Small and medium businesses are the latest targets for cybersecurity attacks, with one in three small businesses experiencing a data breach last year. SMBs are becoming more proactive in detecting and stopping these threats, and today a startup called Cynomi is announcing $37 million in funding to meet that demand.
Insight Partners and Entrée Capital are co-leading this Series B, with previous backers Canaan, Flint Capital, and S16VC also participating. Sources close to the deal told TechCrunch that the company was valued at more than $140 million post-money.
Cynomi previously raised around $23 million (including this seed round we covered in 2022).
London and Tel Aviv-based Cynomi was founded by CEO David Primor, a PhD who previously was the CTO and head of R&D of the Israel Defense Forces; and COO Roy Azoulay, who was a founder and started and led the first startup incubator at Oxford University.
Cynomi leans, at a basic level, into the trend of using AI-based agents to do complicated and high-volume work, but it’s also pushing the boundaries of what we might expect those AIs to do.
CEO Primor describes his product not as an AI agent but as a “virtual CISO” — an automated, AI-based decision-maker that can help smaller organizations understand how to run their security operations.
It’s also building a number of actions this “virtual CISO” is capable of carrying out. It can assess a network, plan a set of security policies, make remediation plans, track progress, run analytics to find vulnerabilities in a network, recommend optimizations for systems, and produce reports on the network status and health.
All of this is not sold directly by Cynomi to SMBs, but via third parties that SMBs typically use for network connectivity and other managed services.
The gap in the market that Cynomi is trying to exploit is a very large one.
Malicious hackers used to focus exclusively on more valuable, larger businesses, but these days, they have started to focus on the long tail in the market. SMBs are numerous, accounting for some 90% of all businesses globally, so tapping into them can make for lucrative pickings.
SMBs face some particular challenges, however, when it comes to budget and manpower, which is where a product like Cynomi’s comes in.
“A virtual CISO service can start at $10,000 to $12,000 a year,” notes Azoulay. “A human CISO would be about at least 10 to 15 times that. It’s about having the knowledge and to be a sophisticated buyer in the sense of finding that CISO. It’s also about having a CISO [be online] the full week, 52 weeks a year.”
That formula, so far, has worked for the startup. Cynomi has seen its annual recurring revenue triple in the last year, Primor said, with more than 100 service providers and consultancies — including big telcos like Deutsche Telekom — reselling Cynomi’s services to thousands of SMBs. Some 80% of its customers are in the U.S., and the company will now be widening its focus to Europe and other markets.
The funding will be used for R&D and business development because the startup believes there is an even bigger opportunity ahead than just virtual CISOs.
“The cybersecurity consulting space is a $163 billion business, but we believe it doesn’t really have an operating system,” said Azoulay. “We believe Cynomi can be that operating system.”
There are dozens of cybersecurity companies out there targeting SMBs, and a sizeable group has identified service providers as their primary sales channel. These include the likes of Vanta, Cohere, Qualys, Coro, Bastion, Guardz. CyberSmart, Cowbell, and DataGuard.
Philine Huizing, managing director at Insight Partners, said that it’s the “vCISO” hook that reeled Insight in as an investor. “We believe Cynomi is defining a new category with its vCISO platform,” she said.
Meanwhile, the startup’s focus on working with managed service providers to deliver the product means it can be tailored or augmented with whatever the service providers are building or selling. That could help differentiate the service and keep it from becoming another commoditized offering.
“MSPs can assess each client’s unique risks, customize strategies by industry, and efficiently manage day-to-day interactions, making them more impactful,” Huizing added.
