Hyperproof, a compliance and risk management startup, raises $40M

Hyperproof, a software-as-a-service risk and compliance management company, today announced that it raised $40 million in a funding round led by Riverwood Capital with participation from Toba Capital, an early-stage VC firm.

The tranche brings Hyperproof’s total raised to $66.5 million and “doubles” the company’s valuation from nine months ago, according to co-founder and CEO Craig Unger.

“Although there’s been an economic slowdown, the pace of regulatory agencies passing new laws and ratifying new compliance regimes has only accelerated,” Unger told TechCrunch in an email interview. “For that reason, the compliance industry remains one of the more resilient industries in the tech space and is capturing significant investment and driving important innovation.”

To Unger’s point, there’s been a growing interest from the corporate sector in compliance as a service as new regulations — particularly data privacy regulations — come into force.

At least 25 U.S. states and Puerto Rico introduced or considered around 140 consumer privacy bills in 2023, according to the National Conference of State Legislatures. Meanwhile, the EU recently adopted the Cybersecurity Act, which imposes stricter requirements on businesses storing private data, and the U.S. Securities and Exchange Commission released new regulatory disclosure rules.

Most enterprises are attempting to build a culture of compliance in response. But they’re encountering roadblocks along the way. In a Deloitte survey, 61% of internal compliance teams said that recent increases in the level of regulatory change had had an adverse impact on their ability to perform their role effectively.

Unger, who previously worked for Microsoft developing Windows Live ID, the predecessor to Microsoft Accounts, said that he was inspired to found Hyperproof after dealing with “disruptive” audits that frequently halted his product development efforts. After Microsoft, Unger co-founded Azuqua, a small cloud integration and workflow startup, where he faced similar compliance issues: audits with spreadsheets containing hundreds of security and privacy questions that took hours to complete.

“Here were two contrasting companies — Microsoft, a powerhouse in the technology space, and Azuqua, a small startup — both facing the same error-prone, challenging processes that were universally reviled,” Unger said. “I thought, ‘How could we make compliance efforts simpler and faster?'”

So in 2018, Unger launched Hyperproof, which provides a system of record for compliance data coupled with a collaboration and work management system. Hyperproof seeks to automate “non-strategic” compliance tasks for around 85 compliance and governance frameworks, including FedRAMP, the U.S. federal government-wide compliance program for cloud services and products.

Hyperproof’s compliance and policy monitoring dashboard. Image Credits: Hyperproof

In addition to controls that can be customized for individual frameworks, Hyperproof hosts several software modules designed to support different types of risk and compliance management work.

A risk management module enables teams to monitor risks in a central place, while a compliance operations module allows team members to automate the collection of evidence (i.e., documentation of compliance processes and outcomes) and to view which risks to mitigate issues. Another module, an audit management module, gives teams visibility into audit prep statuses and helps them map evidence from existing controls to audit requests. And a vendor risk management module automatically assesses third-party vendors’ risk profiles and potential impacts.

Hyperproof, which integrates with platforms such as AWS, Google Cloud, GitHub and Cloudflare as well as task management apps like Jira, Asana and ServiceNow, also leverages heuristics and AI to scale compliance and risk workflows, Unger says. Hyperproof’s algorithms and rules try to prevent duplicative work while “creating novel connections between the user data and compliance regimes that require this data,” he explained — ostensibly saving teams time and money.

“Enterprises in the past have taken two distinct paths,” Unger said. “The first is leveraging legacy solutions that are expensive, complex and take a year or longer to implement. The second is using a complex web of existing processes and infrastructure (on-prem or hybrid) along with massive spreadsheets that become impossible to manage. Both paths lead to siloed teams, taxing workflows and no true real-time visibility into an organization’s risk posture. That’s why companies are increasingly adopting flexible and scalable software-as-a-service platforms like Hyperproof that can scale to meet their diverse needs while increasing collaboration between teams and visibility across the organization.”

Now, Hyperproof isn’t the only player in the compliance software solutions market. Far from it. Analysts at Allied Market Research expect that the segment will be worth $3.06 billion by 2027, growing 15.7% from 2020.

It makes sense. A 2018 report from Globalscape revealed that the cost of not being compliant has risen by 45% from 2011 to 2018, with a dizzying average cost of $14.22 million for organizations that experience problems. The same report estimated that the cost of being compliant by using the right tools and training was actually 2.71 times the cost of being noncompliant.

Hyperproof’s rivals include Cypago, which offers tools to automate governance, compliance and risk workflows, and Osano, a data privacy management platform. There’s also Symmetry, which recently raised $18 million for its platform to bolster companies’ data security programs.

But the competition doesn’t appear to have slowed Hyperproof’s growth. The company’s customer base is 130% bigger than it was this time last year, driving its revenue to climb 260% year-over-year. Unger claims that “hundreds” of companies now use Hyperproof to optimize their risk and compliance workflows and mitigate risk, including Motorola, Nutanix and 3M.

“Hyperproof believes audits are crucial but to prepare appropriately, compliance and risk operations need to be implemented throughout the year so that controls are properly managed and tested well before audit time,” Unger said. “Organizations are concluding that their compliance work can be leveraged more broadly to understand and address the risk profiles of their businesses. . . . Hyperproof is a critical piece of a company’s infrastructure, enabling top-down visibility into organizations compliance commitments, progress, and communications.”

Unger says that the proceeds from the most recent tranche will be put toward expanding Hyperproof’s platform and growing its 100-person team, focusing on the areas of product development, customer success, marketing and engineering. On the business side, Hyperproof intends to expand its go-to-market activities into new verticals and locales and “amplify” its partnership efforts.