Small businesses are the latest target for cybersecurity attacks, with one in every person violating last year. SMB is becoming more aggressive in detecting and halting these threats, and today a startup called Cynomi is unveiling $37 million in funding to meet its demand.
Insight Partners and Antrée Capital are also participating in former backers Canaan, Flint Capital and S16VC. Cynomi had previously raised about $23 million (including this seed round it covered in 2022). From sources close to the contract, we understand that money valuations are over $140 million.
Based in London and Tel Aviv, Cynomi was founded by CEO David Primor, who received his PhD, who was previously an R&D in the Israeli Defence Force. And that experience was founder (his last company was one of the big innovators of Deepfark detection), and other founder spotters (he led the first startup incubator at Oxford University, earning a big return when Onfido's early Portoco was sold for a big return). Their combined cyber and market timing experiences are unfolding in an interesting way with this latest venture.
Cynomi is leaning towards a tendency to use AI-based agents and capulots to do complex and massive tasks, but it pushes the boundaries of what AI expects.
CEO Primor describes Cynomi's products as “virtual CISOs” rather than as co-pilots. It is an automated, AI-based decision maker that helps small organizations understand how to carry out security operations.
Around it, we're building from the ground up a lot of actions and tools that a virtual CISO can perform. You can evaluate your network, plan a set of security policies for the company in question, provide a remediation plan (not offering a remediation plan yet), track progress around a particular plan, and provide a vulnerability to determine vulnerability through the network.
All of these are sold directly to SMB by Cynomi, but through third parties, such as the service providers that SMB normally use for network connections and other managed services.
The market gap in which Cynomi is built is huge.
Malicious hackers of the past focused only on more valuable targets of large corporations. However, recently, using AI and other automated techniques, they have begun to focus on the long tails of the market. Although SMBs are small (in essence) but make up about 90% of all businesses around the world, collectively utilizing them can be a very advantageous picking.
SMB itself faces several specific challenges with budgets and talent, and products like Cynomi come into play.
“Virtual CISO services can start at $10,000 to $12,000 per year,” COO Azoulay said. “A human Ciso is at least 10-15 times. That's to be a knowledgeable and sophisticated buyer in the sense of finding a Ciso. It's also to have a Ciso. [be online] One week, 52 weeks a year. ”
And this formula has been working so far. Cynomi's business saw the ARR triple last year, according to Primor, more than 100 service providers and consultants, including large telecom businesses like Deutsche Telekom, are reselling Cynomi's services to tens of thousands of SMB customers. Approximately 80% of our customers are in the United States. This is the intentional first focus of expanding into Europe and ultimately other markets.
This funding will be used for more R&D and business development. This is because startups believe there are even greater opportunities than virtual CISOs.
“The cybersecurity consulting space is a $163 billion business, but we believe it doesn't actually have an operating system,” Azoulay said. “We believe Cynomi could become its operating system.”
There are quite a few groups that have identified cybersecurity companies targeting SMBs and service providers as key sales channels. These include Vanta, Cohere, Qualys, Coro, Bastion, Guardz, and more. Cybersmart, Cowbell, and Dataguard.
Philine Huizing, MD at Insight Partners, said it was the “VCISO” hook that involved it as an investor. “We believe Cynomi is defining new categories on the VCISO platform,” she said.
Meanwhile, focusing on working with managed service providers to deliver products means that other service providers can adjust or expand on what they are building or selling, allowing them to distinguish between services and prevent other commoditized services.
“MSPs can assess each client's unique risk, customize strategies for each industry, manage daily interactions efficiently, and make them more impactful,” she added.