Complying with privacy and security frameworks like SOC 2, HIPAA and GDPR has become a core part of not only how organizations build trust with their users, but also how organizations work together these days: If they fail to meet the requirements of these frameworks, you might as well. You will lose your business relationship. Today, Leica – one of the largest startups offering tools to meet those compliance needs – is announcing a $50 million funding round, emphasizing growth in this space.
Leica will use the equity, Series C, to continue expanding the functionality of the platform and its broader business line.
Leica today has around 500 customers, a number that has quadrupled in the past 12 months. And it offers integrations for about 100 different software packages to measure how customer compliance stacks up, including integrated audits, penetration testing and security questionnaires (which are being used in RFPs and due diligence before securing contracts).
In an interview, Leica co-founder and CEO Austin Ogilvy said the plan will expand both the number of customers and the number of sources Leica uses to measure data protection and other compliance metrics across its enterprise-wide digital footprint.
Fin Capital is leading this round, with new backers Sentana Growth Partners and previous investors JP Morgan Growth Equity Partners, Canapi and ThirdPrime participating, along with unnamed others.
Other notable previous investors include some of the biggest names in the fintech world, including PayPal, and fintech specialist VCs NYCA and Dash Fund – a full list that particularly reflects Leica’s interest in financial services.
The financial sector has been a significant user of compliance software for regulatory and business reasons at this point for years. But as Ogilvy pointed out to me, we have moved on from the time when financial companies were the main users of prescription tools; That’s one of the reasons why growth is booming for companies like Leica right now, and one of the reasons why Leica has been able to raise a good round at a time when funding is especially difficult for startups. On top of that, together with Leica founders Sam Lee and Eva Pitas (CEO and COO, respectively), the three (pictured above) have a common exposure and experience in insurance, data science and risk protection about the great opportunity the company is facing.
Including this latest Series C, Leica has now raised a total of $98 million. While he didn’t disclose the price, Ogilvy confirmed it was a “healthy move” from Serie B, which Pitchbook notes was $235 million post-cash when it closes in 2021. (In other words, it’s now over $335 million.) For a little more context, two of Leica’s closest competitors in the data protection compliance world, Vanta and Drata, each raised rounds valued at more than $1 billion this year. (See here and here.)
Leica’s growing coffers come in time, and not just because its competitors are also piling up. First, the number of compliance frameworks being created at the international level is growing; And second, the larger the organization or operation, the more complicated the task of ensuring compliance becomes.
Compliance has been a priority for at least the last 10 years, but it has dialed back in the last three, where there have been only explosions of these, with some regulators but others like PCI being optional. Compliance,” Ogilvy said. “If you sell or work with any brand, they do due diligence, which includes safety assessments, and you have to demonstrate that you’re continually working in accordance with those principles.”
Larger customers may have up to 5,000 suppliers reviewed and audited regularly, a task that itself requires automation and a platform approach. But smaller firms also need software, often for slightly different reasons, he said.
“Some come to us without needing to see this. “Using Leica will be your first look at safety assessment documents,” said Ogilvy. Others may be using Leica instead of having enough staff or infosec teams in-house to monitor and maintain these data communications.
Covid has increased the demand for these tools, working more remotely and requiring more applications in the cloud and a generally different security and data protection environment.
There are a number of compliance tools on the market today – no wonder with the ever-present cybersecurity threats and growing awareness among regulators and the general data protection public. Even before Covid really became a vector, the industry was worth about $32 billion a year. This number is projected to reach $75 billion by 2028. Laika – named after the Russian dog, the first non-human sent into space and “a gentle nod to pioneering and exploration”, says Ogilvy – stands out. One of the easiest tools to use and use regularly.
“Leica fills a unique gap in the fast-growing compliance automation and audit management space by providing the only comprehensive, centralized compliance platform,” said Christian Östberg of Finn Capital in a statement. It shapes the existing category as the clear market leader.”
