Security Experts:

UK Email Threat Firm Tessian Secures $13 Million Series A Funding

London, UK-based start-up Tessian has raised $13 million in a Series A funding round led by Balderton Capital. Existing investors Accel, Amadeus Capital Partners, Crane, LocalGlobe, Winton Ventures and Walking Ventures also participated. It brings Tessian's total funding, including initial Angel investments and seed funding, to $16.8 million.

Tessian uses machine learning artificial intelligence to prevent sensitive data leakage via email. It was founded in 2013 by Tom Adams, Ed Bishop and Tim Sadler, who first met as students at Imperial College, London before moving on to careers in investment banking. It was here they realized the extent and danger of accidental data leakage via email -- and saw a market gap for a preventative product.

Data from the UK's data protection regulator, the Information Commissioner's Office (ICO) shows the single greatest category of reported data security incidents in the UK during the first quarter of 2018 was data sent by email to the wrong person. With the likelihood of such incidents attracting more attention and potentially greater fines under GDPR (effective from May 2018), it is a simple business error that needs to be addressed. 

"It's human nature to fear scary things like hackers or malware," explains Sadler, "but we often don't think twice about the dangers behind something as familiar and ingrained as sending an email. In reality that's where an overwhelming threat lies."

"What Tessian has done," comments Balderton Capital partner Suranga Chandratillake, "is apply machine intelligence to understand how humans communicate with each other and use that deeper understanding to secure enterprise email networks." As an investor he sees great potential for expanding the approach into other forms of human business communication. "The genius of this approach," he continues, "is that while the product focus today is on email -- by far the most used communication channel in the corporate enterprise -- their technology can be applied to all communication channels in time. And, as we all communicate in larger volumes and on more channels, that represents a vast opportunity."

Both Chandratillake and Accel partner Luciana Lixandru will join the Tessian board. "Since our seed investment just over a year ago," she said, "the company's ability to address a fundamental data security risk has been reflected in its strong growth and a string of blue chip client wins."

That growth has seen annual recurring revenue increase by 400% in the last twelve months, with staff levels increasing from 13 to 50 people. Clients include Schroders, Man Group and Dentons and over 70 UK law firms. 

Chris White, global CIO at international law firm Clyde & Co LLP, commented, "Misaddressed emails are a major cybersecurity problem that all organizations have to deal with, but trying to train human error out of employees is near impossible. Tessian's machine intelligence plays a vital role in helping mitigate these kinds of errors and ensure that customer data remains secure and private. The speed and ease of deployment of Tessian," he added, "has been unparalleled by any other solution we've dealt with, and has been our quickest GDPR win to date."

Tessian uses machine learning to understand normal email communication patterns and automatically identify email security threats in real time. It analyzes enterprise email networks to understand normal and abnormal email sending patterns and behaviors, detects anomalies in outbound emails and warns users about potential mistakes, before the email is sent.

"Our belief at Tessian," co-founder and CTO Ed Bishop told SecurityWeek, "is that organizations' security has moved on from perimeter firewalls, and even endpoint security. I think we are in a third phase here, where humans are the real endpoints of the organization." If you look at how hackers try to break into a company, they're not so much hacking devices as hacking the humans.

"We are focused on building security for the human endpoint," he continued. "In short, we are thinking not just about outbound email threats, but also inbound email threats; and in going beyond that to understand what are the other ways in which humans leak data within an enterprise."

The new funding will be used to expand its product offering and increase its sales and marketing teams. It is likely that the product will be expanded to directly address the BEC and phishing threats before the firm moves on to other forms of business communication.

Related: Email Leakage - An Overlooked Backdoor to GDPR Failure 

Related: Cisco Launches New Email Security Services 

Related: DMARC Not Implemented on Most White House Email Domains

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.