BreachScan Outbound Playbook
New StrategyBreach-led prospecting: Find exposed businesses, reach their MSP
The Hard Truth: Why Cold Breach Outreach Usually Fails
Before we design the outreach, we need to understand why the obvious approach doesn't work:
What They See
Subject: "Security Alert: Your data found on dark web"
Their immediate thought:
- • "This is definitely a scam"
- • "This is a phishing email"
- • "They're trying to scare me into buying something"
- • "Delete and block"
Why They Think That
• They get 10 scam emails a day with similar subject lines
• Legitimate security companies don't cold-email
• "We found your data" = classic extortion setup
• They have zero context on who we are
• Trust is literally at zero — worse than zero
Stakeholder Psychology Map
Stakeholder 1: Business Owner / Office Manager
Their Mental State
- • Busy — 200 emails today
- • Skeptical — seen it all before
- • Defensive — "IT handles this"
- • Anxious — what if it IS real?
- • Annoyed — another vendor pitch
Their Fears
- • "Is this extortion?"
- • "Will I look stupid if I forward this?"
- • "What if I ignore it and something happens?"
- • "I don't understand this tech stuff"
- • "Is this going to cost me money?"
What Would Earn Trust
- • No ask whatsoever
- • Easy to verify we're legit
- • Explanation of why we're doing this
- • They can ignore it if they want
- • Feels like a person, not a campaign
Stakeholder 2: Their IT Person / MSP
Their Mental State
- • Territorial — "who's talking to my client?"
- • Defensive — "are they saying I missed this?"
- • Suspicious — "what's the vendor angle?"
- • Busy — juggling 50 clients
- • Opportunistic — always looking for upsells
Their Fears
- • "Client will think I'm not doing my job"
- • "Is this vendor trying to steal my client?"
- • "Will this create work for me?"
- • "Is this data even legit?"
- • "Am I being set up to look bad?"
What Would Earn Trust
- • Make them look good, not bad
- • Give them the tool, not the pitch
- • No direct client contact (they control it)
- • Help them upsell, not compete
- • Respect the relationship
The Step-by-Step Flow
Ultimate Goal: Get MSPs Subscribing to RiskSense
Step 1: Find Breached Businesses
Scan 1,000-2,000 business domains daily with BreachScan. Identify those with breached credentials.
NZ professional services, 20-200 employees
Must have actual breached credentials, not just domain exposure
List of breached businesses ready for outreach
Step 2: The Discovery Call
Call the Business — This IS the Discovery
You won't find who manages their IT from LinkedIn or website footers. You have to call and ask.
Opening Script:
"Hi, can I speak to whoever handles your IT?"
What Happens Next
They Give You a Name
"That's John, I'll put you through"
→ You've got your IT contact
They Say It's Outsourced
"We use [MSP Company Name]"
→ Gold — you have the MSP
They Block You
"What's this regarding?"
→ Call back, try HR route
The HR Backup Route
If reception blocks you, call back and ask for HR instead:
"Hi, could I speak to someone in HR? It's about cybersecurity training."
Security training IS an HR concern. This gets you to a decision maker who can either help directly or connect you to whoever handles IT.
Step 3: Fork Based on What You Learn
Path A: They Have an MSP
Best outcomeYou now know who manages their IT.
1. Contact the MSP directly
2. Gift them a breach report for their client
3. MSP looks like a hero to their client
4. MSP comes back to us for more
Path B: Internal IT Person
Direct conversationThey have someone in-house who handles IT.
1. "We found your data in a breach"
2. Offer the free report
3. Ask if they work with any IT partners
4. Plant the seed for RiskSense
Path C: HR Route
Training angleYou got through via the training angle.
1. "We help with security awareness"
2. "We also found breach data on your company"
3. "Who should I share this with?"
4. Get intro to IT decision maker
Core Principle: Give Value, Ask Nothing, Let Them Come To Us
Give First
Full report, no strings attached
No Pressure
No demos, no follow-up calls booked
Open Door
They reach out when ready
Path A: Reaching the MSP (After You Have Their Name)
Once you know who manages the business's IT, contact the MSP directly with a gift — not a pitch.
MSP-First Email: "Gift" Positioning
Subject: Breach data for one of your clients (free intel)
Hey [First Name],
I run security research at RiskSense. We scan breach databases to help businesses know when their data is exposed.
I came across a company I believe is one of your clients — [Client Name]. We found [X] employee credentials from their domain in a recent breach dump.
I've attached a report with the details. Figured you'd want to know so you can advise them on password resets, MFA, etc.
No strings attached — just thought it'd be useful for you.
Cheers,
[Your name]
RiskSense | risksense.cloud
P.S. If you want, I can run scans on your other clients too. Free for MSP partners. But no pressure — this report is yours either way.
Why This Works
✓ Makes MSP look good — they get to be the one who tells their client
✓ No ask — report is attached, not gated behind a call
✓ Soft offer — "I can scan your other clients" is buried in P.S.
✓ Easy to verify — they can check risksense.cloud
✓ No pressure — "no strings attached" is explicit
✓ Reciprocity — they feel obligated to at least reply
MSP Response Scenarios
Scenario A: "Thanks, this is helpful"
They appreciated it. Now we nurture.
"Glad it helped! Let me know if you want me to run a few more of your clients through. Takes 30 seconds per domain, and I can send you the reports directly. Cheers."
Goal: Get them to send us more domains → builds habit → they become dependent on us for breach intel.
Scenario B: "Who are you? How did you get this?"
They're suspicious but engaged. Good sign.
"Fair question. We're RiskSense — security awareness for MSPs. We scan public breach databases (same data attackers have access to) and notify businesses proactively. Found [Client] in a recent dump and figured you'd want to know. Happy to jump on a call if you want to verify us, but no pressure."
Goal: Build trust through transparency. Offer call but don't push.
Scenario C: "Can you scan more clients?"
They're hooked. This is the ideal outcome.
"Absolutely. Send me a list of domains and I'll run them through. If you want, I can also show you how we do this — we have a partner portal where you can run scans yourself and generate branded reports. But happy to do it for you in the meantime."
Goal: Get them using us regularly → natural transition to partner program.
Scenario D: No response
They didn't reply. Most won't. That's fine.
Wait 2 weeks. Then: "Hey [Name], just following up — did the breach report for [Client] make it to you? Let me know if you have questions. Also happy to run a few more of your clients if useful."
Goal: Stay top of mind without being pushy. One follow-up only, then move on.
Channel A: Direct to Business (Fallback)
When We Can't Identify the MSP
If we can't find who manages their IT, we go direct. But we have to work much harder to not look like a scam.
Trust-Building Elements Required
Physical NZ business address in signature
risksense.cloud with team photos, about page
Real NZ number they can call
Not gated, not "click here to see"
Subject: [Company Name] - credential exposure check (no action needed)
Hi,
I run a small security research company called RiskSense, based in [City, NZ]. We monitor public breach databases to help businesses know if their data has been exposed.
I came across [Company Name] in a recent scan and found that [X] email addresses from your domain appear in breach records. I've attached a summary showing which accounts are affected.
You don't need to do anything with this email. I'm not selling anything, and there's no follow-up call or meeting. I just thought you'd want to know so you can pass it to whoever handles your IT, if you have someone.
If you're curious about us, we're at risksense.cloud, or you can call me on [phone].
Take care,
[Your full name]
RiskSense
[Physical address], NZ
[Phone number]
Why This Framing Works
- ✓ "No action needed" in subject line — defuses the scam alarm
- ✓ "Small company based in [City]" — human, local, verifiable
- ✓ "I'm not selling anything" — explicitly stated, reduces suspicion
- ✓ "Pass it to whoever handles your IT" — plants the seed without pushing
- ✓ Full contact details — we're real, we're reachable, we're accountable
Follow-Up Philosophy
What NOT To Do
- ✗ "Just following up on my email..."
- ✗ "Did you get a chance to review..."
- ✗ "I'd love to schedule a call..."
- ✗ Multiple follow-ups escalating urgency
- ✗ "This is time-sensitive..."
These all scream "desperate salesperson" and confirm their suspicion that we're just here to sell them something.
What TO Do
- ✓ One follow-up max (after 2 weeks)
- ✓ Add more value in follow-up (new info, updated scan)
- ✓ Make it easy to ignore ("No need to reply if not relevant")
- ✓ Be genuinely okay with no response
- ✓ Leave door open without pressure
Our goal is to be remembered positively, so when they DO need security help, they think of us.
Revised Metrics (Realistic)
| Stage | Weekly Volume | Conversion | Output |
|---|---|---|---|
| Domains scanned | 5,000 | — | — |
| Breaches found (~20%) | 1,000 | 20% | 1,000 breached businesses |
| MSP identified (~30%) | 300 | 30% | 300 → MSP-first channel |
| MSP outreach sent | 300 | — | — |
| MSP responses (~15%) | 45 | 15% | 45 MSP conversations |
| MSPs requesting more scans (~50%) | 22 | 50% | 22 engaged MSPs |
| MSPs becoming partners (~25%) | — | ~25%/month | 5-6 new partners/month |
Direct Channel (No MSP Found)
700/week → ~3% response → ~20 conversations → mostly "thanks" or forwarded to IT → ~2-3 eventual MSP intros
Combined Monthly Output
~5-8 new MSP partners/month through pure goodwill and value-first approach
Plan B: Give MSPs the Tool (usecure Model)
If Outbound Doesn't Scale: Productize BreachScan
If the vendor-initiated outbound is too labor-intensive or doesn't convert, we pivot to the usecure model: give MSPs BreachScan as a self-serve prospecting tool.
What We'd Build
- • MSP Portal: Enter domains, get instant results
- • Branded Reports: MSP logo, their contact info
- • Email Templates: Ready-to-send outreach
- • Bulk Upload: Scan entire client list at once
Business Model
- • Free tier: 10 scans/month (prospecting hook)
- • Partner tier: Unlimited scans (RiskSense partners only)
- • Bundled: Include with RiskSense subscription
Implementation Actions
Build MSP identification workflow
Process to find who manages a company's IT from public sources
Create breach report templates
PDF for MSPs, PDF for businesses, both professional and scannable
Source 1,000 NZ domains
Professional services, 20-200 employees, ideally with identifiable MSPs
Run pilot scans
Validate breach detection rate, refine qualification criteria
Launch MSP-first outreach
100 MSP outreaches with "gift" positioning, measure response
Scale and iterate
Refine messaging based on responses, increase volume
Decision: Approve BreachScan Pilot (Revised Approach)
Pilot Investment
- MSP research + outreach (4 weeks): $6,000
- Report templates + collateral: $1,000
- Domain sourcing: $500
- Total: ~$7,500
Success Criteria (8 weeks)
- 300+ MSP outreaches sent
- 40+ MSP responses
- 15+ MSPs requesting more scans
- 5+ MSPs becoming partners