Vanta at $220M/year
Jan-Erik Asplund
TL;DR: Going from SOC 2 compliance to cybersecurity, Vanta is layering on continuous vendor monitoring, on-demand pen-testing, and new AI compliance standards to turn a twice-yearly audit product into a daily-use security platform. Sacra estimates Vanta hit $220M ARR in July 2025, up from $152M in 2024. For more, check out our full report and dataset on Vanta and our interview with co-founder & CEO Christina Cacioppo [2022].
Key points via Sacra AI:
- In the early 2010s, selling into the enterprise as a B2B SaaS company meant spending $50k–$100k upfront and losing your CTO for 6-12 months dealing with accountants to get SOC 2—Vanta (2018) launched to replace manually pulling screenshots, change logs & pen-test reports with recurrent API pulls from ~375 systems (AWS, GitHub, employee devices) to collect logs & track permissions, helping companies get SOC 2 certified faster and keeping evidence current for audits. Where traditional accounting firms charge one-off flat fees for SOC 2, Vanta monetizes as a SaaS, charging $10-15K minimum for one framework and delivering in ~60 days, while upselling for each added framework (ISO 27001, HIPAA, etc) and for add-ons like tools for assessing vendor risk & securely sharing security documents with prospective customers.
- Riding on the back of 1) the proliferation of SaaS, and 2) the need for SaaS companies to expand from SMB to enterprise earlier and by default, Sacra estimates that Vanta grew to $220M in annual recurring revenue (ARR) in July 2025, up from $152M in 2024, and valued at $4.15B valuation as of their $150M Series D in July 2025 for a 18.9x multiple. Compare to key SOC 2 competitor Drata at $95M ARR in 2024, up 61% YoY from $59M in 2023, and GRC platforms like AuditBoard at $200M in ARR in early 2024, up 33% YoY, at the time of their acquisition by Hg for $3B (15x revenue multiple) and Workiva (NYSE: WK) at $739M revenue in 2024, up 17% YoY, valued at $4.16B for a 5.6x multiple.
- Beyond their core business of SOC 2 compliance, Vanta is expanding into new use cases & geographies by layering on new certifications like ISO 42001 (AI model compliance), ISO 27001 (EU & Asia), and HIPAA (healthcare), with 25% of revenue now coming from outside the US and average revenue per customer (ARPC) growing from $5K in 2021 to $18.3K as of 2025. With compliance as a wedge that gets Vanta into all of a company’s core systems—but where the low frequency of usage puts it at risk of churn particularly with constant price undercutting by competitors—Vanta is expanding into cybersecurity via new features like continuous vendor monitoring (OneTrust, Archer) and on-demand penetration testing (Cobalt, Pentera), with the upside of higher attach rates & regular usage vs. the twice-yearly re-certification cycle around SOC 2.
For more, check out this other research from our platform:
- Vanta (dataset)
- Drata (dataset)
- Secureframe
- Thoropass
- How Vanta, Secureframe and Laika are arming the rebels of B2B SaaS
- Christina Cacioppo, CEO of Vanta, on the value of SOC 2 compliance for startups
- Sam Li and Austin Ogilvie, co-CEOs of Laika, on the compliance-as-a-service business model
- Shrav Mehta, CEO of Secureframe, on building a TurboTax for security compliance
- David Peterson, early Airtable employee, on the future of product-led growth
Read more from
Vanta revenue, growth, and valuation
Unlocked Report
Continue Reading
Read more from
Drata revenue, growth, and valuation
Unlocked Report
Continue Reading
