It will use the capital to bolster platform capabilities, integrate gen AI applications to streamline manual tasks for risk and compliance teams, and extend operations into the North American and European markets
Governance, risk and compliance (GRC) platform Scrut Automation has raised $10 million in growth capital from existing investors Lightspeed, MassMutual Ventures and Endiya Partners. The company will use the funding to enhance their platform capabilities, incorporate generative AI use cases to reduce the manual effort for risk and compliance teams, and expand to North American and European markets.
With this round, the company has now raised $20.5 million in total venture funding since its inception in 2021.
Scrut Automation was created to address the unique risk and compliance challenges faced by tech-first mid-market businesses in highly regulated industries. These companies grapple with stringent compliance requirements from regulators and industry bodies, and mounting pressure to keep risk under the threshold, but are often hindered by limited budgets and understaffed teams.
Moreover, a rapidly evolving threat landscape, accelerated by the adoption of generative AI, massive layoffs in cybersecurity teams, and the counter-intuitive, yet very real increasing skill gap in cybersecurity further exacerbate the problem for the teams.
“Mid-market organizations have limited options,” said Aayush Ghosh Choudhury, co-founder and CEO of Scrut Automation. “They can buy off-the-shelf compliance automation tools that offer a one-size-fits-all approach to compliance, disconnected from the organizational risks; or invest in expensive enterprise-grade tools with year-long implementation and underutilized features.”
Scrut Automation provides a third option for companies that seek to build scalable GRC programs aligned with the organization’s goals, risks, and resources. It helps companies consolidate their compliance and risk management processes while contextualizing their risks, reducing duplication of effort, and automating control monitoring.
A core USP for Scrut is offering an extremely high degree of flexibility in creating GRC programs that fit closely with the customer’s environment. For example, a financial services company in the lending space will have very different regulations, compliance frameworks, and risks from a healthcare services company for hospitals.
“Scrut accounts for this context as the platform adapts seamlessly to these differences. We have also built practice areas for regulated industries like healthcare, financial services, and enterprise software, that allow the platform to embed expertise in addition to automation,” added Choudhury.
The platform pairs this configurability with deep automation capabilities and a proprietary unifying control framework. Integrating across a growing library of over 75 products, it automates tests across more than 70% of the controls, reducing manual effort in chasing control owners and capturing evidence.
This enables GRC teams to get near-real-time visibility into their risk and compliance posture, enabling them to take corrective action on time. The unifying control framework ties the organization’s controls to compliance requirements, which eliminates the duplicate effort required to demonstrate compliance with different frameworks.
As Scrut continues to grow, it aims to help mid-market companies build strong risk and compliance management practices with reduced dependency on human capacity and expertise, through an AI-first GRC concierge.
"A strong security posture has always been a core need for large enterprises globally. Given the increase in the number of breaches and attacks over the past few years as well as an increase in regulatory compliance requirements, mid-size enterprises are now adopting strong GRC practices. Scrut's user-friendly and market-leading platform reduces this burden for security and GRC teams. We are happy to reaffirm our commitment to supporting the Scrut team," said Dev Khare, Partner at Lightspeed.
Anvesh Ramineni, managing partner at MassMutual Ventures added that legacy GRC products are built for enterprises, but fail to meet the needs of high-growth tech-first companies. “Scrut Automation is built specifically to cater to their needs and addresses their pain points seamlessly. We're excited to support Aayush, Jayesh Gadewar, Kush Kaushik, and the Scrut team in building one of the fastest-growing GRC platforms globally,” he claimed.
Prior to Scrut Automation, co-founders Choudhury and Gadewar were building a procurement suite, where they spent months trying to fulfill the risk and compliance needs of their enterprise customers. Recognizing this widespread pain, they teamed up with Kaushik to navigate the challenging terrain of compliance and built Scrut Automation, and have since helped over 800 customers worldwide build enterprise-grade GRC programs.
The company has also added angels and advisors from SaaS and cybersecurity sectors, including Sandeep Johri, CEO of CheckMarx, Sachin Lawande, CEO of Visteon, Vetri Vellore, ex-corporate VP at Microsoft, Naresh Agarwal, head of India R&D for Traceable, Davis Hake, co-founder of Resilience, Shreesha Ramdas, ex-SVP at Medallia, and Todd Dekkinga, CISO of Zluri.