Identity First: Why 80% of Cyber Incidents Fuel Funding Surge Behind Saporo’s €7M Raise

What happened

Saporo, a Switzerland-based identity-security startup, announced it has secured €7 million in Series A funding. The round was led by TIN Capital, with participation from G+D Ventures, CDP Venture Capital (via its ServiceTech fund), XAnge, Lightbird VC, and Session VC.

Saporo builds a graph-native platform that maps identity relationships across on-premises and cloud systems, including user and machine identities, to reveal “attack paths” that adversaries could exploit. According to the company, these paths often number in the billions for large enterprises.

Who is affected

• Large enterprises, particularly those with hybrid identity infrastructures, are the primary target for Saporo’s solution.
• Industries with high regulatory or compliance demands, where identity complexity and access misconfigurations tend to be widespread.
• Security teams responsible for identity- and access-governance, who struggle with over-permissioning, shadow/admin accounts, and privilege-escalation risks across massive identity graphs.

Why CISOs should care

• Because ~80% of cyber incidents are now identity-based, according to Saporo, identity misuse, rather than malware or network vulnerabilities, has become the dominant threat vector.
• Traditional identity-security tools often fail to show attacker-centric risk paths; success depends not just on who can log in, but what they can do after they’ve logged in. As Saporo co-founder and CEO Olivier Eyries explains: “Attackers don’t break in — they log in.
• For CISOs managing cloud or hybrid environments, ignoring identity-based attack surfaces means overlooking systemic risk at scale; a single compromised account (human or machine) could cascade into a full breach due to excessive permissions, weak access segmentation, or hidden trust paths.

3 Practical Actions

1. Map your identity landscape comprehensively. Track all identities across on-premises directories, cloud services, and developer platforms. Understand not just who has access, but what assets each identity can reach.
2. Prioritize remediation based on attack paths, not just permissions. Instead of removing permissions ad hoc, focus on the minimal set of changes that effectively break high-risk attack paths, especially privileges that lead to critical assets, admin rights, or elevated trust relationships.
3. Adopt continuous identity posture monitoring rather than periodic reviews. Given the dynamic nature of hybrid IT environments, periodic audits aren’t enough. Implement tools and workflows that continuously track identity changes, detect risky configurations, and enable rapid, automated remediation.