
French cybersecurity startup Riot has announced a $30 million Series B funding round, following its achievement of $10 million in annual revenue in 2024. Initially focused on cybersecurity awareness training, Riot is now evolving its approach to proactively minimize employee attack surfaces.
The funding round is led by Left Lane Capital, with continued participation from existing investors Y Combinator, Base10, and FundersClub. TechCrunch reports that this Series B round values Riot at over $170 million post-money.
Riot’s initial approach involved simulated phishing campaigns, where employees receive realistic-looking but fake emails designed to test their susceptibility to phishing attacks. This training evolved to include additional educational content delivered through a friendly security chatbot named Albert, accessible on Slack and Microsoft Teams.
This strategy has proven successful, with Riot now engaging with 1 million employees across 1,500 companies, including clients like L’Occitane, Deel, Intercom, and Le Monde. This represents significant growth from just 100,000 employees a couple of years ago.
Despite these efforts, cyberattacks continue to rise. The recent Change Healthcare data breach, affecting 190 million Americans, highlights the ongoing vulnerability stemming from compromised credentials and inadequate security measures like multifactor authentication.
This reality has driven Riot to expand its services beyond education. “Our job is to look at employees’ posture,” explains Benjamin Netter, Riot’s founder and CEO. “Do they activate multifactor authentication? Do they have a secure code on their smartphone? Are their privacy settings on LinkedIn not too permissive? There are plenty of things that employees can put in place that will generally make life more difficult for hackers.”
Riot’s new product, an Employee Security Posture Management platform, aims to provide a centralized dashboard for managing employee-level security. While numerous Posture Management solutions exist, Riot believes employee security has been a neglected area.
The platform will automatically analyze employees’ security practices and assign a “karma score” reflecting their overall security posture. Subsequently, it will prompt employees to implement specific changes, such as activating multifactor authentication or adjusting settings. “It’s the little things you can do that will take you a minute or two, and that will basically make life difficult for hackers,” Netter adds.
This new direction presents challenges for Riot, as employee security is influenced by their cyber hygiene on personal devices and services. Phishing attacks are increasingly common on platforms like WhatsApp, and LinkedIn profiles are often exploited for social engineering.
To address this, the new security product will incorporate elements of consumer product design, including engaging animations and gamification features to incentivize improved security practices.
Netter’s long-term vision is to build a comprehensive employee security company, providing a full suite of tools. He even suggests future possibilities like developing antivirus software or a password manager.
The Series B funding will fuel Riot’s rapid growth, enabling the company to open international offices and expand its client base as it develops these more sophisticated security products.