Hack the Box Gets $55M to Fight Cybercrime


Hack the Box has gotten $55 million in its campaign to help businesses fight cybercrime.

The U.K. company, which bills itself as a “gamified continuous cybersecurity upskilling, certification, and talent assessment platform,” announced the Series B funding in a news release Wednesday (Jan. 11).

Hack the Box (HTB) says it will use the investment, led by the Carlyle Group, to fund research and development, and enhance its go-to-market function as it expands in the US, Europe, and the Asia/Pacific region.

“The game in cyber has changed, with defensive, reactive and recovery postures not being fit-for-purpose in the face of an ever-increasing and ever-evolving wave of sophisticated attacks,” founder and CEO Haris Pylarinos said in the announcement. “A new proactive offensive and defensive approach is needed to take the fight to cybercriminals rather than waiting to be hit.”

Founded in 2017, Hack the Box offers a platform for individuals, businesses, schools, and government entities to train themselves on their cybersecurity abilities.

The company says customers turn to it to assess how secure their organizations seem from the hacker’s point of view and to “address the weakest link in cyber — the human element” by evaluating their in-house and external cyber talent.

Last year, PYMNTS looked at how the “human element” plays a role in cybercrime by examining “business email compromise” (BEC), which happens when criminals impersonate company executives or business partners to trick employees into diverting funds their way.

It is the costliest form of cybercrime, to the tune of $2.4 billion in 2021 and accounting for fully one-third of all the money lost to cybercrime, according to the November edition of the “B2B Payments Fraud Tracker®” series, “The Hidden Costs of B2B Payments Fraud,” a PYMNTS and nsKnox collaboration.

“Beyond the monetary costs, businesses that fall victim to BEC must also cope with reputational damage if the incident is publicized, as nearly 60% of the cases are attributed to company insiders who acted negligently or with malicious intent,” PYMNTS wrote.

Meanwhile, cyberattacks could grow to the point that they become “uninsurable,” the CEO of Europe’s Zurich Insurance said last month.

In an interview with the Financial Times, Mario Greco said that cyberattacks could pose a larger threat to insurers than systemic issues such as climate change and pandemics.

“What will become uninsurable is going to be cyber,” he said. “What if someone takes control of vital parts of our infrastructure, the consequences of that?”

It’s not only a matter of data privacy, Greco added.

“First off, there must be a perception that this is not just data … this is about civilization,” he said. “These people can severely disrupt our lives.”

Greco told the FT there was a limit to what the private sector can absorb when it came to underwriting losses from cyberattacks.

He said the world’s governments need to “set up private-public schemes to handle systemic cyber risks that can’t be quantified, similar to those that exist in some jurisdictions for earthquakes or terror attacks.”

For all PYMNTS EMEA coverage, subscribe to the daily EMEA Newsletter.