye Security — The Netherlands
Eye Security is an all-in-one SME cyber solution that bundles cyber security measures together with cyber insurance. Hacking has sadly become more accessible thanks to much more scalable techniques, tech and ransom methods, which means malicious actors can now make money extorting smaller companies. Small to medium-sized companies lack the time and expertise to deal with these complex issues, so Eye Security combined the platform with insurance, and handles both the technical and financial risks.
Hadrian — The Netherlands
Hadrian likens itself to Google Maps for security infrastructure, helping chief information security officers to map, contextualise and prioritise potential vulnerabilities throughout their digital estate. As enterprises increasingly digitise, their threat surfaces have grown exponentially. This makes automated monitoring necessary, as well as intelligent solutions focused on the full context of a company’s tech stack and where and how it interacts with everything else.
Risk Ledger — UK
Risk Ledger offers a new approach to supply chain and third party cyber risk management. Often the most significant cyber vulnerability comes not from a company’s own IT but its partners and supply chain: one major hospitality chain was hacked via a fish aquarium controller in its lobby, for example, and on a larger scale we’ve seen situations like the SolarWinds hack, where malware was downloaded through software updates.
Traditionally, companies handle supply chain risk via questionnaires. Risk Ledger has not only digitised this, but has created a centralised platform for both suppliers and companies — suppliers only need to update their information once and companies are continuously informed of any changes. Risk Ledger’s standardised assessments map to all key cyber frameworks and also take into account non-security risks, alongside integrating with cyber security software, so a company can develop a more comprehensive view of the risks.