Cyber breach incident response is an increasingly important part of an enterprise’s disaster recovery planning. In 2024, the average cost to a company of a data breach was $4.88mn, with the average time for a company to identify a breach approximately 194 days.*
ACTFORE is a leader in AI/ML-powered data mining for cyber breach incident response which spun out of Gresham House Ventures’ portfolio company ActiveNav in October 2024 to establish itself as an independent company. We caught up with Christian Geyer, CEO and Founder of ACTFORE, in June to hear more about the business and how it is gaining traction.
What is cyber risk and what is ‘cyber breach incident response’?
Cyber risk refers to the potential for loss or harm from IT system failures – including breaches, ransomware, outages, or unauthorised access. These risks impact not only security and privacy, but also business operations, financial standing, and regulatory compliance.
Cyber breach incident response is the approach organisations take to identify, collect, investigate, and recover from a cybersecurity incident. It involves technical, legal, and communications steps, from identifying what information was breached and how, to notifying affected parties, to minimising long-term damage by restoring systems and workflows. A strong incident response strategy helps reduce the breach response time and limit exposure. It also reduces potential financial implications such as the need to pay a ransomware demand or regulatory fines.
How does ACTFORE’s ‘Technology first’ approach differentiate its services from competitors in this area?
ACTFORE’s technology-first approach replaces manual breach response workflows with automation – enabling faster, more accurate, and more secure results at a known fixed price. Unlike competitors that rely on labour-intensive data review and using its proprietary platform and integrated suite of tools and methodologies, ACTFORE specialises in using AI and machine learning to detect, classify, and extract sensitive data from complex, unstructured datasets – often in hours or days instead of months.
How have current international conflicts and international trade disputes impacted cyber risk?
International conflicts and trade disputes have significantly elevated cyber risk by increasing both the scale and intent behind cyberattacks. Nation-state actors, including some of the most prolific sponsors of cybercrime, are using cyber operations to disrupt infrastructure, exfiltrate data, and apply economic pressure. For example, it was recently revealed that U.S. cyber analysts were deployed to Ukraine in “hunt-forward” operations to proactively detect and counter Russian cyber threats, highlighting the immediacy and severity of the risks. With U.S. support in such regions subject to shifting political decisions, adversaries are emboldened to target Western infrastructure more aggressively. Trade alliances also trigger retaliatory cyber missions aimed at undermining cooperation, creating new, focused campaigns to disrupt and impede critical sectors. This evolving threat landscape demands that organisations treat cyber risk not as a siloed IT issue, but as a strategic, board-level concern tied directly to global events.
ACTFORE was a start-up led by you, organically developed from within Gresham House Venture’s existing portfolio company, ActiveNav. What was your experience of developing ACTFORE within an existing Company and how was Gresham House Ventures supportive?
Developing ACTFORE within the framework of ActiveNav, and under the umbrella of Gresham House, was a unique and deeply entrepreneurial experience. I had joined ActiveNav just days before the COVID-19 shutdowns were announced, and within my first week as COO, I was tasked with closing offices globally. Like many companies during the pandemic, we were forced to confront revenue declines, redundancies, and a market that had little interest in proactive data governance, viewed more as a luxury than a necessity. As funding challenges intensified, it became clear we needed to pivot into a space that addressed urgent, unavoidable business needs.
Drawing on my prior experience leading financial strategy at Crypsis Group – eventually acquired by Palo Alto Networks – I had a firsthand view of the persistent challenges organisations face in incident response, particularly around breach notification. Through conversations with law firms, insurers, and CISOs, it was evident the IR marketplace was fragmented, opaque, and often ineffective. That insight, paired with ActiveNav’s existing capabilities and Gresham House’s backing, laid the groundwork for ACTFORE.
Gresham House Ventures supported this evolution by allowing the flexibility to incubate a new model within the existing structure and providing the strategic leeway needed to address a growing, unmet market demand. Actfore was ultimately born from necessity, but shaped by vision, experience, and timely support.
ACTFORE is growing rapidly and is winning major industry awards. What challenges is the company facing as its market recognition grows?
As ACTFORE gains market traction and industry recognition, one of the most significant challenges we face is managing the complexity of serving three distinct client groups – legal counsel, insurance carriers, and the end-clients impacted by cyber breaches. Each of these stakeholders brings different priorities and expectations to the table. Legal counsel may be split between those demanding speed and precision and others who are still operating within outdated vendor models. Insurance carriers are laser-focused on cost control, requiring highly efficient processes to minimise financial exposure. Meanwhile, end-clients often need education and reassurance, as they’re navigating breach response and data mining for the first time.
Balancing these competing needs while maintaining ACTFORE’s core promise, delivering fast, accurate, and transparent results has been a continual challenge. A multi-audience go-to-market strategy can sometimes feel like walking a tightrope. Yet, the strength of our AI-led, air-gapped solution continues to unify these audiences.
As we grow, staying anchored to our founding mission and continuously investing in innovation is what enables us to meet our clients’ rising expectations and differentiate ourselves in a crowded market.
What are the growth plans for the business?
ACTFORE’s growth plans focus on continuing to disrupt the breach notification space through our innovative, technology-first incident response solutions. We aim to expand our global reach across legal, insurance, and enterprise sectors – bringing speed, transparency, and security to organisations and individuals navigating the aftermath of a cyber incident. As demand accelerates, we remain committed to innovation and building scalable solutions that make secure data handling the new standard in incident response.
However, scaling a business while also defining a new capability is a balancing act. As a founder, I’ve learned that growth must be grounded in the same principles that sparked innovation in the first place: a clear vision, adaptability, and relentless focus on delivering value. Defining a new market isn’t just about having the right technology, it takes strategic planning, patience, and persistence. Most importantly, it requires surrounding yourself with a talented, mission-driven team that believes in what you’re building. That combination is what makes growth sustainable and transformative.
Learn more and stay up to date
Our portfolio company ActiveNav >>
* Source: IBM, Escalating data breach disruption pushes costs to new highs, July 2024
