CyberRiskAware CEO Stephen Burke: Some 95% of security incidents are caused by human error.

Taking a “prevention is better than cure” approach to cybersecurity, Dublin start-up CyberRiskAware is targeting global markets with technology designed to train company staff to identify malicious emails and other cyber threats.

“Some 95% of security incidents are caused by human error’,’ said company founder and CEO Stephen Burke, saying that human error mainly involves the opening by staff of phishing emails containing ransomware, malware and fraudulent requests for money transfers, known as CEO fraud.

“In the last year there has been a 250% increase in phishing scams. Recent figures show that 86% of all email phishing attacks contain ransomware and that 95% of all successful cyber attacks start from phishing.”

Observing the escalation of global cyber attacks, Mr Burke, while working as a chief information security officer for a global financial services company, decided there was a gap in the market for a company offering a proactive approach to cybersecurity.

He said: “There were products but these mostly involve a 40-minute training course which takes place once a year and is just a tick the box-compliance exercise. What is needed to reinforce the message is short and frequent training, with engaging and enjoyable content.”

Believing there was a need for a cybersecurity product which could deliver the right message to the right user at the right time, he set up CRA in January 2016.

Using his own funding, he recruited three other cybersecurity specialists as directors and set about building a minimum viable product. In April, CRA launched a mock phishing platform and an email security course.

“We made our first sale in June to a large UK/Irish retailer. Since then we have had additional sales in Africa and are awaiting the sign-off of several business cases in Ireland and the UK,” he said.

The mock phishing platform is designed to allow employers test employees response to cyber threat and to identify those in need of extra training.

It typically finds that 23% of employees open phishing emails and that 11% of them go on to open attachments or links. In addition, the company offers short training courses courses and videos covering 24 security topics as well as a security assessment quiz.

CRA has also added real time messaging, which according to Mr Burke, is unique to the company and sets it apart from its competitors. It operates by sending relevant messages when risky behaviour, such as using USB keys or downloading from the internet, is detected.

Mr Burke has signed channel partnership agreements with eight cybersecurity and insurance companies — including three in the US, four in the UK, and one in South Africa. Estimating the company platform already has in the region of 2,000 users, he says the plan for 2017 is to ramp up sales.

Revenue is earned from annual subscriptions based on usage and content. The core product is the mock phishing platform.

“We charge a minimum price of €25 per person for this based on a minimum of 100 users, with a lower charge for a higher number of users,’’ he said.

At the end of 2016, the company received €50,000 in competitive Start Funding from Enterprise Ireland which has been used to expand the company’s training range and its website. Identified as a high-potential start-up by Enterprise Ireland, CRA is now planning to embark on a significant funding round.

Mr Burke said: “We will apply for high- potential start-up funding and will also be looking for private funding. Our aim is to raise between €750,000 and €2m this year.”

The funding is needed to market the company internationally and to develop the team. CRA plans to take on at least six staff and aim to achieve a turnover of €1m. It then aims to double that in 2018.

With cyber attacks now estimated to cost €2.85tn a year, he believes there is huge scope for CRA’s e-learning platform.