Gili Raanan’s Sunrise payments model suspended as CISOs question ethics
Gili Raanan’s Sunrise payments model suspended as CISOs question ethics
Concerns over influence and incentives prompt high-profile withdrawals, challenging Cyberstarts’ consulting approach.
"Cynical allegations about ethical problems in the Sunrise program have forced us to suspend payments within the program. To be perfectly clear, the Sunrise program is not going anywhere. It’s one of our proudest achievements to connect practitioners at leading companies with up-and-coming startups," wrote Gili Raanan, founder of the Cyberstarts venture capital fund, in a June 27 letter sent to 75 cyber executives (CISOs). These executives participated in Cyberstarts' Sunrise program, which offers profit-sharing in exchange for their advice to startups. This letter, uncovered in an in-depth Forbes investigation, was sent following a June 13 Calcalist report highlighting the controversial model behind Cyberstarts. The Calcalist article, titled "The Gili Ra’anan model: Questions emerging from Cyberstarts' remarkable success," provided a first look behind the scenes of this highly successful cybersecurity-focused fund.
The Sunrise model recruits CISOs as advisors for product development, with an incentive to earn tens of thousands of dollars as they deepen ties with Cyberstarts portfolio companies, accelerating these companies' growth. According to Forbes, major companies such as Chipotle, JLL, and Takeda—whose cybersecurity leaders participated in Sunrise—have signed multiple contracts with Cyberstarts-backed startups. However, JLL and Takeda insist their cyber executives received no rewards from Cyberstarts for purchasing these services. To some cyber industry veterans, it remains unclear why large corporations would adopt products from early-stage startups. Forbes reviewed documents suggesting that some CISOs may have received compensation of up to $250,000 for their participation.
Since Calcalist's report, about one-third of cyber executives in the Sunrise program have been removed from the Cyberstarts website. In some cases, corporate contracts with Cyberstarts portfolio companies have not been renewed. “I walked away because it started to be more aggressive,” one participating CISO told Forbes. “Where it crossed the line for me was where CISOs started to influence decision-making within their own firms to promote products,” a second noted. Two other executives shared similar views: “I was completely aghast. It was against my principles,” one said after receiving the program’s compensation ‘menu’. Another executive remarked on the program's "gray areas" and potential conflicts of interest.
According to Forbes, one long-standing investor in Cyberstarts declined to participate in its latest fundraising round due to ethical concerns raised in Calcalist's report. Raanan denied this, asserting that the latest $60 million fund was oversubscribed and that the amount was limited to a modest level, considering the fund's focus on early-stage investments.
Cyberstarts, led by Raanan, has funded several successful Israeli cybersecurity firms, including unicorns such as Wiz, which recently turned down a $23 billion acquisition offer from Google, as well as Cyera and Fireblocks. Since its founding in 2018, Cyberstarts companies have seen exits totaling $1.6 billion. This rapid success is attributed to early partnerships with major U.S. companies, which help position Cyberstarts startups for subsequent funding rounds. Though consulting with cybersecurity managers to identify organizational pain points is common in venture capital, Forbes revealed that Cyberstarts extended this approach beyond consultation to include influence over purchasing decisions, drawing comparisons to how financial incentives in other sectors can affect objectivity.
In a recent conversation with Forbes, Raanan mentioned that half of participating security managers opted into financial rewards. However, in a subsequent interview, he adjusted the figure to 20%. Regarding the program suspension, Raanan explained that CISOs involved in Sunrise began facing excessive inquiries, creating what he called a “perception issue.” He emphasized that, ultimately, the program is not essential to the fund.
