London-based start-up Risk Ledger will today announce the successful completion of a £6.25 million Series A funding round as it targets profitability within the next two years. The British cyber security specialist has now raised £9.8 million since its formal launch in 2020, and continues to grow rapidly, with client numbers now exceeding 5,000.
Forbes has watched Risk Ledger closely since its early days, identifying the company in 2019 as one to watch in the Forbes’ 30 Under 30 report, and revealing its first funding round in October 2021. A little over two years on, co-founder and CEO Haydn Brooks says the business has made good on its early promise. “This should be the last time we need to raise funding because we now have a clear pathway to profitability,” he says. “Our aim is to be profitable within the next two years.”
Risk Ledger’s value proposition lies in its ability to help organisations manage the exposure to cyber security risk that their supply chains create. Risk Ledger’s customers ask each of their current and prospective suppliers to join the company’s platform in order to share a real-time picture of their cyber security maturity and risk exposures.
Risk Ledger can then provide customers with a complete view of the cyber security profile of their suppliers, all monitored on an ongoing basis in a single location. That negates the need for organisations to require each supplier to make unilateral declarations of their cyber security arrangements and frameworks, a burdensome approach that can quickly go out of date.
The cyber security risk posed by suppliers has become an increasing concern for organisations since Risk Ledger’s launch, with a series of high-profile incidents that have caused significant damage. Threats including Solarwinds, Log4J and MOVEit have all focused on supply chains, which represent a weak link in the security chain for many businesses.
The impacts are serious. One recent survey carried out by KPMG found that 73% of organisations had experienced at least one significant disruption caused by a third party within the last three years. A report from Juniper Research suggests the cost of global supply chain attacks could reach $46 billion this year. Accordingly, 85% of organisations now regard third-party risk management as a strategic priority according to KPMG.
Brooks, who launched the business with co-founder Daniel Saul, believe these trends represent a significant tailwind for Risk Ledger. “The fragility of global supply chains that we have seen in recent times has really forced organisations to think about how to protect themselves,” he says. “They’ve become much more suspicious about the risks that their suppliers represent.”
Mapping this risk more comprehensively and in more granular detail is therefore crucial. Brooks describes Risk Ledger’s technology as a “social network approach to supply chain risk management”. Working directly with connected organisations, it can study an organisation’s entire supply chain ecosystem, uncovering dangerous inter-dependencies, concentration risks and potential points of failure.
That idea has resonated with customers, including large organisations in both the public and the private sector with highly complex supply chain networks. Risk Ledger has also developed specialist versions of its product to suit large federated organisations, such as the National Health Service and the Police Force, which effectively run ecosystems of suppliers internally.
Investors have also paid close attention to Risk Ledger, whose revenues have more than doubled in each year of its operation. Today’s funding round is led by the UK venture capital firm Mercia Ventures, with the money coming from the Northern Venture Capital Trust funds that it runs.
“Third-party risk is a major security concern for companies as it is a factor over which they traditionally have little control,” says Mercia’s Adam Lovell. “Risk Ledger offers an exciting new approach to third-party risk management.”
The capital raised is largely earmarked for product development work, says Brooks, though he also plans to boost the business’s sales and marketing resources. “We think the solution to supply chain risk lies in a ‘defend as one’ approach,” he says. “Everyone needs to work together on this.”