U.K. Cyber Startup Founded by Former Analysts Backed by Sequoia

(Bloomberg) -- Sequoia Capital has backed a London-based cybersecurity startup founded by a trio of former banking analysts, who were surprised how often documents such as deal-term sheets were accidentally emailed to the wrong person.

Tessian Ltd. has received $40 million to fund its growth, according to a statement Wednesday. U.S.-based Sequoia is leading the new funding round. Existing investors Balderton Capital, Accel Partners and LocalGlobe are also participating, the company said.

Valuation terms of the new financing were not disclosed but Tim Sadler, Tessian’s 30-year old co-founder and chief executive officer, said in an interview that the funding valued the company at "well over $100 million."

Originally called CheckRecipient, Tessian was founded in 2013 by three graduates from Imperial College in London who had initially joined banks including HSBC Bank Plc and Royal Bank of Scotland Group Plc. At these financial institutions, Sadler said, the three realized how often market-sensitive information was accidentally emailed to incorrect recipients.

The trio developed software that uses machine learning to predict whether an employee might be accidentally sending an email to an incorrect recipient. Tessian launched its first product in 2015 and now employs more than 100 people, Sadler said.

The company will use the money from the new funding round to expand in the U.S., where it recently opened an office in New York, as well as to enhance its research and development, Sadler said. Matthew Miller, a Sequoia partner, is joining Tessian’s board. TechCrunch originally reported the investment from Sequoia.

Miller said in an interview he was impressed with Tessian’s emphasis on humans, rather than computer networks. "Most of the security companies have been focused on software to protect systems," he said. "The thing that is distinctively different about Tessian is that they are saying, we are going to help you protect your people."

Sadler said that current cybersecurity training for employees "is not fit for purpose," and that "it is extremely difficult to train out human error or people being tricked." He noted that many companies don’t train employees to filter their own spam emails -- instead they rely on software that automatically screens out spam -- and that this is the way companies should address spear-phishing too.

Europe’s new data privacy law, which went into effect in May 2018 and which carries hefty penalties for data security breaches, has boosted Tessian’s business, he said. The company cited figures from the U.K. Information Commissioner’s Office that 86 percent of data incidents reported to the regulator between 2017 and 2018 were caused by human error.

©2019 Bloomberg L.P.