Axio’s solution to quantify cyber risk raises $22.5 million

When it comes to gaining management and board buy-in, measuring and quantifying cyber risk is essential. Security managers who cannot put a financial value on the level of risk in an environment may find it difficult to justify spending on defensive technology.

The problem is that the calculation of risk is complex. However, solution providers like cyber risk quantification offer Axiowhich today announced it has raised $23 million in a Series B investment round led by ISTARI, provides platforms to continuously measure risk and identify gaps.

Axio’s Axio360 solution provides organizations with a single source of truth about their overall cyber risk posture, providing cybersecurity assessments for industry frameworks and standards including NIST, CSF, C2m2 and CIS 18 , as well as cyber risk quantification and insurance stress testing for insurance policy analysis.

This approach, and that of other cyber risk quantification vendors, allows security managers to better communicate the financial value of cyber risks in the environment so they can understand which threats would cause the most damage to the organization and help determine if they have the right level of cyber insurance coverage.

Aligning with cyber risk

As maintaining security and compliance becomes increasingly complex as the threat landscape evolves, more organizations are turning to cyber risk quantification to address their level of threat. exposure.

In fact, according to Gartner 2021 Cyber ​​Risk Quantification Survey nearly 70% of SRM leaders planned to deploy CRQ within the next two years.

At the heart of the challenge of mitigating cyber risk is the fact that security officers and senior executives rarely agree on how they interpret the amount of risk in the business.

“The board, C-suite, and security and risk team are rarely aligned on key issues regarding the organization’s cyber posture and overall performance. Axio drives this alignment and enables leaders to optimize decision-making, prioritization and investments around cybersecurity,” said Scott Kannry, CEO of Axiom.

“When presenting to management, most CISOs struggle to communicate effectively without using rudimentary heatmaps and scoring frameworks that attempt to describe how their program is performing and why certain areas of risk control require more budget,” Kannry said.

Kannry says the end result of this misunderstanding is that security leaders don’t get the funds they need to protect the company, while the board doesn’t get the visibility they need. to see which security investments have the most impact.

Risk quantification solutions like Axio help simplify these communications by enabling CISOs to communicate risks in financial terms.

A Brief Overview of the Risk Quantification Market

The risk quantification market is a relatively new space, but it has seen a lot of investment activity over the past year. Just over a few months ago, cybersecurity posture automation vendor balbix announced that it had raised $70 million in a Series C funding cycle.

Balbix’s platform analyzes several hundred billion time-varying signals from across the network, prioritizing vulnerabilities and providing users with risk insights, while providing a measure of the financial risk presented by the vulnerabilities.

The organization also competes with “active insurance” providers like Coalition, which offer real-time risk assessment to measure real-time digital risk. Coalition raised $250 million in funding just a month ago.

Although Kannry says the main differentiator between Axio and other competitors is that “we focus on impact and help the security leader understand what something is going to cost. We focus on correctness, allowing users to “show off their work” when asked by a board member. »