It’s never been easier to start a ransomware criminal enterprise. Between ransomware-as-a-service (RaaS) toolkits and anonymous crypto tokens like Bitcoin, bad actors today can extort organizations of all sizes. In fact, data shows that ransomware attacks are on the rise globally: last year, the portion of data breaches caused by ransomware grew by 41%, and the average cost of a ransomware attack was over $4.5 million. U.S. banks and financial institutions processed a whopping $1.2 billion in likely ransomware payments in 2021, almost triple the amount of the previous year, and the total payment volume is expected to be much higher considering most ransomware payments are conducted in bitcoin and not USD.
Ransomware tools typically operate by scanning vast numbers of public internet addresses in an attempt to identify known vulnerabilities. And, it goes without saying, that cyberattacks have the potential to bring any business to a grinding halt. For example, a ransomware attack could result in a loss of access to all employee accounts, and in the scenario a business is rendered motionless for even a week, the chances of bankruptcy are high.
While most larger enterprises have the resources to protect their systems via the latest updates, patches, and proactive cyber intrusion detection tools, small- and medium-sized businesses simply don't have suitable resources to protect their networks.
The problem is only growing due to a shortage of cybersecurity talent. Some estimates put the shortage at 3.4 million workers globally, with 700,000 unfilled security jobs in the U.S. alone.
So how are small businesses supposed to protect themselves if they don’t have the right resources? Eye Security believes small- and medium-sized businesses should rely on experts when it comes to mitigating their cyber risk. Small and medium-sized enterprises (SMEs) typically don’t have access to Managed Detection and Response (XDR) protection. By outsourcing their cybersecurity to providers like Eye Security, high-tech security becomes available to SMEs.
The Eye Security founding team, consisting of Job Kuijpers, Vincent van de Ven and Piet Kerkhofs, hails from the Dutch Intelligence Service (AIVD). The team has decades of collective experience defending government and commercial entities, a depth of expertise that the typical SME would never be able to implement on its own. But XDR businesses have been around for several years and many of them have grown rapidly, so what's changed?
We think the XDR industry is poised to grow even faster due to the growing need for cyber insurance policies. In recent years, demand for cyber insurance has skyrocketed. The global cyber insurance market is estimated to grow to $20.6 billion by 2025, almost tripling its size in 2020.
While having an XDR solution in place reduces the risk of being hacked, no cyber security offering can provide 100% protection, especially since so many successful attacks are the result of human error. Hence, businesses typically seek cyber insurance for one of three reasons: as a form of economic protection against a loss of business caused by cyber incidents, as a required component of a vendor assessment needed before doing business with customers, or both. However, insurers have been learning the hard way, through profit-eliminating losses, that cyber insurance policies can only be appropriately priced if the underwriter has detailed visibility into the security posture of the customer. This is where XDR vendors such as Eye Security come in. By providing visibility into its customers’ cybersecurity health, Eye Security helps its broker partners to properly price their cyber insurance policies. We think this will help keep loss ratios as well as policy prices, which are tightly linked, manageable for business customers.
We also believe now is the time for services like Eye to scale across Europe, a market that has traditionally lagged the U.S. in terms of cloud adoption. As we identified in our 2022 State of the Cloud report, cloud adoption in Europe stands at 10% penetration of IT spending compared to 15% in the U.S., and we expect it to rapidly catch up over the next few years. We further believe European customers will require a localized solution that meets data privacy, compliance, time zone, and language requirements. Eye Security currently operates in The Netherlands, Germany, France and Belgium and has plans to further expand across Europe.
We at Bessemer are excited to work with the team at Eye Security in their mission to protect small and medium sized businesses. We believe it has the potential to be another category defining SMB software company, similar to other early stage BVP investments such as Shopify, Toast, Pipedrive, Service Titan, Wix, and others. We’re also thrilled to add another European software-as-a-service (SaaS) company to our portfolio as we remain bullish on the future of European cloud and SaaS.