Boston cybersecurity ratings startup Black Kite raises VC round

Black Kite, a tech startup based in Boston, said Wednesday it had raised $22 million to expand its cybersecurity ratings service.

The investment in the five-year-old company was led by Volition Capital and also included Moore Strategic Ventures, Glasswing Ventures, and Data Point Capital. Black Kite said it had raised a total of more than $33 million since it was founded in 2016.

The firm uses automated security vulnerability software to assess and rate the status of millions of companies by probing them over the Internet. The ratings are given as letter grades, from A to F, and are based on standards set by MITRE, the nonprofit MIT spinout that focuses on improving safety and security. Black Kite then sells the ratings to customers, such as banks or health care institutions, that need to track the cybersecurity status of their suppliers and contractors.

Black Kite has more than 300 customers, and chief executive Paul Paget said he expects the demand for cybersecurity ratings to take off.

“This business started out in the financial service market, mostly because banks were being required to show due diligence,” Paget said. “But now it’s moved out into health care, manufacturing, distribution, and retail. It’s also moving into government in a big way.”

Paget joined Black Kite in 2019 and has headed several other cybersecurity firms that were eventually sold. He was previously CEO at Pwnie Express, acquired by London-based Outpost24 in 2019, and Savant Protection, which was bought by Digital Guardian of Waltham in 2015.

The funding comes as private financing for startups is booming. Massachusetts-based companies raised over $17 billion in the first half of 2021, more than the total amount brought in last year. Cybersecurity has been a particular focus locally, with mature startups such as Snyk, Aura, and BitSight raising hundreds of millions of dollars at a time.

Although there are many companies in Boston and across the globe working to improve cybersecurity in general, not many are focused on producing vulnerability ratings, Sean Cantwell, managing partner at Volition, said. Black Kite’s direct competitors include Boston rival BitSight, which raised $250 million last month, and SecurityScorecard in New York.

“The weakest link for a lot of companies is data that sits outside the firewall by virtue of third parties they interact with, whether it’s a technology vendor, a marketing agency, it could be a laundry company,” Cantwell said. Black Kite offers “continuous monitoring of third party risk,” he said.

Black Kite’s goal isn’t just to warn customers of potential vulnerabilities with their suppliers but also to prompt suppliers to improve their security. Each rating includes a detailed explanation of what vulnerabilities were uncovered.

“We want it to be a helpful thing,” Paget said. “It’s about raising the bar for security. God knows the industry has spent so much on trying to put in place cybersecurity, and look what’s happening — it’s going in the wrong direction.”

With its headquarters in the Back Bay, Black Kite employs about 30 people in the Boston area and plans to double or triple that number over the next year, Paget said.

Black Kite cofounder Candan Bolukbas previously worked as an ethical hacker for NATO, probing the vulnerabilities in member countries’ websites. He realized that the biggest vulnerabilities originated from the sites of contractors. That led him to create a database to assess and monitor those weaknesses and to found Black Kite, originally called NormShield.

Aaron Pressman can be reached at aaron.pressman@globe.com. Follow him on Twitter @ampressman.

Comments are closed.