French startup Riot has raised a $30 million Series B round after reaching $10 million in annual revenue in 2024. Originally focused on educating employees about cybersecurity risks, the company now wants to go one step further and nudge employees so that they minimize their attack surface.

Left Lane Capital is leading today’s round with existing investors Y Combinator, Base10 and FundersClub participating once again. From what TechCrunch has learned, Riot’s has reached a post-money valuation north of $170 million following the Series B round.

Riot originally started with fake phishing campaigns. Employees regularly receive emails that look like real emails. But they’re designed to trick employees into clicking on the links and entering personal information.

This way, employees learn that they should be more suspicious about incoming emails. Over time, the company added other educational content with a friendly security chatbot called Albert. It can be accessed on Slack and Microsoft Teams.

That strategy has been working well so far, as Riot currently interacts with one million employees across 1,500 companies. Clients include L’Occitane, Deel, Intercom and Le Monde. (A couple of years ago, Riot only worked with 100,000 employees.)

And yet, cyber incidents are still on the rise with widespread consequences. A recent example is the Change Healthcare data breach that is affecting 190 million Americans and started with compromised credentials on a consumer service. An employee reused the same password for their personal account and Change Healthcare’s Citrix portal — there was no multifactor authentication on Citrix, either.

That’s why Riot wants to grow beyond educating employees. “Our job is to look at employees’ posture. Do they activate multifactor authentication? Do they have a secure code on their smartphone? Are their privacy settings on LinkedIn not too permissive? There are plenty of things that employees can put in place that will generally make life more difficult for hackers,” Riot founder and CEO Benjamin Netter told TechCrunch.

Riot calls its next product an Employee Security Posture Management platform. It’s going to become a central cockpit to manage security at the employee’s level. While there are many Posture Management solutions, Riot believes employees have been neglected for too long.

Here’s where it would fit in the cybersecurity landscape based on the company’s pitch deck:

“What we’re creating with the platform is that we’re going to automatically analyze the employees’ security … and we’re going to give a score, which we’ve called a karma score, which will be an indicator of the employee’s posture,” Netter said.

After that, Riot will nudge the employee to change a setting here, activate multifactor authentication there. “It’s the little things you can do that will take you a minute or two, and that will basically make life difficult for hackers,” Netter added.

This is going to be an interesting challenge for Riot, as employee security also depends on their cyber hygiene on personal devices and services. Phishing campaigns now also happen on WhatsApp. LinkedIn profiles are widely used for social engineering attacks as well.

That’s why this new security product will look a bit more like a consumer product, with nice animations and some gamification features to incentivize you to improve your security posture.

“My long-term vision is to build an employee security company and to provide all the tools in the employee security stack. So it’s possible that one day we will make — I’ll give you a silly example — an antivirus or a password manager,” Netter said.

But first, with today’s funding round, the company also has more cash to grow more rapidly. The team plans to open new offices in other countries and grow its client base to develop those more sophisticated products.

French startup Riot has raised a $30 million Series B round after reaching $10 million in annual revenue in 2024. Originally focused on educating employees about cybersecurity risks, the company now wants to go one step further and nudge employees so that they minimize their attack surface.

Left Lane Capital is leading today’s round with existing investors Y Combinator, Base10 and FundersClub participating once again. From what TechCrunch has learned, Riot’s has reached a post-money valuation north of $170 million following the Series B round.

Riot originally started with fake phishing campaigns. Employees regularly receive emails that look like real emails. But they’re designed to trick employees into clicking on the links and entering personal information.

This way, employees learn that they should be more suspicious about incoming emails. Over time, the company added other educational content with a friendly security chatbot called Albert. It can be accessed on Slack and Microsoft Teams.

That strategy has been working well so far, as Riot currently interacts with one million employees across 1,500 companies. Clients include L’Occitane, Deel, Intercom and Le Monde. (A couple of years ago, Riot only worked with 100,000 employees.)

And yet, cyber incidents are still on the rise with widespread consequences. A recent example is the Change Healthcare data breach that is affecting 190 million Americans and started with compromised credentials on a consumer service. An employee reused the same password for their personal account and Change Healthcare’s Citrix portal — there was no multifactor authentication on Citrix, either.

That’s why Riot wants to grow beyond educating employees. “Our job is to look at employees’ posture. Do they activate multifactor authentication? Do they have a secure code on their smartphone? Are their privacy settings on LinkedIn not too permissive? There are plenty of things that employees can put in place that will generally make life more difficult for hackers,” Riot founder and CEO Benjamin Netter told TechCrunch.

Riot calls its next product an Employee Security Posture Management platform. It’s going to become a central cockpit to manage security at the employee’s level. While there are many Posture Management solutions, Riot believes employees have been neglected for too long.

Here’s where it would fit in the cybersecurity landscape based on the company’s pitch deck:

“What we’re creating with the platform is that we’re going to automatically analyze the employees’ security … and we’re going to give a score, which we’ve called a karma score, which will be an indicator of the employee’s posture,” Netter said.

After that, Riot will nudge the employee to change a setting here, activate multifactor authentication there. “It’s the little things you can do that will take you a minute or two, and that will basically make life difficult for hackers,” Netter added.

This is going to be an interesting challenge for Riot, as employee security also depends on their cyber hygiene on personal devices and services. Phishing campaigns now also happen on WhatsApp. LinkedIn profiles are widely used for social engineering attacks as well.

That’s why this new security product will look a bit more like a consumer product, with nice animations and some gamification features to incentivize you to improve your security posture.

“My long-term vision is to build an employee security company and to provide all the tools in the employee security stack. So it’s possible that one day we will make — I’ll give you a silly example — an antivirus or a password manager,” Netter said.

But first, with today’s funding round, the company also has more cash to grow more rapidly. The team plans to open new offices in other countries and grow its client base to develop those more sophisticated products.