Why We Invested: Ostra Cybersecurity
More than 75% of cyber attacks target small and mid-sized businesses (SMBs) with the average total cost of a data breach reaching nearly $3 million in 2021. It’s critically important for businesses of all sizes to keep systems and data secure from cybercriminals, but best-in-class, enterprise-grade protection has not always been accessible or affordable for most SMBs.
Ostra’s comprehensive solution provides SMBs with access to cybersecurity that rivals the type of protection the world’s largest companies rely on. Ostra combines the latest generation of cybersecurity tools, technology and talent into one fully managed service that protects against email threats, ransomware attacks, malware infiltration and more.
Rally Ventures recently led Ostra’s $3.5 million Series A financing. The Ostra executive team are entrepreneurs with decades of experience in cybersecurity and strategic operations, and we are thrilled to welcome them into our portfolio!
1. Why do you think comprehensive cybersecurity solutions have largely been out of reach for most SMBs? Why hasn’t the industry focused on this market?
There have been a few attempts to bring the cybersecurity tools and solutions used by the enterprise market to SMBs, but they really are two very different markets. This is partially due to the sales process. It’s much easier to sell into a large company and win one large deal for hundreds of millions of dollars than it is to go target hundreds of smaller businesses.
The SMB market is also more do-it-yourself. As a small business owner myself, I try to do everything on my own to save money. For example, in the early days of Ostra I did the accounting and payables myself instead of hiring an accounting team. Cybersecurity gets treated the same way. Small business owners try to tackle it themselves in order to save money.
We also hear more about the attacks that affect large enterprises, like the Colonial Pipeline cyber attack or the SolarWinds breach. We don’t hear about the small dentist office that got attacked by ransomware and had to close its doors, so people tend to think attacks only affect big business. There’s an attitude of it’s not going to happen to me because I don’t have anything that’s important. Which just isn’t true.
2. Ostra has a robust channel partner network. Tell me more about why you chose that business model and how you’ve made it a success.
Because small business owners usually aren’t IT experts, the SMB marketspace uses trusted advisors to make their IT purchases. These advisors are often managed service providers (MSPs). Since IT and cybersecurity have historically been lumped together, these are also the people our clients look to for cybersecurity advice. Developing relationships with trusted advisors is where we’ve found success. Having that relationship and building trust has enabled us to have a sub 1% churn rate over the last 4–5 years.
We initially tried to sell direct until we found out how inefficient it was to find the potential clients who would most benefit from our services, and then individually determine where each client was in their buying journey. When we did find clients who were a good fit, we usually discovered that they were relying on outside advisors. So, we started building relationships with these advisors who had an established portfolio of clients with cybersecurity needs. Through this process we learned how Ostra could successfully fill gaps in the market for both clients and advisors.
3. Mike, you have 20+ years experience in cybersecurity. What are some of the biggest learnings you’re bringing forward into Ostra?
We want our mission and values to extend into the services we provide for our clients. For years, I’ve watched friends who own small businesses deal with ransomware breaches that they couldn’t figure out how to solve. It was hard because solutions did exist, but they were designed for large enterprises. I founded Ostra to bring SMBs the successful services and solutions that I built and deployed for Fortune 10 companies.
I want to bring transparency and open communication into this business, which unfortunately a lot of product and service providers lack. Having the willingness to listen and really work together requires a higher touch relationship, but that extra effort with partners and clients permeates the relationship and affects how you’re respected and known in the industry.
Cybersecurity is complex and will only get more complex. The vast majority of SMBs just want to build their business. They don’t want to worry about cybersecurity or have to build a department around it. Our mission is to be the team that provides a full umbrella of protection, so people can focus on their business and sleep at night knowing we’ve got everything covered.
4. What are your top priorities now that you’re funded?
Our focus is on building repeatable and scalable processes as we continue to rapidly grow. This involves investing in technology, hiring the right people and testing and communicating each process — whether it’s related to sales, operations, finance or the partner lifecycle.
A big part of scaling effectively is also us (Mike and Joe) letting go. There’s a reason you hire smart people and step back, so we can focus on other areas of the business. One area we want to focus on in the near future is the differentiators in the services we provide. We want to expand our Intellectual Property, so we’re a great investment for everyone.
5. What is the most important thing to get right in the early stages of building a company?
Culture and values are the most important thing to get right. Everything else will come as a result of that. If we build the right culture and hire the right people who have the same drive, care and willingness to ensure our customers are getting the right solution, then that culture will help us scale the right way.