Cyber risk monitoring platform Black Kite raises $22M

Boston, Massachusetts-based Black Kite, a company developing cybersecurity-as-a-service solutions, today announced that it raised $22 million in series B funding led by Volition Capital, with participation from existing investors Moore Strategic Ventures, Glasswing Ventures, and Data Point Capital. The capital will be put toward product development and expanding the size of Black Kite’s workforce, according to CEO Paul Paget.

An estimated one in four organizations suffered from a cyberattack in the past year, resulting in production, reputation, and financial losses. One of the problems is that adversaries are increasingly attacking companies via third parties, “island-hopping” their way into target organizations. More than 80% of enterprises have experienced a data breach as a result of security vulnerabilities in their software supply chains, a recent BlueVoyant report found.

Founded in 2016 by Mohamoud Jibrell and Candan Bolukbas, Black Kite provides a third-party cyber risk monitoring platform for enterprise clients. Bolukbas previously worked as a certified ethical hacker for NATO, where he helped to uncover cybercriminal loopholes that potentially exposed member countries. Bolukbas later formed a team to build a cyber risk rating platform — Black Kite — that could analyze, continuously monitor, and scale to corporate networks.

Above: The Black Kite platform.

Image Credit: Black Kite

“Supply chains have been affected by the pandemic, which has brought more attention to the cybersecurity problems within. It also made it evident to adversaries that disrupting supply chains can be a pathway to monetizing on cyberattacks,” Paget said. “Black Kite has patented techniques around combining cyber ratings and quantitative risk.”

Quantifying cyber risk

Black Kite’s product aims to simplify vendor risk management, particularly risk quantification and uncovering ransomware susceptibility. For example, the company recently released a capability to interpret security policies and compliance documents by ingesting and parsing them through 14 sets of controls, a process that Puget claims is “an order of magnitude” faster than the typical manual task of documenting answers to security vendor questionnaires.

Black Kite competes with cyber ratings companies including BitSight, Panorays, SecurityScorecard, VisibleRisk, and the relative newcomer Brinqa. But the 32-person company, which expects to have over 40 employees by the end of the year, says it has more than 300 paying customers. In a testament to its success, Black Kite recently moved its headquarters into the Prudential Center in Boston — with continued plans for Boston-based expansion.

“Third-party cyber risk management is a persistent and growing concern for organizations across all industries, and solutions that most effectively mitigate these risks have significant growth potential,” Volition Capital managing partner Sean Cantwell said in a statement. “Black Kite’s unique standards-based approach to supply chain risk assessment coupled with a strong management team has enabled significant market growth and traction. As long-time investors in supply chain compliance and security software businesses, we believe that Black Kite is well-positioned to emerge as the category-leading third-party cyber risk platform.”

Venture firms continue to pour capital into cybersecurity startups as threats grow during the pandemic. In the first half of 2021 alone, investors put $11.5 billion in total toward cybersecurity companies, up from $4.7 billion during the same period a year earlier, according to Momentum Cyber. And Gartner predicts that the worldwide information security market will reach $170.4 billion by 2023.