Calling custom security awareness training the answer to social engineering, Riot raises $12M

In the current threat landscape, employees who can’t pinpoint phishing emails are at serious risk. When just a single click on a malicious link or attachment can trigger a data breach, users need must have the ability to spot social engineering attacks whenever they encounter them. 

One provider looking to equip employees with the knowledge to detect social engineering threats is Riot. The company today announced it has raised $12 million as part of a series A funding round led by venture capital fund Base10. 

Riot’s security awareness training platform offers a catalog of more than 20 text-based courses based on various scenarios including CEO fraud and spear phishing, which can be issued year-round via Slack and Microsoft Teams. These courses are also dynamically customized to provide users with tailored learning experiences. 

The vendor claims to have the highest security awareness training completion rate in the industry, and highlights that there is no-one-size fits all to security awareness training. Each employee needs to be educated to defend against the priority risks that their organization, industry and position are exposed to. 

Mitigating social engineering and human risk 

After a spate of high-profile social engineering breaches impacting organizations like Uber and Rockstar Games last year, many security leaders are turning to security awareness training to better educate employees on security-conscious behavior. 

According to Proofpoint, although 99% of companies claim to offer a cybersecurity awareness program, employees still don’t have basic cybersecurity knowledge and 47% still lack an understanding of the concept ‘phishing.’ And, according to Verizon, 82% of data breaches are caused by human error.

Riot founder Benjamin Netter pointed out that the problem is that many “cookie-cutter” training solutions are too generic, decreasing the likelihood of engagement and positive learning outcomes.

“The current industry standard consists of cartoon videos sent to all employees, followed by a quick quiz to assess their retention and comprehension. Although this spray-and-pray approach ticks the compliance box, it doesn’t improve employee security,” said Netter.  

Instead, Riot generates training materials based on certain contextual factors and triggers. For instance, its solution can detect whether an employee has multifactor authentication enabled; it can then generate a course to highlight the importance of authentication for those who don’t employ MFA.

The security awareness training market 

Riot’s solution falls within the security awareness training market, which Cybersecurity Ventures predicts will reach a value of $10 billion annually by 2027.

One of Riot’s main competitors is Knowbe4, acquired by Vista Equity Partners for $4.6 billion in February 2023.

Knowbe4’s platform offers what the vendor claims to be the largest library of security awareness training materials with automated training campaigns and scheduled reminder emails. It also offers automated simulated phishing attacks so employees can practice detecting malicious emails. 

Another key competitor is Proofpoint, which offers a security awareness training platform that organizations can use to complete knowledge assessments, culture assessments and phishing simulation tests, and reports that identify top clickers. Thoma Bravo acquired Proofpoint for $12.3 billion in August 2021. 

At this stage, the key differentiator between Riot and competitors is its use of customized training materials based on contextual factors.