Who’s holding you hostage: Cybersecurity companies or hackers?


It’s a serious headline. Although most CISOs, CIOs, and CTOs teams have the best intentions taking proactive steps to prevent a data breach and ward off hacking intrusions, many are stunned when they discover their security response retainer didn’t actually protect them, instead only prioritizing their case when a breach inevitably happens.

What A Security Response Retainer Really Does

When you look under the hood, a security response retainer policy is no different than a retainer policy one would have with a lawyer.  The customer gets their billing vehicle in place, and when an issue arises, a quick all is placed to the attorney, and the team of lawyers save the day. But also like an attorney, the bail-out experience is when the big bills start rolling in.

The high cost of security and remediation is why some in the industry have simply toyed around with the idea of simply forgoing an expensive security response retainer, opting to simply pay when a hack happens, getting the same end result. The frustration is warranted—but the approach is not.

Speaking generally, there are 3 core benefits to having a reputable company provide a security response retainer. The CISO, CIO, or CTO receives weekly e-mails and alerts about the latest threats, they receive guarantees of “Boots on the ground” for remediation and Malcode analysis, often within 24 hours, and lastly, they receive a discount of the hourly rate charged for when you get breached. It’s not cheap.

When a company fails to prevent a data breach, average incident response is typically around $600 per hour with no contract and $275 with one, and this entire plan is sold to enact AFTER you get hacked. When you enact the package, the clock starts. Having a history in cybersecurity, I can tell you this gets more expensive than you can possibly imagine.

In one specific hacking case, some of my previous security teams largest commission checks came from making $2 million from an initial $50k security response retainer. If this sounds shocking, consider a multi-person team coming to your corporate HQ billing around $400-$500 an hour for several months. It’s for this reason customers start to ask who is really holding them hostage: The security company hired to protect them? Or the hackers?

This is precisely why my fellow researchers at 3 Tree Tech are fascinated by the tech we are implementing from Vigilant Technologies. While there are no silver bullets, their fresh approach moves the needle in the right direction on the cybersecurity battlefront. 

Unique Risk Mitigation To Prevent A Data Breach

Their unique on-premises hardware design stands defiantly opposed to current software-based cybersecurity contractors existing methods to prevent a data breach. I’ve determined Vigilant Technology’s method detects a breach in seconds to minutes, and when a breach is detected, it simply “rewinds” your organization, link a DVR or cybersecurity time machine. Vigilant Technologies even guarantees unlimited incident response to boot, ready to eat all costs associated with remediation of a breach, if their system is bested. 

We strongly endorse Vigilant Technologies and believe they will disrupt cybersecurity and change the way we all look at the standard security response retainer. The old saying “an ounce of prevention is worth a pound of cure” comes to Prevent A Data Breachmind. Perhaps being held hostage for millions by your security provider is a thing of the past.

Kris Taylor of 3 Tree Tech

Kris Taylor is a cybersecurity pro at 3 Tree Tech. If you’d like to implement Vigilant Technologies security solution or need other solutions like Gen 2 SD-WAN, or Wireless 5G, reach out to simplify the complex.

Related Posts

remote worker on the couch with her cat
What’s the benefit of SASE?

SASE was created to address two primary concerns. Organizations using SD-WAN solutions needed...

A person using ChatGPT on a laptop
ChatGPT was breached and your IP may have been compromised   

The ChatGPT breach announced by OpenAI isn’t just their problem. It should be...