More Information

OutThink raises £8.8m in seed funding

The world’s first cybersecurity human risk management platform, OutThink, which combines machine learning, natural language processing and applied psychology to identify individuals’ attitudes and behaviours, has raised £8.8 million in its latest funding round, led by Albion Capital.

The funding will allow OutThink to continue expanding its technology leadership and accelerate international distribution.


Why We Invested in OutThink


While economics, political instability and climate change rightly dominate the headlines, cybersecurity remains a huge and growing problem. Last month, Nicolai Tangen, the CEO of the Norwegian sovereign wealth fund, told the Financial Times that he’s more worried about cybersecurity than the markets (even after a $174bn loss).

Uber is the latest high-profile business to suffer a significant cyber breach. In Uber’s case, a common social engineering compromise allowed a teenager to dupe an employee into providing access to sensitive data. A hack into an organisation holding 75m user credentials came down to human, not technological, risk. And according to the UK ICO, >90% of breaches are caused by human error.

The way of dealing with human error has historically been training, even though it doesn’t work. Many employees fail to complete cybersecurity courses; even after intensive courses, a third of employees click phishing links.

Instead of teaching people lists of rules and expecting them to obey, OutThink predicts individual risk and enables organisations to better manage that risk by providing highly targeted, in-the-moment training via Slack and Teams. In doing so, OutThink empowers employees to become the best protection against cyber threats, rather than the Achilles heel.

OutThink achieves this by playing into two long term unstoppable trends: data driven personalisation and the ‘tiktokisation’ of content.

OutThink 2


Data driven personalisation

For an end-user, OutThink seems deceptively simple. However, the ability to provide highly targeted rather than generic support is a result of complex machine learning algorithms that leverage subjective (sentiment, productivity, engagement) and objective data (data from security tooling e.g. EDR, SIEM, DLP etc), to identify and predict risk down to the individual level.

Building this capability required an impressive trifactor of cybersecurity, technology and psychological expertise, which fortunately the OutThink team has. OutThink was built by Flavius Plesu (a former CISO) and Matt Slater (a brilliant technical architect), with the support of cutting-edge research on human-computer interaction by UCL Professor Angela Sasse.


‘Tiktoktisation’ of content

Identifying where the individual risk sits is necessary but not sufficient. Based on the human risk intelligence collected, OutThink also dynamically triggers in the moment training. Training is digestible, personalised and bite-size – finally alleviating end users from long-form, generic modules! “Micro learning” is not only quicker, easier and cheaper to make, it is better and more enjoyable to consume. We have seen this through the virality of TikTok – short, fun and to the point videos engage audiences best. Introducing this approach to employee training will help with engagement, information retention and productivity.

All in all, we believe OutThink has an entirely differentiated take on this market and the opportunity to build a transformational business where current leaders have reached massive scale, despite superficial products.