Axio, a platform for cybersecurity risk evaluation, today announced the closure of a $23 million Series B round led by Temasek’s ISTARI, with participation from investors NFP Ventures, IA Capital Group and former BP CEO Bob Dudley.
Axio CEO Scott Kannry tells TechCrunch that the proceeds — which bring New York–based Axio’s total capital raised to $30 million — will be put toward product and engineering team development and supporting go-to-market functions and expanding across “key geographies.”
This round brings Axio’s total funding to $30 million, including a $4.5 million Series A round closed in 2018.
Axio was co-founded in 2016 by Kannry and Dave White, who say they were inspired by the difficulty companies often have making decisions around cybersecurity investments. Kannry led the cyber insurance team for several years at Aon, while Dave came from Carnegie Mellon and spent the bulk of his career architecting cybersecurity frameworks, including a model — C2M2 (Cybersecurity Capability Maturity Model) — adopted by the U.S. Department of Energy.
Axio is led by president David White, and CEO Scott Kannry, a former Aon vice president.
We are ecstatic about securing this Series B investment round that now gives us the means to meet the growing global demand for cyber risk quantification. The attack landscape has demonstrated that old, faith-based strategies that simply layer on controls without a clear understanding of what to prioritize have done little to reduce susceptibility.Scott Kannry, CEO and co-founder of Axio
“We started this company to help CISOs understand how they should spend their next dollar, through risk mitigation or risk transfer (insurance). Cyber-attacks will happen and since hackers are continuously innovating, CISOs need to improve in tandem to ensure cyber resilience.” – Axio president and co-founder David White.
Axio aims to help businesses answer questions like whether they should invest in cyber controls (e.g., endpoint security) versus cyber insurance and how much of a budget a security team needs to reduce the likelihood of a loss, Kannry said. The product produces reports that quantify cyber risk in financial terms without resorting to scores and technical jargon, allowing departments to input information to generate metrics showing how a company is — or isn’t — improving over time.
Startups like BitSight offer similar products that assess the likelihood an organization will be breached. But Kannry says that Axio differentiates through a focus on modeling the impact of cyber scenarios. In other words, Axio worries less about probabilities when evaluating risk and more about their severest effects.
Axio recently introduced dynamic scenarios that let companies model “what if” scenarios to help them understand how to prioritize their security controls. It also inked strategic partnerships with several large cyber insurers, which Kannry says leverage Axio’s platform as part of their cyber insurance underwriting processes.