The Value of Concierge Cyber Services

What are Concierge Cyber Services?

Like concierge medicine, concierge cyber services provide organizations with a single source for all things cyber—both in preparation for a breach and in recovering from one—by bringing leading third-party experts to clients. The cyber concierge (consultant) becomes a trusted friend and advocate, helping clients navigate the complex world of cyber threats, laws and regulations.

Cyber Special Ops, LLC is the first consultancy to offer Concierge Cyber Services, with a membership that provides access to a credentialed panel of third-party service providers at rates comparable to those negotiated by leading insurance companies. Cyber Special Ops members receive 24/7 access, a toll-free phone number to connect directly with a cyber concierge, same-day appointments, meetings that last as long as it takes to address their needs, and various other amenities. In exchange for this enhanced access and personal attention, the client pays Cyber Special Ops, which is completely neutral with respect to third-party services and products, a modest annual membership fee.

Doesn’t my insurance provide these claim benefits?

Not necessarily. A cyber claim may invoke coverage under numerous policies including, but not limited to, stand-alone cyber, property, general liability, professional liability, management liability or crime. Even if you have insurance, you may not have access to immediate incident response. Given that time is of the essence, Cyber Special Ops provides its clients with immediate expertise, experience and agility to handle a cyber incident.

Who are Cyber Special Ops third-party service providers?

Our world-class panel is comprised of firms located across the United States, Canada and United Kingdom. An additional benefit is that our third-party service providers are recognized and approved by most stand-alone cyber insurance companies.

To summarize, Cyber Special Ops’ Concierge Cyber Services delivers:

  • Conference calls, as needed
  • Longer appointment times, including a complete review of relevant cyber threats
  • Same day and next day appointment availability, as needed
  • Wellness coaching, including the transfer of cyber risk
  • State of the art information security testing and incident response teams
  • 24/7 access to cyber risk management consultants

Risk Associated with Latest Changes to Same Day ACH

The National Automated Clearing House Association (“NACHA”) is making enhancements to offer same day ACH more quickly, allow for larger per-transaction value, and add an additional processing window later in the day.  Here’s a brief timeline and explanation of those changes:

  • Sept. 20, 2019 – the availability of funds for many Same Day ACH and other ACH credits will occur sooner in the day.
  • March 20, 2020 – the per-transaction dollar limit for Same Day ACH will increase from $25,000 to $100,000.
  • March 19, 2021 – access will be extended by enabling Same Day ACH transactions to be submitted to the ACH Network two hours later every business day.

So why is fraud expected to increase?  Why will it go up when banks are essentially providing the same service to customers that they do today, only giving them their money sooner? Well, the answer is because bad guys love speed and convenience. Same day ACH will enable fraudsters to abscond with money before the bank or its corporate customer even discovers the fraud.

Account Takeover Will Increase

It’s no secret that fraudsters are stockpiling online banking credentials in what we often refer to as “sleeper fraud,” where they keep accounts on hand until they are ready to attack the bank en masse.    After same day ACH, we can expect to see escalated levels of account takeover since fraudsters can move the money in larger and faster quantities on compromised accounts.

Online Banking Losses Will Increase

If you want to see what will happen to U.S. online banking accounts, just look to the U.K. for the most likely scenario.  Online banking losses in the U.K. doubled immediately after Faster Payments launched and never really came back down to the pre-Faster Pay levels afterwards.

Payment Fraud and Bill Pay Losses Will Increase

Organizations that track their ACH and Bill Pay Fraud losses, will probably notice a big uptick in Bill Pay-related fraud losses.  Fraudsters can set up new payees and send funds, or even divert funds to new locations using the same payee accounts by changing the details.  Bill Pay losses will increase with same day ACH.

Call to Action

In 2018, there were 178 million transactions and $159 billion dollars processed same day, a 137% increase over the previous year. According to the FBI’s 2018 Internet Crime Report, theft of money as a result of Business Email Compromise and Email Account Compromise topped the list, with the average reported corporate loss of $130,000. Given that time is of the essence, Cyber Special Ops provides its clients with immediate expertise, experience and agility to investigate and recover money as a result of wire fraud.

South Carolina Insurance Data Security Act

South Carolina has become the first state to enact a version of the Insurance Data Security Model Law,

drafted by the National Association of Insurance Commissioners (“NAIC”) in 2017. The South Carolina Insurance Data Security Act became effective on January 01, 2019.

To Whom Does the Act Apply?

The Act applies to all licensees of the South Carolina Department of lnsurance. The law expressly excludes out of state purchasing groups or risk retention groups, out of state licensees who are only acting as an assuming reinsurer or licensees with fewer than ten employees.

Is Cyber Risk Management a Board of Directors Issue?

Yes, the South Carolina Data Security Model Law states that the licensee’s board of directors or a designated executive management committee must develop, implement, and maintain a written information security program (“WISP”).

What are the Requirements of the South Carolina Insurance Data Security Act?

Licensees have until July 01, 2019 to implement a WISP designed to promptly respond to, and recover from, a cybersecurity incident.  The WISP must be commensurate with the size and complexity of the licensee and the nature and scope of the licensee’s activities along with its third-party service providers.

The WISP must include a written incident response plan designed to promptly respond to, and recover from, a cybersecurity event.

Lastly, the licensee must implement and maintain an employee security awareness training program.

What about Third-Party Service Providers?

By July 1, 2020, all licensees must have assessed their third-party service providers to ensure that data security best practices are in place.

Call to Action:

While South Carolina was the first state to enact the NAIC Data Security Model Law, other states are soon to follow. South Carolina insurance licensees are required to certify compliance on an annual basis with the South Carolina Insurance Data Security Act with the Department of Insurance. Cyber Special Ops, LLC is here to offer its expertise, experience and agility to help you address these data security requirements.