We’re excited to announce our investment in Protos Labs, a Singapore-based cybersecurity company that quantifies cybersecurity risk using a real-time approach that adapts to the changing cyber threat landscape.
The average cost of a data breach in the financial sector was US$5.97 million in 2022, making cybersecurity one of the most critical areas of concern in the BFSI industries. To quantify the potential impact of an organisation’s cybersecurity risk, insurers and contractors typically deploy statistical techniques and data analysis, which can be arduous and expensive.
Protos Labs, the Singapore-based company that joined Investible’s portfolio in late 2022, has adopted a first-of-its-kind threat-based approach to help insurers underwrite their cyber risks against an ever-changing cyber threat landscape, one of the perennial problems that has plagued the cyber insurance industry.
The Investible Early Stage Fund 2 invested in Protos Labs alongside TIM Ventures (a FWD-backed VC), Plug and Play, GK Accelerate, 1337 Ventures, and other ultra-high-net-worth individuals based out of Singapore. In these investment notes, we will explore the opportunity in the cybersecurity risk quantification market, why we invested in the founder duo of Joel Lee and Simeon Tan, and Protos Labs’ traction moving into the future.
Cybersecurity threats are becoming more lethal; risk management hasn’t kept pace
T.Mobile paid out $350m to customers, Yum! Foods shutdown 300 Pizza Hut, KFC, and Taco Bell stores, and Medibank’s data breach exposed the personal information of up to 9.7 million customers.
As our digital world increasingly evolves, the risk of cybersecurity attacks carries a progressively larger price tag for companies, both financially and reputationally. Cybersecurity insurers and underwriters are under more pressure than ever to assess the risk of their clients against a highly-volatile cyber threat environment, but until now, current approaches to cyber underwriting have been largely static and consequently, inadequate.
To date, the three most prevalent approaches have been a compliance-based approach, a maturity-based approach, and a risk-based approach. While many organisations have moved from compliance-based and maturity-based approaches to a risk-based one, this approach is still only loosely informed by real-world data, relying instead on generic risk scenarios or historical data alone.
For risk quantification to be accurate, the data informing the risk assessment must be rooted in the real world.
A proprietary system for assessing real-world risk
Protos Labs was founded in August 2021 by Joel Lee (CEO) and Simeon Tan (CTO). They met while running the cybersecurity practice at the multinational consulting firm Booz Allen Hamilton. There, they advised multinational clients in the BFSI and government sectors on cybersecurity strategies and operations, culminating in the development of the industry's first threat-based cybersecurity risk management framework that was implemented across a Global 500 Bank and presented to 2 national regulators.
This framework analyses real-world threats and scores them against the organisation’s internal cyber resiliency rather than relying on risk ratings or generic risk situations.
Protos Labs represents the next step in this framework’s evolution. Its flagship software, Nexus, deploys the threat-based approach into a SaaS platform that automatically analyses thousands of real-world threats daily, enabling insurers and enterprises to accurately quantify their cyber risks and reduce the likelihood of a breach. It employs a proprietary threat-based approach to analyse thousands of real-world threats daily, score them against the organisation’s internal cyber resiliency, and use the outputs to assess its cyber risks in dollars and cents.
Targeting two sides of a market
Currently, the company aims to serve two key segments: large enterprises with a cyber risk management programme and underwriters of cybersecurity insurance.
Protos Labs enables enterprises to move from manual and static cyber risk assessments to automated assessments with real-time risk exposure calculations, significantly deepening visibility across their business critical applications, assets and controls. In addition, their technology pinpoints which cyber investments will yield the greatest return on investment, opening the door to optimised cybersecurity budgets.
Existing approaches for insurers are purely statistical and do not account for the ongoing changes in the cyber threat landscape when constructing their risk models. With the increasing severity and malleability of cyber threats today, it is impossible to accurately estimate the risk inherent in cyberattacks using only statistical methods. Protos Labs combines statistical-based approaches with continuous threat-scenario analysis, creating a dynamic risk quantification, preventing them from getting blindsided by catastrophic threats, and allowing them to reduce loss ratios and achieve better risk selection.
A well-equipped team for a burgeoning market
The founders of Protos Labs, Joel and Simeon, bring considerable experience in the cybersecurity world to this venture, with not only technical knowledge under their belt but business knowledge too. Joel had prior experience in cybersecurity in classified intelligence agencies and banking environments, in addition to his work at Booz Allen Hamilton. He had also started and exited another business which achieved 40X revenue growth in its 1st year. Similarly, Simeon had utilised his expertise while working at DNV, OT-ISAC and Booz Allen Hamilton to advise some of the largest critical infrastructure operators and government agencies.
Although the Southeast Asian cybersecurity market is still in its early stages, the company is gaining traction and paving the way for the widespread adoption of their threat-based approach. The market is expected to grow significantly in the coming years, and the company's approach is drawing strong interest from insurance underwriters who may lack the necessary expertise to assess cyber threats and quantify associated risks.
Joel and Simeon have already established a partnership with a Malaysian insurer in the cybersecurity insurance sector, onboarded large enterprise clients in Singapore, and landed a historical-first - a significant grant from the Cybersecurity Authority in Singapore worth S$600k in collaboration with the Nanyang Technological University. These are all firm nods of approval for such an early-stage company.
We’re excited to back Protos Labs in this oversubscribed round and journey with them as they set a new standard for cybersecurity risk management.