PORTFOLIO NEWS: TechCrunch: Duffl’s David Lin dishes on why traditional rapid grocery delivery is not working  Read More

BROADCAST: Consumers are ‘Frontloading’ Holiday Spending: Larry Cheng on Fox Business  Read More

TEAM NEWS: Tomy Han Ranked #24 on the Insider 71 rising-star VCs who shook up the industry in 2022  Read More

ANALYSIS: Rule of 40 Index, now live with time series data: Explore

VOLITION VIEWPOINTS: Five Ways to Build a Sustainable Execution Strategy (Hint: Be A Thermostat, Not A Thermometer)  Read More

TEAM NEWS: Volition Capital Vice President Claude de Jocas Named a 2022 Top Women Leader in Growth Investing  Read More

Volition Capital Announces Closing of Fund V with $675M in Capital Commitments: Volition Capital Announces Closing of Volition Capital Fund V, L.P. with $675M in Capital Commitments  Read More



Why Volition Invested in Black Kite Third-Party Cyber Risk Monitoring Platform

Cyber security is only as strong as its weakest link, and CISOs today have a big unknown looming in their environments – third parties. Whether it’d be an organization’s supply chain partners or service providers, entities outside an organization’s firewall are holding sensitive data or accessing internal systems. Yet, insight into third parties’ cyber security risk is limited, creating a large blind spot. Black Kite, our newest portfolio company, addresses this gap.

Earlier this week, we announced a $22M Series B investment in Black Kite, a Boston-based third-party cyber risk monitoring platform. Built by former white hat hackers, Black Kite continuously monitors third parties from a hacker’s point of view to identify vulnerabilities and assess an organization’s risk level. Further, it enables organizations to share their findings with third parties alongside step-by-step instructions to mitigate the risks.

Black Kite sits at the intersection of two key themes for Volition: 1) third party/supply chain risk management, including portfolio companies Assent Compliance and TraceLink, and 2) cyber security, including portfolio companies Ping Identity and Securonix. We believe cyber risk will become a crucial component of every Third-Party Risk Management (TPRM) program, and Black Kite has developed a market-leading cyber risk management product loved by customers. We are excited to partner with the Black Kite team to support the Company through its next phase of growth.

The challenge of third-party risk management

Managing third-party risk in general provides a unique challenge – organizations don’t have direct access to their third-party’s data. And without direct access to data, it is difficult to monitor and measure the risk they pose. Through portfolio companies Assent Compliance and TraceLink, we’ve experienced first-hand how software solutions can help bridge this intra-business data accessibility gap.

Within cyber security, managing third-party risk poses an extra layer of complexity. While the difficulties of data accessibility remain, there are additional challenges, including:

  • Questionnaires alone are not enough to understand the cyber risk posed by third parties
  • The security posture of third parties is not static. It needs to be continuously monitored
  • Monitoring and rating third parties at scale requires deep technical and domain expertise

The ramifications of a third-party breach are far and wide. In the worst of scenarios, the third-party breach leads to a breach on the first-party via island hopping by the attackers. In the best of scenarios, there is operational damage as the supplier or third-party cannot deliver its products and services. As a result, cyber risk management has become crucial for not only security teams but also procurement and supply chain teams. Yet, the market is vastly underserved with an effective solution.

So, why did we invest?

We invested in Black Kite because we believe cyber risk will become a key component of every TPRM program, and Black Kite provides a market leading solution. The company’s platform performs continuous scans and collects data from over 400+ OSINT (Open-Source Intelligence) resources internet-wide without touching the target. Then, it scores each entity’s cyber risk using open-source models such as MITRE and FAIR to help rate and quantify a third-party’s risk, enabling effective, continuous monitoring at scale.

Black Kite’s open rating methodology is a key value driver for customers. Its findings and ratings are easily understood by security teams because they’re based on standard frameworks such as MITRE instead of proprietary ‘black box’ models. Further, Black Kite provides step by step instructions on how to address the vulnerabilities that can be shared with third parties, going beyond just scoring them. As a result, customer feedback has been stellar given the transparency, fidelity, and actionability of Black Kite’s cyber ratings. Black Kite aims to help mitigate third-party risk, not just rate them.

Most importantly, we are big believers in the people behind Black Kite. The Black Kite team is world class, led by Paul Paget, CEO, who has decades of experience leading successful cyber security business, alongside Candan Bouklas, CTO and co-founder, who has built the product from ground-up leveraging his experience as a former white hat hacker. Their commitment to customers and innovation, coupled with their passion for helping organizations secure their environments, has impressed us since our first meeting with the team. We are truly excited to be partnering with the Black Kite team and look forward to the journey ahead.

Sign up for our newsletter here:

[hubspot type=form portal=7228887 id=7c89f4bd-066c-4200-bdd2-9f25db71380c]



Tomy Han


Tomy Han



Jake Wasserman

Sr. Associate

Jake Wasserman

Sr. Associate