Organisations have been laser focussed on protecting their own networks, applications, physical premises and people against cyber security attacks but have neglected their exposure to suppliers. Indeed, over the past 3 years, a staggering 73% of organisations have been affected by a third-party security breach. Helping these businesses toughen their resilience against such attacks, cyber security business Risk Ledger is today announcing it has raised a £6.25 million series A funding round to strengthen supply chains.
The funding round was led by UK investor Mercia Ventures, which joins Seedcamp, Firstminute Capital, Episode 1, Village Global as well as Finnish VC Lifeline Ventures as investors. To date, Risk Ledger has raised a total of £9.8 million in venture funding.
Recent cyber attacks on The Metropolitan Police and NHS Trusts through their supply chains have the potential to compromise the UK’s national security and private citizen data. A threat alert by the National Cyber Security Centre is also warning of increased state-sponsored attacks against UK critical national infrastructure. Supply chain attacks are on the rise, and can have severe impacts, as the Solarwinds, Log4J, and MOVEit Transfer attacks have shown. According to recent research by KPMG, 73% of the surveyed organisations have experienced at least one significant disruption, caused by a third party, within the last three years, while 85% said that their business considers third party risk management (TPRM) a strategic priority. The cost of global supply chain attacks is expected to reach $46 billion this year (Juniper Research).
Organisations are increasingly trusting others with critical business functions and sensitive data, meaning vulnerabilities can appear anywhere in the supply chain, from suppliers to partners. Traditional, point in time cyber security risk assessments make for poor quality data that goes out of date fast, offering little protection.
Risk Ledger offers an innovative social network approach to supply chain risk management, allowing organisations to use the platform as both clients and suppliers, able to share with connected organisations a single profile of their controls across 12 security domains, including ESG and financial risk. This reveals relationships in many directions and allows for a unique visualisation of the entire supply chain ecosystem, and the uncovering of critical interdependencies, concentration risks and single points of failure well beyond immediate third party connections. It also results in more accurate and real time data, giving organisations the ability to make better decisions to protect their business from supply chain threats.
Haydn Brooks, co-founder and CEO, at Risk Ledger commented: “The unique ability of Risk Ledger to map relationships and interdependencies in the supply chain allows organisations to
understand where they sit within their own supplier ecosystem and how different incidents may impact their organisation given those interdependencies.”
Risk Ledger has seen rapid adoption over the past two years and today counts over 5,000 organisations with 17,000 users across large public sector and financial services organisations as customers. Client bookings have consistently doubled year on year, or more, since the company launched its platform in 2020.
Risk Ledger’s growing international client base includes many organisations in sensitive sectors such as critical national infrastructure, financial services and the public sector, which face particular regulatory scrutiny and need to demonstrate how they effectively limit the risks emanating from their suppliers. Speaking about the value Risk Ledger provides, the former Divisional Information Security Officer at the UK Health Security Agency, David Malkin, stated that “Risk Ledger provides us with a more holistic, real time view of our complex supply chain, helping to identify and remediate potential vulnerabilities and issues early.”
The new funding will fuel future product development to equip Risk Ledger’s clients with tools to combat supply chain security attacks and allow Risk Ledger to deepen partnerships within key industries.
Mercia Ventures invested from its Northern Venture Capital Trust (VCT) funds. Adam Lovell of Mercia Ventures added: “Third-party risk is a major security concern for companies as it’s a factor over which they traditionally have little control. Risk Ledger offers an exciting new approach to third-party risk management. Haydn and Daniel have made remarkable progress in developing the business to date and have a very clear view of the way forward. We are delighted to support their ambitious growth plans.”
Risk Ledger’s mission is to build a global network of connected organisations all working together to defend-as-one, detecting, responding, and ultimately preventing cyber attacks in real-time. Risk Ledger aims to enhance security through collaboration and the exchange of information.
Haydn Brooks added: “As we push forwards towards our vision, our platform will open up new capabilities within supply chain security. Integrations and future product releases will allow organisations to both understand and react to security incidents in their supply chain, reducing the impact of such incidents and ultimately leading to a more resilient world.”