Viso Trust assesses third-party cybersecurity risk with AI, raises $3M

Viso Trust, a  platform that uses AI to perform cyber risk assessments, today announced it has raised $3 million. The company plans to use the funds to support expansion and hiring efforts, as well as sales, marketing, and R&D.

It’s estimated that over 65% of security breaches are attributable to third-party failures. The pandemic has heightened the concern among legal and compliance leaders, 52% of whom worry about the risks posed by remote work. While the need for faster vendor security reviews has prompted some companies to use abbreviated questionnaires or outside-in assessments to conduct shorter reviews, security analysts can spend hours every day sending and processing documents.

Big picture

Viso Trust aims to lighten the workload by offering a holistic view of risk, leveraging a “social due diligence” network and AI to deliver continuous reports about third parties. The platform automatically extracts data from source documents and audits to surface key information about third-party relationships.

“The goal of third-party risk management ranges from reducing the likelihood of data breaches and costly operational failures to meeting regulatory requirements,” cofounder Paul Valente told VentureBeat via email. “Unfortunately, the tools available for us to manage third-party risk, such as GRC platforms, security ratings, and audit exchanges, were too clunky, overly time-consuming, inaccurate, and most of all, expensive. Adding to the mix was the scale of our operations as a global fintech. We knew there needed to be a better way to run the vendor due diligence process.”

One early customer, Ilumio, claims Viso Trust has enabled it to bring the security staff time per third-party relationship down from more than eight hours to 30 minutes.

“Leveraging our prior experience and vast networks, we built a solution that solved the problem and validated the core concepts and value proposition with over 300 chief information security officers and security professionals,” Valente said. “Going forward, we believe we can reduce time spent in covering additional major areas of risk, such as business continuity and privacy, to nearly instantaneous.”

Market demand

Kelley Mak, principal at Work-Bench, a Viso Trust investor, says he saw a need in the market due to the proliferation of software-as-a-service tools in the enterprise. While cumbersome processes hamstring security teams attempting to evaluate tools at the speed of business, they face rising security threats and the hidden risk of third parties. Just 35% of organizations rate their third-party risk management program as highly effective, and only 34% have an inventory of their vendors, a 2018 study from Opus and Ponemon Institute found.

“Viso Trust [is] building a cyber due diligence platform that leverages intelligence and automation to eliminate all questionnaire-based interactions and deliver continuous automated due diligence accurately across any number of vendors,” Mak told VentureBeat via email. “The founders felt this pain firsthand when they led security at LendingClub and ASAPP and had to onboard and evaluate the risk of hundreds of third parties.”

Work-Bench led San Francisco-based Viso Trust’s seed round, with participation from Sierra Ventures and Lytical Ventures.