Q&A with CheckRecipient CEO, Tim Sadler on Building an Email Security AI Company
I’ve wanted to sit down with Tim since the announcement of their recent fundraise to solely discuss the future of email security and specifically, data loss prevention. Given the number of high profile attacks and data breaches recently, our conversation about the future of email security was that much more fascinating. (As a disclaimer, Crane invested in the seed round).
But first, who are they? CheckRecipient has built an email security platform that helps organisations protect against the risk of misaddressed emails and the consequences of highly sensitive information being sent to the wrong person. Their goal is to help organisations of all sizes prevent data loss in a manner that requires minimal effort from IT teams and doesn’t require end-user behaviour change.
What’s so powerful about CheckRecipient is their platform uses machine learning to automatically understand users’ email patterns and prevent both human error and fraudulent activity from within an organisation. They have dozens of companies using their product from a number of verticals including financial services, legal and tech. They are growing rapidly every month and have several new product releases planned for this year. CheckRecipient was founded by a team of Imperial College engineers, data scientists and mathematicians who spent their early careers in Investment Banking.
Q: How did you come up with the idea for CheckRecipient?
Tom, Ed and I came up with the idea when working in investment banking. We all met as engineering students at Imperial College and were constantly talking and proposing solutions for what we thought were some of the major inefficiencies and problems in large financial services organisations. After having multiple “training sessions” with compliance about the importance of addressing emails to the right people and seeing multiple M&A deals fall flat because of the problem we started to build a solution. Back then, our thesis was: the banks we worked for had huge security budgets and a plethora of existing email security products (encryption, SMTP gateways, data classifiers), why can’t they solve this problem?
Q: As an enterprise AI company, what was the hardest part about getting to product market fit?
I think product market fit is easily the most critical component of an early stage SaaS company and I’m not sure I agree that companies have ever truly ticked the “has PMF” checkbox, rather, the goalposts and expectations change given the stage of the company.
In the initial stages you’re looking for your first handful of paying customers. We actually went to market with the wrong product (purely rule-based rather than using machine learning to solve the problem of misaddressed emails) and the hardest part of the product market fit process at this stage was the length of the feedback loop in enterprise sales cycles. As the famous saying goes, “no” is the second best answer in sales. All of the early companies that we met with were giving us solid “maybes” and it takes months to actually bottom out that these are polite ways of declining to move forward.
Something I tell new founders now is that they should be looking to gain commitment for their first 5 pilots from a slide deck, if you’ve met with 50 customers and can’t do this then there’s something wrong, but at least you haven’t wasted time building the wrong thing.
Q: So how did you close your first five customers?
All of our marketing in the early days was conducted through cold outbound emails to CISO’s and IT Directors of companies that we thought would have a need to prevent the problem of misaddressed emails in their business. This actually proved to be surprisingly successful (the common misconception is that people don’t read cold emails, they often do, they just may not reply) and I actually think it’s a great litmus test for new founders who are trying to evaluate the market demand for the product or service that they’re building. After initial email exchanges with these companies we arranged demos, ran pilots and then closed the sale after that.
Q: When did you hire your first salesperson?
We hired our first salesperson in mid 2016 when we had our first 10 paying customers and felt that we understood the sales process enough to try and train another person to go and get more customers. The first salesperson is a really difficult hire for B2B startups. This isn’t a VP sales hire where you can allocate a huge budget and leverage relationships on a relatively large customer base, you’re trying to find someone who’s more founder-like and can work with a really under developed brand and product and make the proposition really compelling for the customer. Mark Roberge gives a great overview of how to hire your first salesperson in the Sales Acceleration Formula — in short, he says that startups should favour former founders with great versatility rather than super experienced sales reps from already established companies — I totally agree with this approach and it’s exactly what we did.
Q: How do you respond to people who think CheckRecipient is just a feature?
The classic VC question! I find people asking me this less and less now but I think people often put people in the ‘sinful’ #featurenotaplatform bucket when you’re initially focussing on solving one problem, really, really well. I actually think it’s a huge benefit for a technology company to be able to go to market this way and some of my favourite tech companies are great examples of this; Uber: gets you from point A to point B; Dropbox: let’s you share a file with someone; Swiftkey: a better keyboard for your phone. These are all hugely successful companies who hid enormous complexity behind simple, elegant solutions to big problems.
Our go to market strategy is land and expand — approach enterprises with a clear, compelling proposition for how to solve a single problem they have, then, with the additional training data and interaction we’ve had solving that problem, we can build additional email security solutions and layer them in as part of a wider platform (as we’re currently doing with our IP Theft Detection module).
I think complexity can be the killer when you’re a new player in the market. Focus allows you to quickly get to a yes/no decision with the customer and also limits the number of people who need to be involved with the purchasing decision in order to buy the product (if CheckRecipient also scanned your inbox for CRM enrichment then we’d have to sell to the VP Sales and VP Marketing in addition to the CISO). The irony is that for most enterprise sales I’d wager that it would be easier to sell them software that achieves a tenth of the functionality for ten times the price than vice versa.
Q: What’s your team’s number one focus right now?
If you asked the Business Development team at CheckRecipient to distil their work down into a single target I think it would be: solving for happy customers. As a B2B SaaS business, if you’re closing deals and keeping customers happy then theoretically you’ve significantly de-risked your business by avoiding the risk of churn and it should get easier and easier to acquire new customers as you’re existing customers are there to help with you with evangelism (lead gen for the sales team) and supporting you in closing new business by doing reference calls with incoming customers. In addition to these points though, with happy customers, you can be confident that you’ve really got something that’s adding value to the enterprise and solving a big enough pain point.
Q: CheckRecipient will soon be launching its first inbound email product. Given email was one of the main infection points of WannaCry, how will you be using machine learning to prevent malicious inbound emails?
Great question! We’re keeping pretty tight lipped about it until a more formal release later this year but essentially, if you reverse CheckRecipient’s algorithms from understanding if an email is appropriate for the person it’s being sent to, you can also understand whether inbound emails are appropriately linked to the person sending them.
