There are a growing number of cybersecurity regulations designed to keep business and customer data protected. In 2022 alone, more than 40 U.S. states introduced 250 bills focused on cybersecurity, according to the National Conference of State Legislatures. And more are on the way.
The trend’s a clear win for consumers. But some firms are struggling to keep up with the emerging standards and certifications. According to one survey, 63% of companies — concerned about the consequences of noncompliance — plan to spend more money this year on compliance and risk.
That’s been to the benefit of startups like Cypago, which attempts to automate cybersecurity processes and workflows around cyber governance, risk and compliance. Founded by Arik Solomon, a former EY executive, and Yahav Peri, previously an officer in the Israel Defense Forces intelligence corps, Cypago has raised $13 million in funding (plus $2 million in debt) led by Entrée Capital, Axon Ventures and Jump Capital.
Solomon says he was inspired to launch Cypago by his experiences at EY, which involved helping companies through exhaustive security assessment exercises. CISOs and security teams often had trouble manually validating their security programs against their business requirements, he says, which discouraged them from reaching full compliance.
“The cyber governance, risk and compliance criteria is only going to become more stringent and complex, and for businesses to effectively meet quickly evolving standards, the latest AI and tech will need to be deployed,” Solomon told TechCrunch via email. “We at Cypago have set out to help security teams overcome challenges in the space with a turnkey software-as-a-service platform that allows for easy implementation, fast adoption and API-based integrations with existing tech stacks.”
Cypago, which is designed to play nicely with both cloud-based and on-premises environments, taps AI to attempt to automate the work involved with collecting and analyzing data related to security, compliance and privacy controls. Across different tools and services, via no-code workflows, Cypago enables customers to measure and test their security programs against standards and common frameworks.
For example, Cypago can parse a company’s service documents to identify — and even fill — potential gaps in security policies. And it provides access to an AI assistant called Co-Pilot, which delivers answers to natural language questions about a company’s overall cybersecurity and governance, risk and compliance posture.
“Cypago leverages proprietary-built models, specifically tailored for the cybersecurity governance, risk and compliance domain, that are able to analyze, understand and generate complex texts in documents and policies,” Solomon said. “These capabilities, combined with data from integrations with existing cloud and on-premise tool stacks, makes Cypago the first-of-breed platform to provide full cybersecurity visibility and enforcement from documents to systems’ data.”
Certainly, Cypago promises a lot. And it’s not competing alone in a governance, risk and compliance market that was estimated to be worth $47.22 billion in 2022, according to Grand View Research.
Beyond the roster of solutions from Oracle, HPE, Thomson Reuters, IBM and other established vendors, there are a number of governance, risk and compliance management software upstarts vying for attention. See Osano, which helps companies monitor and manage their risk and compliance with privacy laws like GDPR; Kompliant, which focuses on financial compliance; and Kintent, which seeks to abstract away a range of traditional enterprise compliance tasks.
Is Cypago differentiated? Does it deliver on all of its claims? Perhaps. In any case, the startup’s seeing relatively healthy uptake, according to Solomon, with a customer base that spans “dozens” of brands, including Check Point, Hippo Insurance and Trigo.
With the new cash, Cypago, which is based in Tel Aviv, plans to grow its R&D division and product teams to support its go-to-market efforts in North America and the EU. Solomon says that the startup’s team will expand from 26 employees to “30 or more” by the end of the year — an impressive commitment given the current political unrest in Israel and its effect on the local tech sector.
“The pandemic only accelerated the demise of the corporate network perimeter,” Solomon added. “Likewise, with the sustained movement to remote work and an increasing reliance on hybrid and multi-cloud services, organizations are now faced with more headwind in terms of achieving and maintaining governance, risk management and compliance across disparate frameworks and environments.”