Typically, virtual CISO — or vCISO — services take the form of an outsourced or on-demand security practitioner that works as a remote, part-time contractor to offer cybersecurity expertise and guidance to organizations. Cynomi’s platform removes the human component and instead uses artificial intelligence (AI) technology to emulate a human CISO and automate previously manual operations.
Cynomi differs from other vCISO startups in that its focus is on small and medium-sized businesses that rely on managed service and security providers, which David Primor, Cynomi co-founder at CEO, says have become an easy target for malicious hackers because they tend to lack in-house cyber expertise.
“SMBs and mid-market companies are in a bad situation,” Primor tells TechCrunch. “I realized after helping several friends that experienced attacks on their companies that there was a big gap between organizations that have a professional — typically a CISO — and SMBs and MSPs that just have tools. There is no tool that can fully protect a company, and attackers know this.”
Cynomi addresses this gap by providing its cybersecurity platform to smaller organizations, many of which are struggling to recruit cyber expertise due to a widespread skills shortage that has only worsened during the pandemic. “SMBs and mid-market companies are simply not going to win the talent war,” said Roy Azoulay, co-founder and COO of Cynomi.
The startup’s vCISO platform provides organizations with a NIST-based assessment with security scores for specific threats, such as ransomware or data leaks, and a “state-of-the-art” assessment of vulnerabilities and exploits for externally exposed assets.
Cynomi tells TechCrunch that it already has several paying customers in Israel, the U.S. and the U.K., and plans to use the $3.5 million seed investment to expand its go-to-market strategy. The round was backed by SeedIL, Lytical Ventures and a group of business angels including Nir Giller, co-founder of CyberX.
And the startup is confident that while SMBs and MSPs have become a prime target of cyberattacks over the past 18 months — take the Kaseya attack in July last year that exposed hundreds of companies to ransomware — its own offering isn’t too late to the market.
“Everyone last year was rushing to get new cybersecurity tools, but we’re seeing relapses,” Azoulay added. “If SMBs are now protected and everything is good, I’d happily say our mission here is done. But I genuinely think we’re only at the beginning of the cycle.