As ransomware attacks became more frequent and costly in 2023, a Westerville startup that helps websites get back online almost instantly nearly tripled sales over the prior year.
Cayosoft Inc. last week raised $22.5 million – after five years growing solely by revenue – to jump-start an international sales expansion, said co-founder and CEO Bob Bobel. The software works within the Microsoft Corp. system known as Active Directory, which about 90% of the Fortune 1000 use for managing user identities and access permission.
"We call it the trifecta of management for Microsoft: managing, monitoring for change and recovery," Bobel said. "If the worst possible situation arises and you’re the victim of the ransomware attack, we’re there to help you get back."
Besides outside attacks, directory problems also can arise from simple user error. One healthcare client going through a trial period suddenly found 4,400 doctors and clinicians had been locked out of its system. Cayosoft figured out the unintentional deletion of one profile had cascaded.
"They called our engineer on a Sunday," Bobel said. "With the click of a button, we restored that."
Centana Growth Partners, a private equity firm with offices in Silicon Valley and New York City, led the Series A round. KPMG Corporate Finance was Cayosoft's investment banking adviser as it embarked on its first outside funding.
Cayosoft's "game-changing approach" aligns with the investment firm's experience investing in authentication and other identity-related software, Eric Byunn, Centana co-founder and partner, said in a release.
“Active Directory outages are a universal issue with immense financial and operational implications for businesses of every size and the market opportunity for a truly instant recovery solution is undeniable,” Byunn said. "Our core focus within the financial services ecosystem provides a unique vantage point into the needs of highly regulated entities and large enterprises and it’s clear that the Cayosoft platform brings an entirely new level of speed and efficacy to (Active Directory) administration and recovery.”
The company has 58 employees, about half in North America, with a core of 15 reporting regularly to the Westerville office.
Andrei Polevoi, Cayosoft co-founder and CTO, leads a tech team in Armenia. The staff could grow to about 100 by year's end, largely international additions in sales and marketing, Bobel said.
Businesses reported nearly $60 million in losses to ransomware attacks to the FBI in 2023 and $2.9 billion in losses from compromise of business email accounts, according to the agency's internet crime report last week. The FBI notes only about 20% of victims report online crime.
In recent weeks, the U.S. healthcare system has been disrupted by a Russian group's attack on Change Healthcare, a health IT network handling large volumes of prescriptions and payments. Hospitals and smaller providers have asked the federal government to help because of lost revenue. A hacker forum said it appears Change parent UnitedHealth Group paid $22 million in ransom, the Nashville Business Journal reports, although the insurer did not confirm it.
An attack to Johnson Controls International in suburban Milwaukee in September cut profits by $57 million over six months, the Milwaukee Business Journal reported.
Other approaches to recovery involve restoring servers and rebuilding directories one by one, a process that can take months. Cayosoft has applied for a patent to its approach, creating a cloud-based "clone" in a separate secure network, so recovery is simply a matter of rerouting to the uncorrupted version.
That approach also has Cayosoft competing with the previous employer of its co-founders.
Bobel and Polevoi are among several alumni of Dublin's Aelita Software who went on to start Central Ohio companies. Both stayed with Quest Software when it acquired Aelita in 2004, and each left in 2012.
Aelita and Quest also built software for managing the Microsoft ecosystem, but that was when all enterprise software was kept in a company's on-premises servers or data center.
"We're doing a lot of direct replacements of the tools we built back in the day," he said.
Bobel started Cayo Software in his garage in 2013, as companies were starting to migrate to cloud computing. He chose cayo, Spanish for "small island," to represent the islands of data each organization represents in the cloud.
Legacy software does not work as well in the cloud, he said. Cayosoft works for on-premise and cloud directories, meaning customers can migrate without needing to change recovery tech. The company does support some Amazon Web Services clients and is starting a test product for Google's cloud.
Bobel drained his retirement accounts to keep going until finding product-market fit with recovery in late 2017, he said. Polevoi joined in 2018 and they re-incorporated as Cayosoft.
Since then, the company has grown by sixfold; revenue figures aren't disclosed. In the first years, it was steady annual growth of 20% or more, until really taking off last year.
"We were very fortunate – things went to plan," Bobel said.
