In the digital age where data is the new oil, safeguarding it against cyberattacks has become more important than ever. Passbolt has cracked that code and is setting such a high standard for data protection and privacy that increasing numbers of multinationals and institutions around the world are adopting its technology. CEO Kevin Muller talks about Passbolt’s impressive growth, its battle with billion-dollar companies and new features.
Many successful startups of the past few decades have one thing in common: they identified an industry-wide inefficiency or problem that they solved with a smart tech solution. The really successful ones, however, attempt to solve a problem that needs solving across industries. Passbolt has identified one such problem and is competing against industry giants to grab the biggest slice of the growing pie.
The pandemic’s push for companies to rapidly adopt digital measures has led to an unprecedented surge in cyber attacks. A report from Check Point Research revealed a 38% increase in global cyber attacks in 2022 compared to the previous year.
“Since I started working in this field, I have never seen cyber attacks stabilising or decelerating, they are always on the rise,” says Kevin Muller, CEO of Passbolt.
These attacks, if successful, don’t just detract from the daily work of companies, they can also cost them dearly. Indeed, the global average cost of a data breach in 2023 was put at $4.5m according to IBM’s latest figures.
As many established companies are scrambling to make up for the bad security practices they adopted during the pandemic, new companies are confronted with the fact that cybersecurity issues are an inescapable part of any modern company.
“We live in a time where every company needs to become a tech company. Even if you are producing everything by hand, at some point you will need to go into digital marketing and automate part of your production, which will require at least one server, one computer and one guy to manage that,” explains
Kevin Muller, Passbolt CEO and founder
Currently, there are an estimated 30 million tech teams worldwide, a number that is growing at a pace of 20% per year according to Kevin. While this is great news for Passbolt, the challenge lies in convincing the largest possible share of this number to opt for Passbolt over its competitors.
Collaboration first
The first and arguably most important aspect in which Passport stands out from many of its competitors is that it’s built for collaboration. As the scale up’s password manager is built by tech teams for tech teams, Passbolt has a deep understanding of their collaboration needs.
“Other tools available on the market are not built for collaboration, most of them are basically just a glorified vault,” explains Kevin.
The high flexibility, advanced permission controls, and machine-to-machine connection capabilities of Passbolt’s technology are among the features that lead Kevin to describe Passbolt as the “Google Drive of password managers.”
Tech-savvy security
While these collaboration features make Passbolt a highly sought after password manager of IT companies, public institutions and defence agencies are more likely to seek out Passbolt for its security benefits.
“95% of all cyber attacks target your credentials which are stored somewhere by the company. Or the attackers will try to force you to provide your credentials by pretending that they are someone else,” explains Kevin.
By providing end-to-end encryption and giving users control of their own encryption keys, Passbolt is doing something that “9 out 10 password managers say they do but don’t actually do”.
Companies wishing to step up their security can even host their passwords behind their own firewalls or in an air-gapped environment (cut off from the internet).
“Air-gapped environments are interesting because anything that is connected to the internet becomes a surface of attack. Now, if you disconnect yourself from the internet, the attacker would have to physically enter your office or server to hack it, so it becomes a lot more protected,” explains Kevin.
Open-source flexibility
Passbolt is open source, which allows users to install the solution on their own servers and audit it and it helps them prevent lock-in effects. Being headquartered in Luxembourg and with a solution that is GDPR-compliant has also tempted more than one American company to jump across the pond.
“You would think that American institutions and companies would prefer working with US-based solutions but some of them have told us explicitly that they prefer EU-based solutions because they think they are better for privacy reasons.”
Kevin Muller, Passbolt CEO and founder.
David vs Goliath
On paper, this sounds convincing to the non-cyber expert. But are these aspects enough to take on their biggest competitors such as 1Password, a Canadian-based company that is valued at almost 7bn and has already raised a cumulative $920m in funding?
“Considering these numbers and our means, I think it’s a miracle to see what we have already accomplished,” says Kevin.
To date, Passbolt has raised €5m over two rounds and while this number pales in comparison to 1Password’s, Passbolt has successfully been servicing 1,500 customers and 300k daily users with its team of 30 employees (1Password has almost 1,000 employees).
While it appears that Passbolt’s know-how, technical expertise and privacy guarantees are convincing more and more organisations and companies around the world, when it comes to standing out in the realm of online marketing funding is critical.
“If you have a lot of funding, you can massively invest in performance marketing, which basically means paying to get keywords on Google Ads. For these keywords, there is a bidding system so a lower marketing budget obviously means you’re losing out on visibility. So we have to be smarter in our execution than some companies.”
Kevin Muller, Passbolt CEO and founder.
Betting on tech
Having relied mainly on word of mouth to get their product adopted by companies across the world, Passbolt has now entered a growth stage where a new approach to marketing has become necessary.
“We are not trying to compete with companies face to face. Our strong tech positioning, which is different from most password managers, definitely plays in our favour,” explains Kevin.
As a purely b2b, tech-focused company, Passbolt has some advantages, but even those are not always enough.
“Once we land a customer and expand, often across the entire organisation, we meet other solutions in the middle and then it comes down to the quality of the decision maker and their expertise in the specific solution,” explains Kevin.
Luckily for Passbolt, most organisations and companies leave matters of security in the hands of tech experts who tend to rule in their favour.
“Our champions are the ones who get to make the call in the company. These are heads of security and infrastructure, CFOs or CTOs. They are the ones who read the fine print and who will also make an effort to understand what’s written in our security white paper.”
Kevin Muller, Passbolt CEO and founder.
Pursuing enterprises
While the road ahead for Passbolt is not an easy one, the company’s recent participation in Google for Startups Growth Academy has reaffirmed their belief that they are on the right track.
“Google’s programme did for us at our current stage what Fit 4 Start did for us a few years ago when we were about to launch our first commercial offer. Google’s programme helped us build certainty that our main focus was the product and that we were doing most things right,” explains Kevin.
The programme also highlighted that Passbolt’s product has entered a new stage of maturity in which larger enterprises are buying its product. As the sales process for these kinds of customers is very different, Passbolt has adapted its sales strategy and assembled a team solely focused on enterprise sales.
More customers, more features
Following a hockey stick growth at a rate of 2x/year, Passbolt exhibits many of the markers of a big tech player in the making. However, the more companies come knocking on Passbolt’s end-to-end encrypted doors, the more demands for new features they get.
“One of the difficulties as we progress and are onboarding more and more customers is that they want more and more things in the product,” says Kevin.
Passbolt now finds itself in a fine balancing act between satisfying its core customer base and staying true to its tech leanings while also widening its approach to achieve the goal of having 10 million teams signed under Passbolt.
Luckily, the team is not at a loss for answers or skills and is preparing to implement an exciting new feature that almost no one on the market is using yet.
“We are getting ready to implement new use cases that are related to pass keys and passwordless technology. Making use of biometrics, these features will allow companies to implement passwordless authentication scenarios for users. For anyone outside of tech teams, this will become the most secure way to handle their passwords,” concludes Kevin.
This article was first published in the Silicon Luxembourg magazine. Read the full digital version of the magazine on our website, here. You can also choose to receive a hard copy at the office or at home. Subscribe now.
