Your Nationwide Cyber Crisis Team

Case Studies
FAQs

A Subscription-based protection for small to mid-market businesses
that provides three essential capabilities for corporate asset protection

Start Now

On Guard • On Demand

Leadership
A subscription that helps businesses get cyber ready that includes:
  • Cyber Law
  • Incident Response
  • Cyber Insurance expertise

Take our survey to determine subscription level eligibility

Start Now

Subscribers are better prepared and protected

Cyber attacks are increasing in quantity and severity

Day or night, subscribers call our dedicated 24/7 cyber crisis support hotline when they suspect a breach – the Cyber Crisis Team is on the ready to begin work, saving valuable time, data, and reputation​

Cyber Insurance is becoming increasingly difficult and expensive to obtain

Subscribers receive an assessment of their cybersecurity posture, recommended improvements to address areas most critical to insurance companies, and assistance in their insurance procurement process​

Cybersecurity regulations are increasing

Subscribers receive expert assistance in developing an Incident Response Plan or improving their current Incident Response Plan to help them better respond to a breach and better address regulations, reducing the risk of costly fines and reputation impact​

Breach investigations reveal the source of error (often human) which can be used as evidence at trial

Subscribers develop an attorney-client relationship with specialized cyber law counsel well in advance of a serious incident, better protecting investigative data with privilege​

What We Offer

Choose the plan that works for you

Bronze

Bronze

Foundational 24/7 Cyber Crisis Support and Readiness

Learn More
Silver

Silver

Enhanced 24/7 Cyber Crisis Support and Readiness

Learn More
Gold

Gold

Comprehensive 24/7 Support, Readiness and Preparation

Learn More
Platinum

Platinum

Tailored 24/7 Incident Response, Full-Suite Support, Readiness and Preparation

Learn More
View all plan features

Read our case studies

01 Case Study

Determining data breach duties by state

Problem

  • Client hacked with ransomware which did not appear to include data exfiltration
  • Client did business in several states which DID NOT require "data breach" notification unless the attacker "acquired" sensitive data
  • Legal exposure and cost of a data breach to the client would be substantially less, provided the compromise did not reach the data breach threshold in those particular states

OnCall Cyber Solution

  • Determine which state laws require a data breach notification 
  • Forensically document and confirm whether the attack modality resulted in data acquisition of sensitive data 
  • Comply with data breach requirements in each state where client did business with customers 
  • Restore client’s network integrity and assist in its business recovery and business reputation damage control ​
  • Improve client’s cyber hygiene going forward​

Outcome

  • Delivered a legally sound opinion that the client’s data compromise did not meet the threshold of “data breach” in several states because no sensitive data had been “acquired”, as defined by statute​
  • Substantially reduced client’s incident response costs and legal exposure​
  • Resolved client’s ransomware attack issue, restored the network to trustworthy status, and ensured the client’s cybersecurity compliance ​

02 Case Study

Healthcare Insider Data Handling Error

Problem

  • Client’s IT staff transferred to a new job ​
  • Was still able to log back into prior healthcare network to recover files from the company’s HIPAA-regulated network​
  • Caused potential exposure for client to incur HIPAA fines​

OnCall Cyber Solution

  • Determine whether the client’s state data breach law – and its ‘unlawful acquisition’ of sensitive data statute – was applicable to all patient data in the client’s network ​
  • Determine the extent to which ‘risk of harm’, under the facts of the incident and prevailing HIPAA regulations and guidance, potentially applied​
  • Determine a suitable way to learn facts from the former employee, who was personally in legal jeopardy ​
  • Reduce client’s risk and legal exposure, and ensure compliance

Outcome

  • State law permitted an assessment that the former employee had not “acquired” sensitive HIPAA data​
  • Via an attorney-to-attorney negotiation and appropriate agreements, the former employee agreed to produce an affidavit confirming the areas of the network accessed and that no patient or otherwise sensitive data was acquired ​
  • After a full investigation involving both cyberlaw counsel and a forensic team (i.e., the Cyber Crisis Team), delivered a legally sound opinion and necessary documentation under HIPAA that there was no likelihood of harm; the client avoided HIPAA fines completely ​

03 Case Study

Obtaining Insurer Coverage For Lawsuit – Mitigation Step

Problem

  • Client’s data breach, upon operation of its ecommerce Merchant Agreement terms, mandated the disclosure to its data processor of the source of the credit card theft hack​
  • This evidence, once shared, would have exposed the client to end-of-business fines, damages, and seizure of its bank balance under set-off terms (i.e., data processor seizing bank funds from the linked account)​
  • The attack forensics revealed multiple indicators of compromise, causation had multiple attack vectors​

OnCall Cyber Solution

  • Determine whether disclosing multiple, plausible causes protected the client’s legal position ​
  • Use Cyber Threat Intelligence to design an evidence gathering plan​
  • Find an insurance clause which ostensibly permitted insurance coverage for an investigative task ​
  • Advocate for and obtain insurance coverage for the client, while also reducing the payout risk to the insurance carrier​
  • Pursuant to the Merchant Agreement, disclose multiple causes for the data breach to the data processor​
  • Produce a defense for the client and convince the insurance carrier to have the cyber policy cover the additional investigation using Cyber Threat Intelligence​

Outcome

  • The insurance carrier agreed to cover the Cyber Threat Intelligence investigation, after the cyberlaw counsel explained the use case and advantages of producing a defense for the client (and the millions of dollars of potential exposure from the data breach)​
  • With direction by counsel, the Cyber Threat Intelligence investigation produced multiple ‘merely plausible’ causation data ​
  • Client disclosed to the data processor a report detailing multiple possible causes of the data breach; the data processor took no further fines or damages action and the client continued in business ​
Previous
Next

Quick answers to questions you may have

Can't find what you're looking for? Contact us here:

contact@OnCallCyber.com
We already have cyber protection, how is an OCC Subscription different?

An OCC Subscription provides not only the convenience of having a cyber law attorney, an incident response team, and cyber insurance consulting at the ready, but also the added value not found in a la carte services, including:

  • A law-led subscription providing opportunity for attorney-client privilege from inception throughout an incident response
  • Ready at a moment’s notice to assess legal exposure with 24×7 hotline
  • Ready at a moment’s notice to forensically preserve evidence and immediately begin to uncover important facts with 24×7 hotline
  • Pre-vetted service providers based on OnCall CyberTM relationships and industry experience to assist with prevention, preparation, and response
  • Improved speed and efficiencies during an incident response due to up front analysis of your organization’s unique cyber risks
  • Easy start-up by providing pre-arranged agreements, introductions, and onboarding with service providers
  • Lower cost for services as a bundle
  • Lower costs based on discounted member-only rates for additional service

The preparedness from a prepaid cross-functional Cyber Crisis Team that already knows your business and computing environment is unmatched in the market.

We already have an attorney who advises us on compliance matters, do we need a cyber law attorney?

A cyber law attorney focuses on what is at stake legally when you have been attacked.  In-house counsel possesses very limited confidentiality protections whereas a retained cyber law attorney can introduce evidentiary privileges to help avoid evidence being disclosed to adversarial parties through the discovery process. These days, competent investigations into a cyber attack are orchestrated by a cyber law attorney to reduce exposures possibly protected under privilege.

We already have cyber insurance, why do we need the OCC Subscription?

The Cyber Crisis Team works for you, beginning with helping you decide whether the incident requires a claim. Many cyber policies shift claims-handling decisions to the carrier, denying you important discretion. Along with this, after a cyber attack, insurance carriers may reject insurance renewals, increase premiums, and add new exclusions. OCC can work with your insurance carrier to be your approved cyber crisis service provider.

We only need cyber law representation; do we still need to buy the Subscription?

An OCC Subscription provides not only the convenience of having a cyber law attorney, an incident response team, and cyber insurance consulting at the ready, but also the added value not found in a la carte services, including:

  • A law-led subscription providing opportunity for attorney-client privilege from inception throughout an incident response
  • Ready at a moment’s notice to assess legal exposure with 24×7 hotline
  • Ready at a moment’s notice to forensically preserve evidence and immediately begin to uncover important facts with 24×7 hotline
  • Pre-vetted service providers based on OnCall CyberTM relationships and industry experience to assist with prevention, preparation, and response
  • Improved speed and efficiencies during an incident response due to up front analysis of your organization’s unique cyber risks
  • Easy start-up by providing pre-arranged agreements, introductions, and onboarding with service providers
  • Lower cost for services as a bundle
  • Lower costs based on discounted member-only rates for additional service

Contact us for specific questions and specific needs.

What happens if we are compromised?

If you are a Subscriber and experience a cyber attack:

  1. Call the 24/7 OnCall Cyber Hotline
  2. An OCC Cyber First Responder will talk through the situation
  3. Your known and trusted OCC Cyber Crisis Team will be deployed to respond

You can expect various interactions with our team based on the situation:

  • Event Identification and Validation
  • Team Assembly and Deployment
  • Incident Response Strategy
  • Attack Containment
  • Evidence Preservation
  • Investigation
  • Eradication of the Threat
  • Recovery of the Environment
  • Reflection / Technical Debrief
  • Legal Transition to Client’s Legal Counsel
What does the Subscription include?

Levels of subscription include Incident Response Planning and Compliance discussions with the Cyber Crisis Team, an assessment on the top underwriting controls to qualify for cyber insurance, technical security control gap analysis assessment and advice, access to the 24/7 Cyber Crisis Hotline and Response, and Incident Response assistance and deliverables. Higher subscription levels come with increased levels of support.

What are the main differences in the plans?

The higher level plan options receive a higher level of service required for a more complex cyber profile and a more tailored experience that is personalized for your business needs.

How do you get our company qualified for insurance?

Subscribers receive an assessment on the top underwriting controls required to qualify for cyber insurance and one-on-one gap analysis and assistance to help you in your insurance procurement process. OCC cannot guarantee insurance coverage.

What does Onboarding include?

Onboarding includes initial legal consultations with a cyber attorney and other members of the OCC legal team. This will help the legal team assess your cyber profile, provide you detailed information on how the incident response plan will be delivered, and provide an introduction to service providers.

What is an Incident Response Tabletop Exercise?

An Incident Response Tabletop Exercise is a hands-on rehearsal on what would occur during an incident with all involved internal personnel.

What is Boardroom Team Advisory and Training? Do you come onsite?

This is an annual advisory session with the OCC cyber law counsel for officers and directors regarding cyber risks and associated duties. While the session is typically delivered remotely, sessions can be arranged to be delivered onsite.

What is a Cyber Law Consultation?

This provides an opportunity for you to discuss incident response planning and cyber law compliance topics with your OCC Cyber Crisis Team. Also, depending on the subscription level, your Cyber Crisis Team will provide in-depth insight about incident response readiness and will help monitor compliance.

When will my subscription be eligible for cyber-crisis support?

Cyber-crisis support may be available as soon as 30 days after key deliverables are implemented, such as the subscriber’s implementation of an approved OCC incident response product.

We have just been attacked, how soon can you set up our subscription and get started?

You can call OCC for a referral for incident response support. However, subscription eligibility is contingent upon an assessment of satisfactory remediation of the attack by OCC.

If this is a subscription, how often do we get billed?

Subscriptions are pre-billed annually.