Small businesses are the latest target for cybersecurity attacks, with one of the three small businesses experiencing a data breach last year. SMB is becoming more aggressive in detecting and halting these threats, and today a startup called Cynomi is unveiling $37 million in funding to meet its demand.
Insight Partners and Antrée Capital are co-leading this Series B, with former supporters Canaan, Flint Capital and S16VC also participating. A source close to the deal told TechCrunch that the company is valued at over $140 million in money.
Cynomi had previously raised about $23 million (including this seed round it covered in 2022).
Based in London and Tel Aviv, Cynomi was founded by CEO David Primor, who received his PhD, who was previously an R&D in the Israeli Defence Force. COO ROY AZOULAY was founder and started and led the first startup incubator at Oxford University.
Cynomi is leaning towards a tendency to use AI-based agents to do complex and massive work, but it pushes the boundaries of what AI expects.
CEO Primor describes his product as a “virtual CISO” rather than as an AI agent. It is an automated, AI-based decision maker that helps small organizations understand how to carry out security operations.
It also builds many actions that this “virtual CISO” can perform. You can evaluate your network, plan a set of security policies, develop remediation plans, track progress, perform analysis to find network vulnerabilities, recommend system optimization, and create reports on network status and health.
All of these are not sold directly to SMB by Cynomi, but they are sold through third parties that SMB normally use for network connections and other management services.
The market gap Cynomi is trying to misuse is huge.
Malicious hackers have focused solely on larger businesses that are more valuable, but recently they have begun to focus on the long tail of the market. There are many SMBs and account for 90% of all businesses around the world, so tapping them will give you a lucrative pick.
However, SMB faces several specific challenges when it comes to budgets and talent where products like Cynomi appear.
“Virtual CISO services can start at $10,000-$12,000 a year,” said Azoulay, COO of Cynomi. “A human CISO is at least 10-15 times. That’s about being a knowledgeable and sophisticated buyer in the sense of finding a CISO. It’s about getting a CISO (online) for 52 weeks a week.”
This formula has worked for startups so far. Cynomi has seen its annual repeat revenue triple last year, according to Primor, with over 100 service providers and consultants, including large telecom operators like Deutsche Telekom, have reselled Cynomi’s services to thousands of SMBs. Approximately 80% of its customers are in the US, and the company is currently focusing on Europe and other markets.
This fund will be used for R&D and business development. This is because startups believe there are even greater opportunities than virtual CISOs.
“The cybersecurity consulting space is a $163 billion business, but we believe it doesn’t actually have an operating system,” Azoulay said. “We believe Cynomi could become its operating system.”
There are dozens of cybersecurity companies out there targeting SMBs, with a considerable group identifying service providers as their main sales channels. These include Vanta, Cohere, Qualys, Coro, Bastion, Guardz, and more. Cybersmart, Cowbell, Dataguard.
Philine Huizing, MD at Insight Partners, said it was the “VCISO” hook that sparked his investor insight. “We believe Cynomi is defining new categories on the VCISO platform,” she said.
Meanwhile, a startup focused on working with managed service providers to deliver products means that they can adjust or scale with what the service provider is building or selling. It helps to distinguish services and not become separate commoditized services.
“MSPs can assess each client’s unique risk, customize strategies for each industry, manage daily interactions efficiently, and make them more impactful,” Huizing added.