Risk Ledger, a platform that empowers organisations to mitigate risk throughout their supply chain, has secured £6.25 million in a series A funding round. The round was led by Mercia Ventures, who joined Seedcamp, Firstminute Capital, Episode 1, Village Global, and Finnish VC Lifeline Ventures as investors. Bringing the total investment raised by Risk Ledger to £9.8 million, Risk Ledger will use the funds to further develop their product offer as they build a network of connected organisations to find cyberattacks in real-time.
An increasingly complex threat
Few organisations are unaware of the importance of cybersecurity, and many invest heavily in protecting and testing their networks and systems for vulnerabilities. However, many neglect the risks presented by third parties. An increasing amount of services are provided by third-party suppliers, and this increases the attack surfaces cyber criminals can exploit.
Recent attacks have seen The Metropolitan Police and NHS attacked through their supply chains. Research by KPMG found that 73% of the businesses they surveyed had experienced at least one episode of disruption because of a third-party attack in the past three years. And Juniper Research expects the cost of supply chain attacks to reach $46 billion this year.
Risk assessments typically take on a point-in-time focus. However, this means they can quickly go out of date, and by necessity contain little detail on third-party vulnerabilities. Since it was launched in 2020, Risk Ledger has attracted 5,000 organisations as customers, and is seeing its bookings double year-on-year. This allows them to provide a holistic view of complex supply chains.
By enabling clients to understand the wider risks to which they are exposed, they can control the risk. Unsurprisingly — especially given the National Cyber Security Centre’s warning that state-sponsored attacks on the UK are increasing — Risk Ledger’s clients include those responsible for national infrastructure, financial services, and many public sector clients who all work in understandably strict regulatory environments.
A social network for security
London-based Risk Ledger works like a social network. Member organisations can share a profile of their controls, with details covering 12 separate security domains. And because of the complex relationship within the supply chain, organisations feature as both clients and suppliers, creating a unique — and comprehensive — view of the supply chain security ecosystem.
This allows a client to look beyond their immediate suppliers to identify risks that might come from other services, such as concentration risks or single points of failure. And because it’s a real-time network, that comprehensive overview is constantly updated and available.
Hayden Brooks, the CEO and, with Daniel Saul, the co-founder of Risk Ledger said this mapping is a ‘unique ability’ of the platform which, critically, allows their members “to understand where they sit within their own supplier ecosystem and how different incidents may impact their organisation given those interdependencies.”
Risk Ledger plans to use the funding to support future product development, offer new tools to clients, and to deepen their partnerships in key industries. Mercia Ventures’ Adam Lovell commented on their innovative approach. “Third-party risk is a major security concern for companies as it’s a factor over which they traditionally have little control,” he said. “Risk Ledger offers an exciting new approach to third-party risk management.”
Ultimately, Risk Ledger hopes that their platform will make the online world safer for everyone, and the funding will go towards achieving that vision, says Brooks. “Product releases will allow organisations to both understand and react to security incidents in their supply chain,” he said. “Reducing the impact of such incidents and ultimately leading to a more resilient world.”
