Join today's leading executives online at the Data Summit on March 9th. Register here.

Cynomi, a virtual CISO (vCISO) platform provider, yesterday announced that it raised $3.5 million in a seed funding, which it says it will use to enhance its research and development, and its presence in the U.S. and U.K.

Cynomi’s solution is designed to give managed service providers (MSPs) an AI-based vCISO platform with automated features they can use to scale their existing CISO operations.

Features include automated assessments and AI sanity checks to gain greater visibility over the security posture of their clients, and automatically deploy action plans to better protect them against current threats.

The solution essentially offers technical decision makers and MSPs a scalable vCISO solution they can use to guarantee clients with access to remote support from a cybersecurity expert without the upfront investment of hiring a CISO.

Offering security support to mid-sized organizations

The announcement comes as mid-market organization’s security measures lag behind those of larger organizations. In 2020, 33% of middle market executives said they experienced a ransomware attack or demand in 2020.

Yet in 2021, mid-market organizations still weren’t prepared to defend against ransomware threats propagated by phishing attempts, with only 1% having email malware protection or Wi-Fi phishing protection in place.

“It’s no secret that mid-market cybersecurity is in almost crisis mode. We believe the root cause of this situation boils down to expertise. While in an enterprise setting a CISO is responsible for knowing the company’s posture, vulnerabilities, and priorities, in small organizations overall cyber responsibility is given to IT. But IT and cybersecurity are two different disciplines,” Cynomi cofounder and COO Roy Azoulay told VentureBeat.

“We believe this view is beginning to gain validation in the market. Gartner has recently shared that vCISO services will support 20% of the market (up from 1% in 2021). Given the scarcity of cybersecurity expertise, we see our role as providing the technology to support this transformation,” he said.

vCISO: The alternative to penetration testing?

Cynomi is part of the global cybersecurity market, valued at $163.53 billion in 2019, and anticipated to reach $430.46 billion by 2030. While the organization doesn’t have any direct vCISO platform competitors, it’s competing against automated penetration testing tools that can help organizations automatically scan their environments for weaknesses.

The penetration testing market is fast-growing, valued at $580 million in 2020 and is expected to grow at a CAGR of 24.3% between 2021 and 2026 as the volume of cyberthreats increases and the list of compliance requirements increases.

One of Cynomi’s main penetration testing competitors is Intruder, which offers a cloud-based vulnerability scanner, and has raised $1.2 million in funding to date.

Similarly, Cynomi is also competing against purple-team platform provider PlexTrac, which isn’t directly a penetration testing solution but instead enables managed service providers to import scanner finding and automate routine security tasks. This approach has been highly successful, with the organization recently raising $70 million in Series B funding.

However, Cynomi aims to stand as much more than a traditional penetration-testing tool by providing CISO insights that automated tools can’t provide.

“We take a holistic approach. A penetration testing tool will help you find breaches in your perimeter, and to use an analogy, it will tell you whether there are any holes in the fence around your house that an attacker can utilize. Cynomi wants to tell you how to build that fence in the first place,” said Azoulay.

Yesterday’s funding round led by Flint Capital with participation from SeedIL, Lytical Centuries and business angel investors including Nir Giller, cofounder of CyberX.