RegScale, a pioneering company in Continuous Controls Monitoring (CCM), has recently announced that it has raised over $30 million in a Series B funding round. This round was oversubscribed, meaning that more investors were eager to participate than there were shares available. The lead investor in this round was Washington Harbour Partners, and RegScale also welcomed investments from notable newcomers such as M12, which is Microsoft’s Venture Fund, along with Hitachi Ventures and Ankona Capital. Existing investors like SYN Ventures and SineWave Ventures also continued to support the company in this funding effort.
This significant influx of capital is a clear indication of the growing recognition among customers and investors that RegScale is set to transform the way cyber governance, risk, and compliance (GRC) is handled. Instead of merely creating another option in the GRC marketplace, RegScale is redefining compliance altogether. The company is transitioning compliance from a tedious and manual checklist process to a dynamic, real-time, and automated platform, which is particularly beneficial for businesses and organizations operating in heavily regulated industries.
With this new funding, RegScale aims to solidify its leadership position in the GRC market, which is estimated to be valued at over $50 billion. The company plans to make key hires in both research and development as well as sales, which will enable it to provide even more value to its growing customer base. Additionally, the funds will accelerate the development of RegScale’s innovative RegML, an industry-leading artificial intelligence roadmap.
This roadmap focuses on enhancing the capabilities of the CCM platform by incorporating AI agents designed to continuously monitor compliance, automate the processes of collecting and reviewing evidence, conduct comprehensive audits, and analyze risks. These advanced features are unique to RegScale, setting it apart from other providers who might not deliver the same level of security and scalability.
Furthermore, the recent funding positions RegScale to extend its services into new sectors. While it already serves government agencies, financial services, and high-tech organizations, the company is now focusing on expanding into industries such as energy and utilities, where ongoing compliance and security assurances are crucial.
As cyberattacks continue to rise, and with nation-states and cybercriminals increasingly exploiting compliance gaps, organizations find themselves under more pressure than ever. Budget constraints are leading to a demand for more efficiency, and businesses cannot afford to rely solely on traditional GRC methods and manual processes, which often feel like just checking off boxes. Chief Information Security Officers (CISOs) require a solution that enables them to operationalize their risk management programs and maintain real-time assurance that their controls are effective against an increasingly diverse range of cybersecurity threats. RegScale is leading the way in facilitating this transition.
Customers of RegScale have reported impressive results since adopting the platform. They indicate that their audit preparation time has decreased by an average of 60%. Additionally, organizations are experiencing authorization processes for FedRAMP High that are three to four times faster than before. The accuracy of compliance activities has also seen improvements of up to 80%, due to the integration of AI and automation, which can enhance staff efficiency by a factor of ten or more.
RegScale is committed to promoting industry standards and best practices. It plays a prominent role as the lead affiliate for the Cyber Risk Institute’s OSCAL initiative, is a founding member of the OSCAL Foundation, participates in the Cloud Security Alliance’s Compliance Automation Revolution, and contributes to initiatives such as FedRAMP 20x. The effectiveness of RegScale’s platform has not gone unnoticed; it has garnered industry accolades, including being named Best Compliance Solution by SC Media and recognized as an industry leader by Gartner.
The maturity of RegScale’s platform is also evidenced by its recent achievement of FedRAMP High Authorization, which the Department of Homeland Security sponsored. The company completed this process at half the usual cost and in just six months, which is swiftly compared to the 18 to 24 months that is typically expected for such authorizations.
Within RegScale, the company is experiencing remarkable growth. Its Annual Recurring Revenue (ARR) has tripled year-over-year, indicating strong market demand and customer retention. Key enterprise and federal clients are coming on board, and the team has expanded significantly with notable hires. New leaders, including Devon Goforth as Chief Technology Officer and Rich Shirley as Vice President of Strategic Partnerships, have joined, contributing to the momentum and strategic direction of the company.
KEY QUOTES:
“We invested in RegScale because the stakes could not be higher. Protecting critical infrastructure and high-value assets must be achievable, scalable, and resilient. RegScale has the technology, leadership, deep expertise, and market traction to transform GRC from a cost center into a force multiplier for security and resilience. With compliance debt dragging down agencies and enterprises alike, the company doesn’t just check compliance boxes; it increases security effectiveness while cutting compliance costs.”
Mina Faltas, Founder and CIO, Washington Harbour Partners
“RegScale is transforming GRC from a consultant-driven, expensive, checklist-based compliance burden into real-time resilience and dynamic operational control assurance. By automating continuous controls monitoring, RegScale is leading the industry in how compliance can become a driver of competitive advantage and mission speed, not a barrier to innovation.”
Wolfgang Seibold, Partner & CFO at Hitachi Ventures
“CISOs are faced with ensuring the systems that keep our country running can withstand increasingly sophisticated cyber threats. From homeland security missions, to the grid, to our leading cloud service providers, to global banking transactions, every compliance gap can quickly become an operational catastrophe or worse, a national security risk. RegScale was built to close those gaps in real time while cutting costs and accelerating missions. We have assembled a world class leadership team that is laser focused on automating all aspects of risk and compliance. This funding allows us to double down: scaling our go-to-market team, expanding our platform capabilities, and accelerating our pace of innovation. The future of cyber GRC isn’t just manual paperwork, it’s your AI-powered Risk and Compliance Co-Pilot that accelerates your digital transformation efforts while simultaneously improving your security posture and cost basis.”
Travis Howerton, Co-Founder and CEO of RegScale
