BitSight Technologies wasn’t looking to raise more money from investors when GGV Capital came calling in April.
The cybersecurity ratings startup still had nearly $20 million stashed in the bank from the Series B funding round it raised in June 2015, says Tom Turner, BitSight’s chief operating officer and president.
But BitSight executives decided they couldn’t pass up the opportunity, Turner says. “It’s very hard to raise a late round of funding—at least that’s what we hear from the market,” he says in a phone interview.
The fruits of their negotiations were announced today: Cambridge, MA-based BitSight has closed on a $40 million Series C funding round led by GGV, which has an office in the Bay Area and two offices in China. Previous BitSight backers also contributed, including Globespan Capital Partners, Menlo Ventures, BitSight CEO Shaun McConnon, Flybridge Capital Partners, Comcast Ventures, and others. GGV’s Glenn Solomon will join BitSight’s board.
Five-year-old BitSight has raised $95 million from investors to date, $60 million of which is still in the bank, Turner says. Now, BitSight plans to open up that war chest to accelerate the growth of its sales worldwide and invest more in its products, he says. The 185-person company also plans to hire 100 more people, primarily across its offices in Cambridge; Raleigh, NC; and Lisbon, Portugal.
“We’re delighted to have this unsolicited round of funding,” Turner says. “We plan to use it aggressively, but wisely.”
BitSight makes software that culls publicly accessible data to produce a cybersecurity rating, akin to a FICO credit score, for some 60,000 companies and organizations. The numerical score—which ranges from 250 to 900—can be used to vet potential acquisition targets; monitor the risk of a breach of data shared with vendors and partners; shape the terms of cybersecurity insurance policies; help with internal evaluations of security policies; and more.
BitSight has also created a software platform through which customers can monitor security risks among their network of suppliers and service providers (a payments processor, say)—and the risk profiles of the suppliers to their suppliers, Turner says. The vendors can also go on the platform and provide more context about their security operations, even if they’re not a BitSight customer. The result, Turner says, is productive dialogue around security and “a better system of record” of cyber risks.
Being in a young subsector of security, BitSight must work extra hard to first convince prospective customers that security ratings are a legitimate and useful tool, and then get them to sign up with BitSight. (Competitors in the industry include SecurityScorecard and RiskRecon.)
Turner says BitSight generated over $15 million in sales last year, up from about $2 million in 2014. The company is aiming to surpass $30 million in sales this year, he says.
BitSight has accrued about 450 customers. “That in and of itself is not a monster number,” Turner admits, but he claims it’s enough to put BitSight in pole position as the security ratings sector begins to mature.
With the latest funding, “we have this opportunity to potentially increase our visibility as well as increase the visibility of ratings and the value they bring,” Turner says.
The industry is starting to grab more attention. Turner says technology research firm Gartner has begun watching the “security ratings services market.” And FICO itself recently got into security ratings with its acquisition of Ann Arbor, MI-based QuadMetrics.
“Seeing competition come in is an important validation that the market is real,” Turner says. “It also helps espouse the pain points and the benefits and the use cases for this kind of technology.”