Due Diligence Checklists › Cybersecurity › Growth / Pre-IPO
Cybersecurity Startup Investment Checklist: Growth / Pre-IPO Stage (2026)
This checklist covers 24 due diligence items for Cybersecurity startups at the Growth / Pre-IPO stage. Each item has been validated against institutional investor practice. DDR automates the majority of these checks from a single pitch deck PDF upload.
24 checklist items · 3 red flags automatically detected · See a sample DDR report
Growth / Pre-IPO Requirements
✓
$10M+ ARR with clear path to $100M+
✓
Profitability or credible path to profitability within 24 months
✓
Category leadership: top 1–2 in defined market
✓
CFO and board ready for public market scrutiny
✓
Revenue quality: multi-year contracts, low churn, high NRR
✓
Institutional governance: audit committee, independent board majority
Cybersecurity Sector
✓
Third-party penetration test report reviewed (last 12 months)
✓
Bug bounty program active and history reviewed
✓
No undisclosed security incidents in company history
✓
MITRE ATT&CK benchmark results reviewed
✓
SOC 2 Type II certification for company's own infrastructure
✓
Encryption standards documentation reviewed
✓
Incident response plan documented and tested
Deep Dive
✓
Third-party penetration test reports from the last 12 months
✓
Efficacy benchmarks on industry-standard threat datasets
✓
Review any prior security incidents or breaches
✓
Verify team's security clearances if targeting government
✓
Assess false positive rate from customer deployments
Regulatory
✓
Verify: Export controls (EAR/ITAR): dual-use security technology may require export licenses
✓
Verify: FedRAMP: required for federal government contracts
✓
Verify: EU NIS2 Directive: new incident reporting and security requirements for EU customers
OSINT Signals
✓
Check: CVE database: any CVEs attributed to or affecting the product
✓
Check: Shodan: public-facing infrastructure security posture
✓
Check: GitHub security advisories for any open-source components
DDR AUTOMATES THIS CHECKLIST
Upload a Cybersecurity startup pitch deck and DDR automatically completes 17+ of these 24 checklist items — sourcing data from 13 OSINT signals, benchmarking against 3 comparable companies, and detecting all 3 critical red flags.
GET YOUR FREE SCAN →