Score Helps Assess Business Security


Score Helps Assess Business Security
Jacob Foster Davis co-founded BreachBits and serves as its chief operating officer and chief revenue officer. (File photo) (Jason Burt)

BreachBits expects to double its talent base in Arkansas — two full-time staffers and seven contractors — by the end of the year, after opening its Little Rock office just one year ago.

It will be looking for data scientists, automation engineers and software developers, co-founder and Little Rock native Jacob Foster Davis told Arkansas Business. 

Founded in Washington, D.C., in 2018, where it still has an office, BreachBits uses artificial intelligence and automation to deliver “BreachRisk scores” showing how cyber-secure organizations are. It also offers continuous penetration testing to expose cyber vulnerabilities for its business customers.

Davis is the firm’s chief operating officer and chief revenue officer. The other co-founder, John Lundgren, serves as its CEO and chief technology officer. 

Both men are former naval officers. Davis describes Lundgren as an “elite hacker” who has been fighting against cybercrime for 14 years. Davis said he himself brings experience in satellite intelligence for the National Security Agency and from service on a Pentagon task force looking at cyber defense.

The two men established BreachBits when they left military service because they’d come to the same conclusion, from slightly different perspectives, about what businesses must do to be cyber-secure, Davis said. Their conclusion was two-fold: Businesses need to hire hackers to expose weaknesses in their systems, and businesses need to treat cybersecurity like they would any other business risk, he said. 

The subscription-based BreachBits engages in this field by acting like a credit rating agency, Davis said. “But instead of telling you your financial risks, we tell you your cyber risk. And, just like your credit score, we make it very simple.”

The firm offers three types of subscriptions.

Its BreachRisk for Business subscription provides the customer with its own score for $250 per month, $1,000 a month if the customer wants to improve its score with risk management reports and active testing or $3,000 per month if the customer wants to show that its security measures can defeat the toughest emerging threats.

The firm’s BreachRisk Portfolio subscription provides the scores of organizations the customer does business with, which Davis said is a unique offering. 

“A lot of executives, a lot of your readers, are worried not only about having their own company hacked, but they’re actually really worried about their suppliers, their data relationships, their partners because that’s the new big risk. … And we’re one of the only firms in the country that can tell them the risk of other people,” he said. “And we’re the only one in the world that tells them the risk from a hacker’s perspective. We know what risk looks like because we’re ethical hackers, because we can actually break in.”

That monthly subscription costs $1,500 for the inspection and monitoring of three organizations, $2,900 for deeper analysis of 10 organizations and $5,800 for up to 25 organizations.

Then there’s a monthly penetration testing subscription that costs $250, $1,000 or $2,000 depending on the complexity of the testing.

BreachBits customers include supply chain businesses and businesses involved in mergers and acquisitions that need this kind of work done as part of their due diligence, Davis said. Another type of customer is cyber insurance providers. His firm can let them know “who the safe drivers are,” and that allows the providers to give their customers the best deal on premiums and limits, Davis said.

BreachBits aims to help organizations have good cybersecurity measures in place because that is now “the cost of doing business,” he said. 

“You have to understand that risk in order to make the best decisions — and to make the most profit. You have to understand the risk so that you can mitigate it, or accept it, accordingly,” Davis said. “It’s all about risk. Cybersecurity is all about risk. That’s the future that we’re pushing. We’re helping people understand, and that’s why we’re being so well received. Because it makes sense to businesspeople.”

Davis said his being from Arkansas wasn’t the reason the firm opened a location here. 

“Because I’m an Arkansan, I understand and I understood that Arkansans understand business and technology. That’s very important, because the way the cyber industry is going, what people are starting to recognize is that cybersecurity is the fusion of business and technology.”

He said the understanding made the state “a premier choice” for BreachBits.