Self Assessment

Goldman Sachs-backed cybersecurity startup helps businesses predict threats with intel inputs

Published On : 2020-05-25
Share :
Goldman Sachs-backed cybersecurity startup helps businesses predict threats with intel inputs

Published in YourStory on 25 May 2020

By Sohini Mitter

This Goldman Sachs-backed cybersecurity startup helps businesses predict threats with intel inputs

Cybersecurity startup Cyfirma is helping Fortune 500 companies and government agencies prevent potential cyberattacks with its AI-led platform


Kumar Ritesh is a cybersecurity veteran. In his former role, he headed the cyber intelligence practice at Britain’s ‘secret intelligence service’ MI6. “My life has been a bit of an adventure. I worked in state intelligence for almost eight years,” he tells YourStory.

In 2016, after his injunction got over, Ritesh joined global analytics company, and went on to set up its cyber analytics division – Cyfirma – in 2017.

Cut to October 2019, Cyfirma was backed by investment banking and financial services giant Goldman Sachs, and later, demerged from Antuit to become an independent entity. “It was always a part of the agreement that once we grew, we would become a separate company,” Ritesh reveals.

The startup is headquartered in Singapore and Tokyo, with an office in Bengaluru, where most of its product engineering happens.

“Even though cybersecurity and threat analytics are gaining importance globally, the focus largely lies on risk management than on risk prevention. That is the mindset Cyfirma wants to change with DeCYFIR, its threat discovery and cyber intelligence platform.” With threat visibility and predictive analytics, the startup helps businesses connect the dots between threat actors, motives, methods, and campaigns (attacks).

Founder-Chairman-CEO Ritesh says, “The way cyber intelligence is looked at is changing in the last two or three years. Earlier, companies saw it as just another tool that can be added to their security infrastructure. But now, the market has begun to understand that cybersecurity is not just a disaster management thing; it can also be applied in strategy, compliance, policy, and all business decisions.”

Cyfirma claims it has on-boarded four new customers during the pandemic as the world moves towards a full-blown trade war (including cyber warfare) between the West and China, where the coronavirus originated.

“More and more enterprises are now waking up to the need for predictive cyber intelligence for their businesses,” Ritesh says.

Cyfirma’s core intelligence platform

Cyfirma offers its clients comprehensive real-time insights and intelligence into emerging cyber threats, attacks, hacking scandals, and more.

The platform enables businesses to understand the methods and motives behind potential cyberattacks, and helps them prepare for it accordingly.

Its cloud-based threat discovery platform uses predictive algorithms to crawl through discreet sources like the dark web, deep web, hacker forums, closed communities, P2P channels, intelligence agencies, and even social and public discussion forums to identify threats.

“We collect almost 100GB of data every eight hours,” says Ritesh.

This data is stored in Amazon Web Services (AWS) servers and analysed to help businesses understand the context of the threat and prepare against cyber risks.

Ritesh elaborates, “businesses can apply our threat intelligence to build their risk frameworks. We tell them things like which critical assets could the hackers break into, what the motive behind an attack is, what are they looking for — IP or financial gains, what could the likely mode of attack be — phishing, email or malware, and so on.

“We also help our clients understand the readiness of hackers– how soon are they going to launch a potential attack,” he adds.

DeCYFIR uses AI and ML-led “analytical probability models” to prevent attacks. The data collected from secret sources is processed by these models to throw up indicators on the threats.

“We go three levels down from just identifying a malicious IP,” explains the founder.

However, Cyfirma does not execute any cyber programmes on their clients’ behalf. “We are likewhistleblowers. We leave it to our clients to take action on the intelligence update we provide,” Ritesh adds.

Without disclosing names, the founder shares that Cyfirma’s intelligence platform was able to save $400 million for one company. That amount would have been eroded off its topline if an imminent cyberattack wasn’t prevented.Incidentally, global cybercrime damages are projected to reach $6 trillion annually by 2021, according to Herjavec Group, a leading cybersecurity advisory firm.

Business model and growth

After almost two years of product development, Cyfirma rolled out its threat intelligence platform in 2019.

The startup has roped in 20 clients from across sectors, includingmanufacturing, technology, IoT, IT /BPO, banking and insurance, broadcasting, and more. “Our solution is sector-agnostic,” says Ritesh.

Cyfirma claims itsclients include global Fortune 500 companies, consulting firms, law enforcement agencies, defence establishments, and even governments.

Ritesh says, “CISOs (Chief Information Security Officers), CROs (Chief Risk Officers), CIOs (Chief Information Officers) and CCOs (Chief Compliance Officers) are our primary customers. They understand the severity of the threat and the quality of intelligencewe provide.”

The global cybersecurity market estimated to reach $188.8 billion by 2023.

The startup shares that its total contract value (TCV) stands at $3.5 million, and is expected to grow 2X to $7 million by the end of the year. “COVID-19 has been a boon for us,” says the founder.

“With companies sending their employees remote, they are worried about their data and IP. We give them insights on what we are seeing in the hackers’ community and all the anonymised conversations, and advise them on how to protect their data,” he adds.

Cyfirma has a three-pronged approach to revenue: a SaaS-based pure-play model, which gives clients access to the threat prediction software; a software + services model, which gives them reports, analytics, and account management personnel; and a third-party data model, where intelligence collected by Cyfirma is shared with other agencies.

It also provides cyber education to its clients to train their employees and contractors.

Funding and future roadmap

Earlier in February, Cyfirma raised an undisclosed Series A round from Z3P Partners, which joined its early backers Goldman Sachs and Zodius Capital. The total funding raised by the startup now stands at $8 million.

Gautam Patel, Managing Partner, Z3Partners, said at the time of funding, “Cyfirma’s offering is well-timed with the rapidly increasing demand for quality threat intelligence to guide digital transformation and drive business results. The platform is a powerful solution to bring threat intelligence conversations into boardrooms across all industries.”

The startup plans to utilise the funds in product engineering, hiring fresh talent, and expansion across new territories in Asia-Pacific and the US. “We plan to use the money on research and market expansion. We haven’t explored the US yet, that is on the cards,” says the founder.

Cyfirma’s India team is based out of Bengaluru.

Cyfirma also plans to grow its team from 44 to 70. It is looking to close a Series B round of $25 million by the end of 2020.

It operates in a global cybersecurity market estimated to reach $188.8 billion by 2023, according to Gartner. Cyfirma competes with Recorded Future, FireEye iSIGHT, LogRhythm, Anomali, and others.

In India, the cybersecurity opportunity is projected to be $13.6 billion by 2025, according to NASSCOM. The growth of the sector is being driven by the increased awareness about cyber threats, and push from regulatory agencies.

Ritesh sums up saying, “India has started to take cybersecurity very seriously. There have been many advocates in the last few years, and cybersecurity has grown with the rise of smartphones and digitisation.”

(Edited by Saheli Sen Gupta)


This site is registered on as a development site. Switch to a production site key to remove this banner.