NEW INVESTMENT: Grove announced a $10 million investment from Volition Capital (“Volition”), a leading growth equity firm that notably was a large investor in Chewy.  Read More

NEW INVESTMENT: Volition Capital Invests $25M in hackajob  Read More

VOLITION NEWS: Volition Capital Named Top 25 Growth Equity Firm  Read More

ANALYSIS: Rule of 40 Index: Year in Review  Read More

VOLITION UPDATE: Volition Capital Announces Closing of Volition Capital Fund V, L.P. with $675M in Capital Commitments  Read More

NEW INVESTMENT: Zenarate AI Coach Transforming How Agents Learn and Perform through AI Simulation Training  Read More

WHY WE INVESTED IN ZENARATE: Why Volition Invested in Zenarate  Read More



Why Volition Invested in Black Kite Third-Party Cyber Risk Monitoring Platform

Cyber security is only as strong as its weakest link, and CISOs today have a big unknown looming in their environments – third parties. Whether it’d be an organization’s supply chain partners or service providers, entities outside an organization’s firewall are holding sensitive data or accessing internal systems. Yet, insight into third parties’ cyber security risk is limited, creating a large blind spot. Black Kite, our newest portfolio company, addresses this gap.

Earlier this week, we announced a $22M Series B investment in Black Kite, a Boston-based third-party cyber risk monitoring platform. Built by former white hat hackers, Black Kite continuously monitors third parties from a hacker’s point of view to identify vulnerabilities and assess an organization’s risk level. Further, it enables organizations to share their findings with third parties alongside step-by-step instructions to mitigate the risks.

Black Kite sits at the intersection of two key themes for Volition: 1) third party/supply chain risk management, including portfolio companies Assent Compliance and TraceLink, and 2) cyber security, including portfolio companies Ping Identity and Securonix. We believe cyber risk will become a crucial component of every Third-Party Risk Management (TPRM) program, and Black Kite has developed a market-leading cyber risk management product loved by customers. We are excited to partner with the Black Kite team to support the Company through its next phase of growth.

The challenge of third-party risk management

Managing third-party risk in general provides a unique challenge – organizations don’t have direct access to their third-party’s data. And without direct access to data, it is difficult to monitor and measure the risk they pose. Through portfolio companies Assent Compliance and TraceLink, we’ve experienced first-hand how software solutions can help bridge this intra-business data accessibility gap.

Within cyber security, managing third-party risk poses an extra layer of complexity. While the difficulties of data accessibility remain, there are additional challenges, including:

  • Questionnaires alone are not enough to understand the cyber risk posed by third parties
  • The security posture of third parties is not static. It needs to be continuously monitored
  • Monitoring and rating third parties at scale requires deep technical and domain expertise

The ramifications of a third-party breach are far and wide. In the worst of scenarios, the third-party breach leads to a breach on the first-party via island hopping by the attackers. In the best of scenarios, there is operational damage as the supplier or third-party cannot deliver its products and services. As a result, cyber risk management has become crucial for not only security teams but also procurement and supply chain teams. Yet, the market is vastly underserved with an effective solution.

So, why did we invest?

We invested in Black Kite because we believe cyber risk will become a key component of every TPRM program, and Black Kite provides a market leading solution. The company’s platform performs continuous scans and collects data from over 400+ OSINT (Open-Source Intelligence) resources internet-wide without touching the target. Then, it scores each entity’s cyber risk using open-source models such as MITRE and FAIR to help rate and quantify a third-party’s risk, enabling effective, continuous monitoring at scale.

Black Kite’s open rating methodology is a key value driver for customers. Its findings and ratings are easily understood by security teams because they’re based on standard frameworks such as MITRE instead of proprietary ‘black box’ models. Further, Black Kite provides step by step instructions on how to address the vulnerabilities that can be shared with third parties, going beyond just scoring them. As a result, customer feedback has been stellar given the transparency, fidelity, and actionability of Black Kite’s cyber ratings. Black Kite aims to help mitigate third-party risk, not just rate them.

Most importantly, we are big believers in the people behind Black Kite. The Black Kite team is world class, led by Paul Paget, CEO, who has decades of experience leading successful cyber security business, alongside Candan Bouklas, CTO and co-founder, who has built the product from ground-up leveraging his experience as a former white hat hacker. Their commitment to customers and innovation, coupled with their passion for helping organizations secure their environments, has impressed us since our first meeting with the team. We are truly excited to be partnering with the Black Kite team and look forward to the journey ahead.



Tomy Han


Tomy Han



This field is for validation purposes and should be left unchanged.

This field is for validation purposes and should be left unchanged.

This field is for validation purposes and should be left unchanged.

This field is for validation purposes and should be left unchanged.