The Governance, Risk, and Compliance (GRC) market faces a critical staffing crisis, with 57% of security professionals reporting understaffed teams and 41% citing time constraints as the primary challenge in conducting annual cyber risk assessments. Traditional GRC approaches—cobbling together point solutions or spending countless hours coding complex configurations—create inefficiencies, blind spots, and leave organizations constantly questioning their security posture. Compyl turns GRC complexity into data-driven insights and AI-guided action, unifying and contextualizing enterprise data in real-time while providing unmatched flexibility to adapt to unique business processes. The platform enables compliance and security teams to proactively manage risk, streamline workflows, and maintain continuous compliance to protect and grow revenue, all without requiring heavy IT development or manual workarounds. Since its founding in 2020, the company has doubled its customer base in each of the last two years while achieving triple-digit year-over-year ARR growth.
AlleyWatch sat down with Compyl CEO and Founder Stas Bojoukha to learn more about the business, its future plans, recent funding round, and much, much more…
Who were your investors and how much did you raise?
Compyl closed $12M in Series A funding. The round was led by Venture Guides, an early-stage infrastructure software venture capital firm, with participation from existing investors Contour Venture Partners, Armory Square Ventures, nvp capital, Alpine Meridian Ventures, Brooklyn Bridge Ventures, and Zelkova Ventures.
Tell us about the product or service that Compyl offers.
According to ISACA, 57% of security professionals report that their teams are understaffed, and 41% cite time commitment as the primary challenge in conducting annual cyber risk assessments.
Compyl turns GRC complexity into data-driven insights and AI-guided action to reduce risk, ensure compliance, and drive growth. By unifying and contextualizing enterprise data in real time and providing unmatched flexibility to adapt to your business processes, Compyl enables compliance and security teams to proactively manage risk, streamline workflows, and maintain continuous compliance to protect and grow revenue.
What inspired the start of Compyl?
I founded Compyl with Simon Shaddock in 2020. With the growth in the frequency and types of cyber attacks and increasing regulatory requirements, we recognized the growing complexity of managing compliance, risk, and security.
Existing approaches—cobbling together various point solutions or spending hours coding and configuring complex solutions—were not just outdated but inherently flawed. These approaches caused inefficiencies, blind spots, and left them constantly questioning, “Are we really secure?”
We also realized that existing solutions didn’t fully utilize all the rich data available across the organization or reflect the interconnected nature of governance, compliance and risk. Our goal was to harness a rich set of data from across the organization and get a single, unified view of GRC to give them clear visibility into the effectiveness of their information security program. And, it had to be simple, flexible and configurable.
How is Compyl different?
Compyl sets a new standard for governance, risk and compliance (GRC) by uncovering hidden risks and gaps lurking in disconnected data, delivering real-time contextual insights, automating security benchmark checks, and continuously monitoring risk and compliance to automate their customers’ GRC initiatives and shift to a proactive, strategic approach to GRC while reducing time and cost.
Unlike many other GRC solutions, Compyl builds all its integrations without using third parties to keep GRC teams in control and with full access to all ingested enterprise data without unnecessary third-party risk. The platform uniquely correlates all relevant data, automates workflows, and provides AI-guided action to save time and proactively mitigate risks.
Finally, Compyl provides the flexibility to adapt GRC process, on-screen fields, workflows, dashboards and reporting to each organization’s unique needs without coding or a heavy lift. Compyl is built to support the way that works best for each organization providing an alternative to solutions with rigid structures, static reporting or heavy IT coding requirements.
What market does Compyl target and how big is it?
The Governance, Risk, and Compliance (GRC) market is large and is experiencing significant growth—estimated CAGR of 11% to 13.4%— driven by increasing regulatory requirements and the need for robust risk management. Compyl targets mid-market and lower enterprise companies. We target organizations in software/high tech, financial services, healthcare and other highly regulated industries and growing organizations looking to scale and mature their information security programs.
What’s your business model?
Comply goes to market through both direct sales and channel partners
How are you preparing for a potential economic slowdown?
At Compyl, we’re proactive in ensuring financial resilience and operational efficiency. We’ve built a scalable, capital-efficient business with a clear focus on sustainable growth. In preparation for economic uncertainty, we’re prioritizing high-ROI initiatives, optimizing spend, and ensuring our product roadmap aligns with long-term customer value. We’re also doubling down on strong customer relationships and expanding use cases within existing accounts, ensuring a robust base of recurring revenue.
What was the funding process like?
The funding process was catalyzed by an introduction at a prominent cybersecurity industry event. The momentum was largely inbound, which we believe underscores both the relevance of our platform in today’s security landscape and the strength of our execution to date. Investors were already attuned to the need for modern GRC solutions, and our market traction made us a compelling opportunity.
What are the biggest challenges that you faced while raising capital?
One of the biggest challenges was educating investors on how dynamic and fragmented the GRC space remains—despite being a critical function for regulated companies. Demonstrating that Compyl goes beyond traditional compliance by offering a comprehensive, integrated platform required clear differentiation and strong proof points. Additionally, navigating the broader market’s cautious sentiment around venture capital made strategic positioning even more essential.
What factors about your business led your investors to write the check?
Investors were drawn to several core elements: our experienced team, the growing demand for consolidated GRC tools, our strong revenue retention metrics, and the platform’s technical depth. Our ability to automate workflows, drive operational efficiencies for security teams, and grow through product-led expansion showed them that Compyl is positioned not just as a point solution, but as a system of record in the space.
What are the milestones you plan to achieve in the next six months?
In the near term, we’re focused on expanding our go-to-market operations, accelerating product development (particularly around AI-driven capabilities), and strengthening integrations with broader enterprise ecosystems. We’re also targeting strategic customer wins in highly regulated sectors and plan to grow our team selectively to support these goals.
What advice can you offer companies in New York that do not have a fresh injection of capital in the bank?
Stay close to your customers. Make sure your roadmap reflects real-world needs and build with a strong bias toward efficiency. Fundraising is one path, but profitability or break-even operation can be equally powerful. In lean times, companies that solve urgent problems and demonstrate discipline often emerge stronger and with more investor interest when the market rebounds.
Where do you see the company going now over the near term?
We’re entering a phase of focused expansion—deepening our presence in core verticals, enhancing product intelligence, and expanding partnerships. Our mission remains to simplify and automate complex compliance and security processes, and we’re committed to leading the next generation of GRC innovation.
What’s your favorite spring destination in and around the city?
The ferry over to Red Hook in Brooklyn. Getting to see some amazing views of the city and the get to enjoy some fantastic BBQ.
