The winding road to Hoxhunt’s $40 million Series B funding round leads to the moon, with Mika Aalto, Hoxhunt co-Founder and CEO

Cybersecurity training platform Hoxhunt, Finland’s fastest-growing SaaS company according to Deloitte, today announced it raised $40 million in its Series B round led by New York-based Level Equity Management, along with participation by existing investor The new funding will aid the development of Hoxhunt’s leading-edge technology and accelerate growth in new markets, particularly North America. But there's more to it, too.

Post hero image

Table of contents

Our $40 million Series B funding round with New York-based Level Equity Management meant overcoming a perfect storm of economic factors brought on by the global pandemic, war in Ukraine (and Finland’s and Sweden’s NATO status), and historic levels of inflation and stock market volatility that have slowed startup funding in 2022. But Hoxhunt didn’t just weather the storm. As a company forced to make its own way through trying circumstances, we emerged stronger and more resilient than ever, and primed for outstanding growth. Aiming to double revenue this year, we are actively doubling our workforce and on the lookout for great people.

What a ride. Climb aboard!

Hoxhunt doubled head count over this past year. Our explosive growth in Europe and quick rise in North America with companies like DocuSign and G2 has made Hoxhunt the fastest-growing SaaS company in Finland with 4284% growth over four years, according to Deloitte. Our A-list customer base stretches from Helsinki and Berlin to Chicago and Silicon Valley. Hoxhunt has received numerous recognitions from the world’s top software review site, G2, where Hoxhunt is the highest-rated security training solution based on feedback from CISOs, admins, and all other users.  

“Funding is all about timing,” said Hoxhunt co-Founder and CEO, Mika Aalto. “In February of 2020, Hoxhunt was experiencing fantastic growth and talks were heating up with many investors. Then the pandemic hit, and we decided to find an alternate route to growth and scale. We were selective about when and with whom we would partner, and under what conditions. We have been tested by a lot of factors beyond our control, and we’ve adapted like a scrappy startup should. Hoxhunt has proven we are built to last and we are going to take our security awareness mission to the next level.”

Cybercrime is worsening. Cybersecurity awareness innovation is needed.

Cybercrime is a booming industry and demand for security training will, unfortunately, only increase. Cybercrime is projected to cost businesses $10.5 trillion globally by 2025, up from $3 trillion in 2015, according to Cybersecurity Ventures. After 2021’s “Year of ransomware” collapsed the cyber insurance industry, premiums shot through the roof while coverage shrank--and government compliance and regulations tightened--leaving risk management in uncharted territory. State-sponsored cyber attacks are expected to worsen with the fallout from the war in Ukraine; and looming economic recession in Russia could drive even more people into the cyber crime industry. As the Verizon Data Breach Investigations Report noted, the global shift to cloud computing has made breaches far more dangerous to larger ecosystems due to software supply chain vulnerabilities, like the catastrophic Log4J vulnerability.

The US government has responded with more cybersecurity compliance and reporting regulations. And businesses are responding with increased cybersecurity budgets: spending is projected to grow from $262.4 billion in 2022 to $458.9 billion in 2025 according to CSV, with tightening regulatory and insurance pressure driving higher expenditure on awareness.

As leading experts like Dan Lohrmann, George Finney, and Ira Winkler told Hoxhunt in its CISO Sandbox webinar series, cybersecurity awareness has become a must-have, not a nice-to-have, and businesses need better training programs. People and their inboxes represent the initial point of attack in at least 82% of breaches, according to the Verizon DBIR, including some of the most high-profile attacks in history like Colonial Pipeline, Sony Pictures, Facebook, and Google.

Level Equity has investment experience in the security awareness space, notably with Wombat security, who was acquired by Proofpoint for $225 million in 2018.

“There is tremendous growth potential in the cybersecurity awareness category, which we at Level Equity Partners are thrilled to invest in again with Hoxhunt, who we see as best-in-class in terms of innovation, product design, and leadership,” said Sarah Sommer, co-Founder and Partner at Level Equity Management. “In just two years, the number of cybersecurity unicorn companies has jumped from 6 to over 50, but too few are security awareness vendors. Next-level security training represents a huge opportunity in terms of ROI and, more importantly, doing good for the world.”

As the threat landscape evolves, so too must security training. Traditionally, security awareness was just a box that had to be checked, and solutions comprised tedious-if-not-torturous, cookie-cutter training sessions triggered upon failed phishing simulations. Geared for compliance, old school security training was really meant to obtain insurance and avoid penalties, not necessarily to lower risk of a breach. But the game changed over the pandemic with the shift to remote work and cloud computing. In today’s climate, risk needs to actually be reduced at the people layer, by far the largest attack surface.  

The market threw curveballs. Hoxhunt hit them out of the park.

“During the due diligence process, even as the war in Ukraine broke out and the market started to wobble with historic losses in tech company valuations, Level Equity Management said they actually got more excited to invest in us,” said Mika. “Everything, they said, was best-in-class. Our technology stack, our business results, our product design, and to me, most importantly, our people. This is just an amazing, awesome team, and that shines through everything we do, from our products and innovation to our  unrivalled customer retention rates.”

Hoxhunt turned the whole industry on its head by evolving beyond compliance and designing a behavioral psychology-based learning experience that people actually like. The inaugural 2022 Hoxhunt Behavioral Cybersecurity Statistics report analyzed results from 1.6 million users' responses to 24.7 million phishing simulations and found that cybersecurity behavior can, and does, change dramatically with good training. The training needs to be based on rewarding success, not failure, and the learning experience should be gamified and personalized to automatically adapt to individuals' skill level, language, and job function.   And, importantly, the phishing simulations should be frequent and dynamic, developed from the actual threats the Hoxhunt user base is reporting. To hear what all of that looks like in practice, check out the case study and “This is your brain on trust” webinar with Lisa Kubicki, Director of Trust & Security Training & Awareness at DocuSign.

“Finland is known for our education system, our social togetherness, our talent for happiness in challenging conditions, and perhaps most importantly today, our security due to our geopolitical positioning,” said Mika. “Hoxhunt happens to touch all four of those bases. To borrow an American phrase, that’s made us not just a hit but a home run with our American partners. Keeping people happy while they learn to report email threats keeps them and their surrounding environments more secure from catastrophe.”

Learn more at the CISO Sandbox webinar: Cybersecurity at Step Zero, with CISO, Chris Castaldo and Hoxhunt CTO, Pyry Åvist

CISO Sandbox webinar: Cybersecurity at Step Zero, with CISO, Chris Castaldo and Hoxhunt CTO, Pyry Åvist
THURSDAY, JUNE 2, 2022: 8-8:30 AM PST | 11 AM EST | 4 PM GMT 6 PM EET

Great security cultures build long-lasting businesses. Join Chris Castaldo, author of Start-up Secure and the Chief Information Security Officer at Crossbeam, and Hoxhunt co-founder and CTO Pyry Åvist on June 2nd 2022 for a live webinar on how to create a business that is built to last through every phase of growth, from founding to funding to exit. Questions are welcome! These lessons are applicable to everyone, not just start-ups!

Learn more and register here.

Want to learn more?
Be sure to check out these articles recommended by the author:
Get more cybersecurity insights like this