CultureAI, the human cyber security platform founded by professional hackers, has closed a $4 million Seed round to fuel its rapid growth. The additional capital accelerates product development and enables CultureAI to expand into new markets.
Founded when professional hacker James Moore saw even the best security awareness training made no difference to attackers’ ability to compromise organisations, CultureAI is being adopted by a rapidly growing number of organisations to easily identify and prevent security incidents caused by employees.
“It’s almost unheard of for professional hackers (known as penetration testers) to fail to gain access to an organisation, even if they have great security awareness training for employees,” explains James, who continues “We successfully gain access to organisations’ data and systems every time and it’s almost always as a result of human behaviour or error. As an example, multi-factor authentication (MFA) is often touted as a key cyber defence – yet we find that an average of 32% of employees accept MFA authentication requests sent by attackers, essentially opening the door for them. The traditional awareness training approach simply doesn’t improve behaviours like this – hacking people is still too easy.”
James believes security coaching, not training, is key: “Outside of security, when someone starts to learn a sport or a new skill and wants to improve, they get a coach. A coach observes behaviour, corrects mistakes in real-time, and gives them tailored advice whilst motivating and empowering them by providing the right equipment to perform. A coach doesn’t simply tell them to watch some generic training videos, take a multiple choice quiz and then expect them to be perfect — which is, regrettably, the common approach to security awareness today. We built CultureAI to detect human security risks and automatically use those insights to drive technical interventions and coaching – not simply ‘train’ people. It’s a very different way to managing human risk.”
“CultureAI is revolutionising human security with a data-driven approach, disrupting the $1 billion security awareness industry,” says Jon Stokes, chief technology officer. “Within minutes our platform is detecting human security incidents across the organisation and combining those events with machine-learning to automatically drive cyber security coaching programmes that are intelligently tailored to each employees’ cyber strengths, weaknesses and job role. As human risk events are detected, the platform creates employee security scores to allow organisations to understand their entire human risk surface for the first time. Human security event data is also pushed to clients’ existing security tools in real-time, enabling automated mitigation of human security incidents. The result is people preventing breaches, instant responses to protect people when security incidents occur and the ability to measure security behaviour improvement – something awareness training has never managed.”
CultureAI will leverage the new funding to supercharge its product roadmap and will be significantly expanding its commercial and technical teams in its Manchester city centre office, located within minutes of half a dozen cyber security organisations, including UK government intelligence agency GCHQ. “Manchester has become one of the worlds leading tech and cyber security hubs, we’re excited to be building the team from such a strong local talent pool,” says head of HR Molly Keeton.
The investment was led by Senovo and saw participation from new investors Conviction alongside existing investors Passion Capital. Angel investors Paul Forster (Co-founder, Indeed) and Guntram Friede (Head of Marketing, EMEA Salesforce and MuleSoft) also joined the round to support CultureAI’s disruption of the cyber security awareness market.