Getting Into Cybersecurity: Why We Invested In OutThink
Cybersecurity has had a lot of interest from VCs over the past few years and it’s no surprise, with global cybersecurity spend estimated at $120bn in 2017, up 35x since 2004. However, the majority of attention has been on technology weaknesses such as endpoint protection and anomaly detection, which has led to the emergence of unicorns such as Lookout, Tanium and Darktrace. Despite huge spend on these areas, security breaches continue to happen with 3,800 disclosed breaches in the first six months of 2019 exposing 4.1bn compromised records, including First American, an insurance provider, which leaked 885m files going back 16 years.
One area of cybersecurity that has gotten a lot less interest is security awareness training, which received a total spend of $490m in 2018, less than 0.5% of total spend, despite the fact that 91% of breaches are reported to have a human element. Unsurprisingly, this space is expected to grow rapidly with forecasts of a $2.1bn market by 2022, a remarkable annual growth rate of 56%.
OutThink’s Unique Proposition
Fast growing markets are great places to build valuable companies and we’re very excited to back OutThink in their journey to build the first predictive human risk intelligence platform. Flavius and the team are going beyond the existing paradigm of cybersecurity awareness to provide Chief Information Security Officers (CISOs, one of the joys of cybersecurity is the number of acronyms) with predictive analytics to identify high risk employees or teams and suggest actions to reduce risky workforce behaviours.
Why did we invest?
Early-mover in a large and fast growing market
As highlighted above, 91% of breaches are reported to have a human element, and the market for security awareness training is set to increase 56% YoY, growing to $2.1bn in 2020.
Unparalleled domain expertise
As an experienced information security professional and former CISO, Flavius has seen the limitations of existing cybersecurity awareness offerings and has built OutThink to address them. Alongside the learning content and phishing simulation offered by existing providers, OutThink captures data about the workforce, allowing CISOs to focus their efforts on high risk employees or teams where they will make the most difference.
Flavius’ expertise in the space really shone through in our meetings but he has also managed to pull together a great team, with Dr Shorful Islam, who has founded a number of data science businesses, recently taking the role of Chief Product Officer and Prof. Angela Sasse (FREng), a leading authority on the human-centred elements of cybersecurity, as Chief Scientific Advisor. Together, this team positions OutThink to build a market leading product that fits the needs of CISOs.
Early traction with limited resources
Beyond the innovative product vision and strong team, we were also impressed by Flavius’ scrapiness and ability to sign up large customers despite limited resources with customers including global banks and FTSE 100 & 250 brands. Calls with customers really drove home how innovative Flavius’ approach was and the level of differentiation within the OutThink platform.
We love businesses that delight their customers and we’re looking forward to working with OutThink going forward.