Germany's Secfix has locked down €3.6 million in an oversubscribed seed round led by pan-European VC Octopus Ventures. CommerzBank subsidiary Neosfer took part, as did some of Secfix's existing investors and entrepreneurs including founders of Signavio and Blair.
Staying aligned with cyber regulations is an ongoing concern for SMEs as compliance rules around security require internal technologies to be audited and updated at regulatory intervals.
Estimates suggest more than 30 regulatory frameworks now exist in the US, and there's a plethora of global compliance standards to attain as well, ranging from the EU's GDPR privacy framework to cross-border ISO benchmarking, TISAX's secure auto data exchange and SOC 2 service auditing.
A major pain point in cybersecurity compliance is the ISO 27001 certification, regarded as the international benchmark for information security. Founders Fabiola Munguia, Grigory Emelianov and Branko Džakula discovered SME customers were wrestling with ISO 27001's attainment during their earlier management roles at requestee, an ethical hackers' marketplace.
Secfix pegs the potential market opportunity from running certifications support at around $16 billion globally. Its software platform is designed to keep automated checklists for ISO 27001 compliance, updated hourly using data from widespread IT platforms like AWS and Microsoft Azure, the two biggest cloud stacks, as well as Jira, Microsoft's Office365 and the HR management platform Personio.
The seed funding will help to drive Secfix's European expansion, going towards development of enhanced automation tools and other product features, as well as customer success to help clients optimise use cases.
Fred Ellis, investor, B2B software at Octopus Ventures, commented: "Small and medium-sized businesses face ever growing complexity in ensuring data security and meeting the rigorous standards needed to create customer confidence.
"Few businesses have the expertise they need to meet and apply for those standards in-house, and the process can become a drain on time and money. By automating the building of certifiable information security processes and systems, Secfix is improving the quality of information security within SMBs while lowering the cost to the business."