HyperComply co-founder and CEO Amar Chahal believes that “the way companies build trust with each other is fundamentally broken.”
Security reviews are a necessary procedure designed to assess the cybersecurity and compliance of potential B2B software vendors. Amid the already significant and rising cost of cybercrime, Chahal says prospective buyers “must do due diligence” on their supply chain given that most of the damage from cybercrime can be traced back to third-party suppliers.
“If you look at every other player in the space, everyone is very invested in perpetuating [questionnaires].”
But as Chahal puts it, the typical security review process is “long, manual, [and] painful,” and can take weeks or months to complete, resulting in slower sales cycles or, potentially, lost deals. According to Chahal, the proceess typically involves a questionnaire in a spreadsheet, an “antiquated [and] time-consuming” mechanism for B2B software vendors and buyers alike.
Chahal aims to change that with Toronto-based HyperComply. Founded in 2019 by Chahal and CTO Cody Wright, a pair of early Vidyard employees, HyperComply offers a third-party risk management platform that automates the security review and due diligence process—including the completion of those pesky questionnaires.
“If you look at every other player in the space, everyone is very invested in perpetuating this security review mechanism, which doesn’t really work,” Chahal told BetaKit in an interview. “[The security questionnaire is] not an effective mechanism for building trust and building continuous trust between organizations.”
With funding from a list of prominent early-stage Canadian VC firms that includes Golden Ventures, Garage Capital, and Panache Ventures, HyperComply’s ultimate goal is to do away with the security questionnaire altogether and become “the de facto way for companies doing business with each other to build trust.”
HyperComply has raised a total of $10 million USD to date. This amount includes $6.4 million USD in previously unannounced equity seed funding that closed in January and was co-led by new investors Toronto-based Golden Ventures and New York’s FirstMark Capital. HyperComply raised this funding in part to fuel the launch of its new Due Diligence product.
The round saw support from Kitchener-Waterloo-based Garage Capital and Montréal’s Panache Ventures. Both previously invested in HyperComply’s $3.6 million USD pre-seed financing in 2019, which was led by Garage Capital with participation from Panache Ventures, Montréal-based Inovia Capital, Toronto’s N49P Ventures, SkyRocket, and undisclosed angels.
HyperComply’s origin story dates back to its founders’ days at Kitchener-Waterloo marketing and sales video hosting platform Vidyard, where they worked under Vidyard co-founders CEO Michael Litt and CTO Devon Galloway, both of whom are general partners at Garage Capital. While at Vidyard with the company’s engineering team, Chahal and Wright encountered a “huge pain point”—navigating security reviews while trying to close customers.
“We started HyperComply with a really simple mission of ‘hey, let’s make this process as fast and easy as humanly possible for sales and security teams,’” said Chahal.
Today, the CEO says HyperComply’s software can compress this process into one or two business days and about half an hour of review work—what Chahal claims is a “10x compression in the amount of actual work required to turn these things around.”
“The impact is shorter sales cycles and increased efficiency across the organization, especially in a market like today where efficiency is the name of the game,” said Chahal. “We see ourselves on the supplier side very much as an efficiency driver and a revenue accelerant.”
HyperComply caters to B2B software companies that deal with any sort of sensitive data. The company’s approach has led to some strong early results: HyperComply has amassed hundreds of clients, many of them fast-growing software firms based in North America like Alloy, FullStory, Heap, and Salesloft. Chahal said the startup currently generates over $1 million in annual recurring revenue (ARR) with “well north of 140 percent” net dollar retention.
After focusing most of its efforts to date on helping sales teams on the vendor side with its Security Questionnaire offering, HyperComply is now “aggressively expanding” into serving the other half of the equation—procurement and risk assessment teams with customers looking to purchase B2B software—with its Due Diligence product.
Chahal said HyperComply faces competitors on both sides of the buyer-supplier aisle. On the supplier side, HyperComply operates in the same space as RFP providers like Toronto-based Loopio and Oregon’s RFPIO, which Chahal described as “short-term” competitors given the startup’s focus on serving both suppliers and buyers.
HyperComply also competes against a newer group of supplier-serving players like San Francisco-based SecurityPal and France’s Skypher, which also focus on automating security questionnaires. What sets HyperComply apart from these companies, argues Chahal, is its use of both AI and a team of experts, versus simply outsourcing the problem.
On the due diligence side, Chahal cites established companies like Kansas-based Archer and Georgia’s OneTrust. “The core long term differentiator here is going to be that they’re all very questionnaire-driven,” said Chahal. “[Questionnaires are] static, one-size-fits-all approaches to a very complex and changing problem.”
In taking an AI-powered, both-sides approach to the space, Chahal says HyperComply is charting a path less trodden.
“The pain point they’re going after is only growing … and we think the HyperComply product line is best in class.”
-Ameet Shah, Golden Ventures
While the startup’s focus to date has been on automating the security questionnaire, HyperComply sees a long-term opportunity to move beyond the questionnaire entirely. The startup believes that firms should be able to assess risk “in a single click, instantly seeing whether another company meets security and compliance requirements.” Chahal believes HyperComply can become “this source of truth for third-party risk management,” allowing companies to quickly digest SOC 2, HIPPAA, PCI, and other compliance information on an ongoing basis.
Golden Ventures partner Ameet Shah, who sits on HyperComply’s board of directors, noted that applied artificial intelligence (AI) is one of Golden Ventures’ favourite categories to invest in, citing the VC firm’s support of startups like BenchSci and Forma.ai.
“We think the opportunities around automation can help businesses of all types,” Shah told BetaKit. “Whenever you have highly-skilled workers executing manual (but mission-critical) tasks such as security questionnaires, there’s an opportunity to drive efficiencies.”
Shah knows the security review process well—early in his career, he worked as a sales engineer, completing these audits in order to close deals. “Compliance was and is a necessary evil between buyers and sellers of software,” wrote Shah in a blog post announcing Golden Ventures’ investment. “Then, and even now, both sides are limited with the tooling they have to support the process.”
Shah told BetaKit that he sees “a lot of whitespace” in the category HyperComply serves, and plenty of room for the startup to continue growing. “Given the massive adoption of SaaS in the enterprise, the pain point they’re going after is only growing—every at-scale organization will need a solution, and we think the HyperComply product line is best in class,” he said.
Feature image of Amar Chahal and Cody Wright, courtesy HyperComply.