CultureAI has closed a US$10 million Series A funding round led by Mercia Ventures and Smedvig Ventures. Two existing investors also took part, Passion Capital and Senovo, signifying their ongoing belief in the company. This is the third round of funding for CultureAI. It raised $4 million in 2021 and $5 million in 2023.
James Moore, founder and CEO of CultureAI, says: “Imagine having a team of thousands who deeply understand your business and its employees. If this team could review, understand, and fix risks generated by each employee at source, breaches could be reduced by around 80%. While it’s impractical to build such a team, we can emulate its effectiveness using intelligent technology.”
Who is CultureAI, and what does it do?
CultureAI is a Human Risk Management (HRM) vendor with its own platform. It is focused on the cybersecurity risks that people pose to an organisation. It is an approach that has grown out of the failure of existing security training. Existing approaches to security training rely on short courses with little qualitative follow-up. It means it is hard to understand what employees have learned/know and how they apply it.
HRM is a much wider approach than relying on a training course. It is focused on identifying, evaluating, and prioritising risk. Some of the data comes from existing security and system tools. By drawing on the tools and data inside and even outside an organisation, CultureAI measures over 35 different types of employee behaviour.
In addition to monitoring employee behaviour, the company also makes it easy to deliver targeted testing, such as gamifying phishing. The results from that exercise can be used to build targeted training and coaching for individual employees. The system can also track how employees change their risk profile and, if necessary, can be used for additional coaching.
CultureAI delivers its HRM tools on a single platform to reduce the management burden on IT security teams. This allows HR and IT departments to view and remediate risk.
Importantly, this is an informed approach through qualitative, not quantitative, assessment. It is not based on pushing people through security courses and ticking boxes. Instead, assessing risk and targeted coaching delivers significant insights into a business.
What is CultureAI going to do with this funding?
The HRM space has started to become crowded. Security training vendors realise they need to offer additional services and are moving into HRM. CultureAI is already recognised in that space, so what is the money for?
According to the press release, “the company will significantly invest in the evolution of its product and expand its team across all departments, aiming to double headcount over the next 12 months. Additionally, it plans to increase its market profile and presence in the US.”
Expanding its presence in the US makes sense. The company is already well positioned in the UK. However, other international markets, such as Europe, Asia, or Australia, are not mentioned.
Enterprise Times: What does this mean?
To date, reducing the impact of human risk has been patchy, if not ineffective. The belief that yearly self-paced training courses would fix it has finally been dispelled. One reason for that is that threats change far faster than the training. Additionally, a standardised training course for everyone in the business is just too blunt a tool.
The emergence of HRM has also moved the conversation away from just blaming users. Instead, it looks at technical measures to help improve understanding of how human-driven breaches occur. From there, it is about targeted training and even individual coaching.
However, this is not a magic bullet that can make enterprises safe. User credentials are now a tiny majority compared to those of devices and software. The question is, when will we see the same attention put into securing those?
