Introduction

2023 was a year of significant growth and impactful service at RipRap Security. We broadened our relationships with new and existing nonprofit and B Corp partners, and helped them strengthen their cyber defenses. Our emphasis on personal, trust-building relationships enabled us to not only address immediate security concerns but also educate and empower our clients. This report captures our journey through the year, highlighting our achievements, our pursuit of sustainable practices, and our successful attainment of the B Corp certification.

Cyber Security Mission Impact

We were so fortunate in 2023 to meet many new nonprofits, B Corps, and other organizations with incredible missions and help them improve their cyber security. For many, we started our relationship with a cyber security roadmap assessment which is designed to assess a client’s current security posture, define an ideal goal state, and provide a step-by-step roadmap on how to get there.. For others, our work began with helping them recover from cyber attacks that interfered with their ability to make an impact on their communities and issues they care about.

Regardless of how we started working with customers, we continued our approach of  high-touch, human-driven relationships. This approach allows us to build trust, educate our customers in a push towards self-sufficiency, and enable better outcomes for cyber security improvement investments. We instituted new customer engagement surveys to understand our performance and improve both our work product as well as our customer’s experience.

Some key highlights from our services in 2023 included:

• Delivered over 770 training courses, which enables customer resiliency through staff empowerment

• Identified and supported the remediations of thousands of vulnerabilities, many of which were exploitable by attackers

• Completed numerous application security assessments and penetration tests, enabling clients and their software development partners to harden critical applications against cyber attacks

• Supported numerous Incident Response (IR) efforts, helping organizations to understand how an attacker compromised their environment, and how to prevent it from happening again.

• Provided daily threat hunting and threat monitoring services, keeping a watchful eye on our clients’ security posture long after normal business hours.

• Developed a source code vulnerability analysis pipeline, providing clients with custom-developed applications with recurring vulnerability analysis, secrets detection, and remediation guidance.

Benefit Corporation (B Corp) Certification

The B Corp certification is awarded to companies that meet high standards of social and environmental performance, accountability, and transparency, as assessed by the non-profit B Lab. The certification evaluates factors like a company's impact on its workers, customers, community, and environment. It provides value by distinguishing companies as leaders in sustainable business practices, attracting customers, investors, and employees who prioritize ethical and responsible conduct.

Our founders learned about the B Corp movement in 2021 from our dear friends at West Arete, a software development company focused on custom software for higher education. They are a longtime B Corp and 1% for the Planet member and have been an invaluable source of advice as we’ve grown RipRap Security and explored ways to make an impact greater than our core business of providing cyber security expertise. 

As we shared in our 2022 impact report, one of our key goals for 2023 was to achieve our B Corp certification. Starting in late 2022, our team worked with certified B Consultant Kristin Joys, Ph.D.,  to prepare for and go through the certification process. Kristin was an incredible resource throughout the 11 months we spent working together. She provided extensive subject matter expertise that helped us establish new and formalize existing mechanisms for making RipRap Security a business for good. Her work enabled us to establish the policies, processes, and workflows that will enable our company to grow in a sustainable way and ensure our impact extends beyond the day-to-day cyber security work we do.

We are so pleased to share that we achieved our B Corp certification in 2023, achieving an Impact Score of 108.1 (the minimum required score is 80). By comparison, ordinary businesses have a median score of 50.9 points.

Here are some of our key achievements that led to the certification:

• Established a code of ethics, guidelines for company transparency, and a requirement for yearly impact reporting

• Amended our corporate governing documents to officially adopt social and environmental performance is part of the company’s decision making over time, regardless of company ownership

• Self-selected into the “Designed To Give” impact business model that formally commits us to provide 5% or more of our time each year to pro-bono services

• Self-selected into the “Support For Underserved/Purpose Driven Enterprises” impact business model that formalizes our dedication to primarily supporting underserved and purpose-driven organizations with cyber security

• Tracking our energy, water, and waste usage so that we can measure carbon emissions and offset those emissions each year

• Starting to transition to new service providers who are themselves B Corps where possible

B Corp Certification Goals For 2024

B Corps must recertify every three years in order to remain certified. We fully intend to recertify when the time comes and, as a part of that intention, our 2024 goal is to refine and further operationalize our B Corp commitments. 

Environmental Impact

2023 marks our third year being 1% for the Planet business members. As members, we donate at least 1% of our revenue each year to environmental nonprofits that make the world a better and more healthy place to live. We’ve once again certified our environmental nonprofit donations with 1% for the Planet by donating 1.2% of our revenue to environmental causes, exceeding the minimum requirement. Our donations increased by 92%  compared to 2022 and by 478% compared to 2021. We are proud that our company’s growth has enabled us to greatly expand our ability to meaningfully contribute to causes like:

• 1% for the Planet

• We Are Neutral

• Raleigh City Farm

• ClearWater Conservancy

• B Lab Global

We started measuring and offsetting our carbon, water, and energy emissions in 2022 and continued in 2023 with our partner We Are Neutral. As our company is growing in terms of team size and number of customers we partner with, our environmental impact has certainly expanded. In 2022, we measured 2.76 tons of CO2 emissions. In 2023, we measured 9.67 tons of CO2 emissions.

Environmental Impact Goals For 2024

Our team plans to continue with our 1% for the Planet commitment as well as our measuring and offsetting of emissions in 2024 and into the future.

Social Impact

Throughout 2023, we continued with our program to match 5 cents on the dollar to employees’ nonprofit donations. Our employees and company have contributed to organizations including:

• National Public Radio

• United States Fund for UNICEF (United Nations International Children's Emergency Fund)

• American Civil Liberties Union

• Bail Project

• Evident Change

• Eden Reforestation Projects

• Bay Area Rescue Mission

• Doctors Without Borders

• RAICES

• GiveDirectly

• The Bay Foundation

• GlobalGiving Foundation

• Midwest Access Coalition

• Prevent Cancer Foundation

• Save the Children

Earlier in this report, we mentioned that part of our B Corp certification was electing to provide 5% of our total working hours each year to pro bono cyber security projects, support, and education for underserved organizations.

Our staff pursued a number of different pro bono efforts, including:

• Creating and giving cyber security focused presentations at a variety of nonprofit and community foundation conferences

• Holding pro bono “office hours” to provide cyber security advice to small organizations

• Improving our Cyber Security For Good online training course - this is a self-paced course designed to help organizations establish foundational cyber security protections at their organization. We had ten organizations sign up and take the training course during the year.

Social Impact Goals For 2024

We plan to continue with the 5% match of employee donations to nonprofits as well as our B Corp commitment to pledging 5% of our annual hours to pro bono work. In 2024, we plan to formalize our pro bono program into a Cyber Security For Good grant program.

Wrapping Up

Reflecting on 2023, we’re so proud to have made significant strides in enhancing cyber security for purpose-driven customers and in solidifying our commitment to social and environmental responsibility. Earning our B Corp certification was a highlight, reinforcing our drive to meet high standards. As we look ahead, we're excited to further refine our practices and deepen our impact. 2024 is about building on our foundation—pushing forward with our mission to not only protect but also positively influence the communities and environments we serve.