London-based cybersecurity firm Risk Ledger will unveil a £2.1m seed funding round today as it builds a new platform that its founders hope will revolutionize supply chain risk management. Funding, from investors including Lifeline Ventures, Seedcamp, Firstminute Capital, Episode 1 and Village Global, reflects explosive growth in Risk Ledger, with revenue up 300% since it launched its commercial platform in January 2020.
The Risk Ledger, identified two years ago as one to watch in Forbes’s 30 Under 30 report, is located in a critical area of the cybersecurity market, where organizations are increasingly concerned about their risks due to the vulnerabilities of their suppliers. One recent study found that 80% of organizations experienced a breach arising from a weakness in one of their suppliers.
However, while cybersecurity leaders are aware of the risks posed by their suppliers, they are struggling to confront the problem. The traditional approach is to ask each supplier to define their approach to cybersecurity, so that their strengths and weaknesses can be assessed, while mitigating problems where necessary. But for organizations dealing with large numbers of suppliers, this is very stressful; Also, it simply provides a snapshot of a resource’s cybersecurity at a given moment in time, which quickly becomes obsolete.
“What we do is fundamentally different,” says Hayden Brooks, CEO and co-founder of Risk Ledger. “Our platform provides a means by which organizations can really lift the lid on their suppliers’ cybersecurity in order to know exactly what they are doing.”
The idea is that any organization concerned about supply chain risks can join the Risk Ledger platform and then ask existing and potential suppliers to do the same. The platform then allows suppliers – who pay nothing for registration – to share a real-time image of their cybersecurity protection, so that customers can evaluate it on an ongoing basis. Then, the organization has a better view of its suppliers’ arrangements, with the monitoring process taking place in a single platform.
It is a premise that is proving attractive to a growing number of large organizations. Ledger Risk has already signed nearly 40 organizations with complex supply chains, including NHS Test & Trace, BAE Systems Applied Intelligence, City of London Police, Schroders Personal Wealth and online retailer ASOS.
“So far, all the work organizations do on supply chain risk has effectively been about creating a paper shield — requiring suppliers to document what they do in cybersecurity,” Brooks adds. “There is very little available to organizations that really want to do more than that, and are taking effective steps to protect themselves.”
The risk ledger is ambitious in the long run, but it develops its value proposition in strides. Phase one saw the platform itself roll out as a procurement tool, with organizations able to use it to define cybersecurity expectations of suppliers. The second stage, currently offered by the company, goes further, providing the functionality Brooks describes — connecting the Risk Ledger platform to supplier systems so that organizations can interrogate their security in real time, rather than just asking for a description.
In time, Brooks sees the ledger adding a third layer, with a data and insights layer that aggregates data on vulnerabilities and threats across its platform to provide everyone with early warning of emerging problems and dangers. This will see the platform evolve into an advanced threat intelligence system.
Today’s Funding Risk Ledger will help move this development process forward, ensuring that additional engineers can be hired, for example. The criticism will also mean that the company can begin to market itself more actively, having built its customer base so far largely through word of mouth.
Ledger-risk investors are excited about the business’s potential. “We wanted to be a part of Risk Ledger’s growth journey because they had the right product at the right time,” says Petteri Koponen, co-founder of Lifeline Ventures. “As supply chain abuses become so prevalent and regulators globally enforce better risk management, the Risk Ledger platform is well positioned to become the unspecified tool of choice for the industry and market penetration at scale.”
The network’s potential for business is particularly enticing. As suppliers sign up for the platform in order to meet the requirements of one customer, they become advocates of the Risk Ledger brand, because it makes sense for them to treat other customers the same way. “The platform’s potential for viral replication is unique,” Koponen adds.
So much so that Hayden believes that today’s round of funding should be enough to ensure that the ledger can achieve critical mass. “Plan doesn’t need a Series A round,” he says. “The customer value we’ve gained so far, far exceeds what you would normally expect for a startup in our phase.”