SensCy rolls out a sensible approach to cyber with an oversubscribed seed round

Why does any conversation about cybersecurity trigger fear, uncertainty and doubt? If we cannot simplify the jargon, the complexity and the management of our cyber risk, who benefits? Who loses?

One spring morning last year, workers at JBS USA, one of the world's largest meat processors found a sign posted at its plant entrance. "Team member: This weekend our company was the target of a cyberattack that has impacted our IT systems. As a result, we will not operate tomorrow..." JBS worldwide operations were forced to shut down, impacting almost 75,000 employees including its Plainwell, Michigan plant, which employs 1200 employees. According to the Wall Street Journal, the company ended up paying $11 million in ransomware to regain access to its own network and resume business.?

A similar cyber-attack at United Structures, a Houston, Texas-based steel structure company led to to its bankruptcy. A ransomware attack permanently encrypted both its tooling and financial accounting software, the company was unable to do much. It lost all “data relating to accounts receivable, accounts payable, current orders, customer information, current CNC machinery files, along with essentially all of its business data.” The company, which was worth $100 million at the height of its business, filed for bankruptcy and Chapter 11 protection. Debtors in bankruptcy are ordinarily required to provide financial data with their bankruptcy petitions, to creditors upon request. The company submitted a statement under oath explaining its lack of access to the financial information. Ransomware drove the final nail in its coffin of the struggling company, and all 79 employees lost their jobs.?

Healthcare providers like Brookside ENT in Michigan and Wood Ranch Medical, California suffered ransomware attacks, locking them out of the patients’ data. Both providers had to ultimately shut down their entire business.?

5X growth in cyber crime losses

Food processing, manufacturing, healthcare - all of these entities were not prime targets for hackers. No longer so. From a hacker’s perspective, disrupting business and holding companies hostage is a very profitable exercise, one which has little or no legal consequences. In 2021, the FBI’s Internet Crime Complaint Center (IC3) received the highest number of cybercrime complaints —nearly 850,000 complaints reflecting more than $6.9 billion in losses. A 5X jump in 5 years!

Yet these figures represent a small fraction of true crime statistics. Companies are leery of additional headaches and reporting overhead, compliance penalties, litigation and try to solve such problems quietly. The FBI estimated it received complaints for only 10 to 12 percent of all cybercrimes. So effectively, ransomware has become a $50 billion annual penalty tax on businesses in America.?

A large and under-served market awaits effective solutions

USA has 6 million small businesses. By far, they are not the favorite segment of any large cyber vendors. They have limited budgets, and these little companies churn out constantly, which in turn impacts the cost of sales and reduces gross margins. Selling to fragmented SMB is ignored by elite vendors. There is no 'there' there in SMB. Too much headache for too little. As a result, cyber for SMB is not an attractive proposition for venture investors. SMB is often at perceived odds with VC investments, their goal being to get outsized returns, as quickly as feasible and driven by the latest technology trends of AI, ML and such. Such collective investor dynamic pushes the growing SMB problem under the carpet, chokes innovation, even as the market needs become exacerbated. But SMB cyber is a weak link in the economic chain. The hack on national retailer Target started with a phishing attack of a heating & cooling (HVAC) maintenance vendor, Fazio Mechanical Services. The vendor was plugged into 塔吉特百货 ’s billing systems, SAP Ariba . Target lost 40 million credit card records and according to its financial reports, ended up spending over $250 million in costs, settlements and penalties.?Fazio’s problem became Target’s problem and one of them paid a pretty substantial price. Resilient SMBs can make the US economy stronger. Today, SMBs are nowhere close to being cyber-resilient. Law firms, accounting firms, health care workers, therapists handle immense amounts of sensitive data. And most of them are sitting ducks for ransomware attacks.??

Market research firm 国际数据公司 's FutureScape: Worldwide Small and Medium-Sized Business 2022 Predictions states that by 2024, 33% of SMBs will experience security breaches, causing business disruptions of at least one week per quarter. Which is a month of disruptions in any given year. (Survey conducted October 2020; n = 2,450). If you ask companies like JBS USA, United Structures or Wood Ranch Medical, the future is already here. And disruption has been a lot more than “one week”. It has been expensive and catastrophic. The IDC report found that a SMB coughs up a median $75,000 for ransomware payments.

Empowering businesses with tools, technologies and practices

Most SMBs lack IT resources and security expertise, have a lower investment in security technologies, and cannot spend on end-user security training and vigilance.?

IDC suggests a three prong guidance approach to tackle this nightmare:

1) Management Buy-in: Educate senior management and business owners about potential losses associated with security breaches to gain alignment on a comprehensive cybersecurity program.

2) Risk quantification: Quantify and incorporate the monetary impact of costs and/or business losses into the SMB's enterprise risk assessment, including direct costs to respond and recover from the breach, financial and productivity losses, direct costs arising from ransom payments, legal fees and regulatory fines, increased expenses from marketing, and long-term lost business tied to the security breach.

3) Policies, Practices and Hygiene: Create management-endorsed cybersecurity policies and procedures for the organization, such as a checklist for purchasing cloud services and mandatory end-user training, to foster a cybersecurity-including culture within the organization.

When passion meets problems?

As they say, what got us here will not get us there. Solving cyber for SMB is not merely a function of technology. When CEO of SensCy, Rick Snyder shared his vision for bringing a human touch to Cyber, it was built upon creating a trusted partnership with businesses, where they help build awareness, develop risk quantification and improve their cyber posture. The Silicon Valley mantra for applying AI / automation to solve everything, including world peace and hunger has its limitations. SMBs cannot afford to spend mucho dinero on cyber, do not have budgets for Chief Information Security Officers (CISOs), nor can they catch up on the latest attack, patch or CVE strain.? Heck, most SMBs are fighting the good fight to make an honest dollar. And the hackers are stealing faster than SMBs can make. Effectively, SMBs are working for hackers, not their customers.?

The art of raising an oversubscribed round in the worst economic climate

To start with, the CEO of SensCy has been an business operator, a VC and a two-term Governor of the State of Michigan. As COO of a publicly traded company, he oversaw its 10X growth in six years from $600 m to $6 bn and successfully sold the company thereafter. As a VC, he understood the pressures on GPs and LPs. SensCy co-founders - David Behen , Dave Kelly Bhushan Kulkarni have well established credentials as former CIO, CISO, COO and Sales. The Chief Growth Officer of SensCy, Raj P. built a $100+ million cyber business from a scratch so there you have it.?A team with valid credentials!

And above all, the fresh 'human approach' of the SensCy offering in the current market is a welcome start. When Rick decided to run for public office, he was a successful VC. Several local business leaders did not believe it was a great idea for him to jump in the cesspool of political muck. When dissuaded, he would remind the nay-sayers that to serve the public is an honor and duty. A few of us who knew him back then were secretly afraid that he might lose the bid - we just couldn’t see this smart white guy kissing babies in Detroit to win votes. Nor could we see him pandering to the lobbyists. But all along, he had a plan. Often, he was ten steps ahead. His election mantra of “Relentless Positive Action” bridged across party lines as he went on to win two successive terms as Governor of Michigan. His training as CPA and law degrees, combined with his ‘one tough nerd’ moniker worked to the State’s advantage. He made a series of bold decisions to get the City of Detroit out of bankruptcy.? During his tenure, Rick was the co-chair of the National Governors Association (NGA) cybersecurity task force, thanks to his pioneering efforts to launch Michigan Cyber Civilian Corps (MiC3) in 2013. As MiC3 built and harnessed the collective expertise of the State’s cybersecurity talent to protect national assets, the Michigan model is being adopted by other states such as Wisconsin and Ohio. Simply put, a state does not have enough resources if a large-scale cyber attack occurred. Ten years ago, MiC3 was ahead of its time and today, it's addressing a mainstream challenge.?

Having a CEO who can plan ten years into the future, make chess moves ten steps ahead, and execute with passion is a great start for SensCy . Assembling a well functioning team, devising a new approach to a growing market pain are all classic underpinnings of a good company. Security needs simplicity. A hi-tech approach needs to be combined with a human touch. The goals laid out by the team are bold, ambitious and today, it’s day one. The oversubscribed round fuels and follows the vision of the valiant. As President Teddy Roosevelt words remind us ... the man in the arena with his dust marred face is the one who matters. Those who strive valiantly ....with great enthusiasm.

Here is to the crazy ones, fighting the good fight to build a better (and a more secure) future.

(Disclosure: Secure Octane Investments is a proud investor in SensCy)