Why Establish Response and Recovery Solutions?

The dramatic rise in ID theft and data breach events throughout the United States has motivated Access to implement a new and comprehensive Governance, Risk management and Compliance (GRC) solution to help protect our clients: Access Notifi.

We know that today’s businesses – especially those within the small to medium business (SMB) marketplace – need response and recovery solutions that fully support their data breach risk management objectives. And, to ensure we met those needs, we considered the following risk factors and recent reports when establishing our newest breach response solution offerings.

Data Breach Risk Factors:

  • Hackers, ID theft criminals and organized crime continue to breach confidential data every day.
  • According to a 2015 Trend Micro research report, titled “Dissecting Data Breaches and Debunking Myths,” ONLY 25% of all data breaches were related to IT and hacking.
  • The above report found that 75% of data breach events were related to people, including current/former employees, customers, contractors and vendors, as well as organized crime and social engineering.
  • Most CEOs and CIOs do not get fired because their companies are hacked or experience a data breach event, they (e.g. Target’s CEO and CIO) are fired because of their company’s failed management response to a data breach event/hack.
  • The threat landscape changes so quickly security policies and procedures are not keeping up.
  • Companies need to increase employee and customer education on information security.

Recent News and Forecast Reports:

  • Data Breach Forecast:
    • The EMV Chip and PIN liability shift will not stop payment breaches.
    • Big healthcare hacks will make the headlines, but small breaches will cause the most damage.
    • Cyber conflicts between countries will leave consumers and businesses as collateral damage.
    • 2016 U.S. Presidential candidates and campaigns will be attractive hacking targets.
    • Hacktivism will make a comeback.
  • Data Breach News:
    • Since January 2005, there have been over 5,000 data breaches affecting nearly 1 billion records.
    • Only 25 percent of data breaches were impacted by hackers and IT-related events.
    • The Majority – 75 percent – of data breaches were impacted by social engineering (the human element).
    • Forty-one percent of data breaches were related to lost devices.
  • Medical News:
    • The healthcare industry needs to take a hard look at its information security and governance best practices.
    • The Identity Theft Resource Center reported 42 percent of data breaches were related to healthcare last year.
    • The Ponemon Institute found that data breaches in healthcare are costing $5.6 billion annually.
  • Financial Industry News:
    • Financial institutions are seeing a surge in attacks that could put them at risk for a security breach.
    • The U.S. financial sector is one of the most targeted in the world, resulting in hefty costs and liabilities for organizations and customers exposed to identity theft and fraud.
    • Forty-five percent of financial institutions have suffered from economic crime in the past year, compared to 34 percent across all other industries.
    • The top threats to the financial sector are asset misappropriation (67 percent), followed by cybercrime (39 percent).
  • Small to Medium Businesses (SMB) News:
    • Forty-two percent of small businesses report they have been the victim of a cyber-attack.
    • Forty-two percent say it took them more than three days to resolve the issue, up from 36 percent last year.
    • Cyber-attacks cost small businesses an average of $7,115.26.
    • For those firms whose business banking accounts were hacked, the average losses were $32,020.56, up from $19,948 one year ago.
  • Information Security Research Reports and Surveys:

Based on the above statistics and reports, it is impossible for a company to not only prevent a data breach event, but to prevent any individual from becoming a victim of identity theft. However, although it is clear that response and recovery solutions should be emphasized in event preparation plans, these reports also indicate a disconnect between the total dollars being spent to prevent data breach events ($76.9 billion) and the total dollar amount being spent after a cyber-attack ($315 billion).

So, what is the answer? Companies need to establish response and recovery solutions to help them mitigate and reduce the costs of a data breach. And that’s why Access has implemented the Notifi response and recovery services.

About Notifi Data Breach and ID Theft Services

Vero was first to market in creating and implementing Notifi, a unique identity theft and breach response risk management solution that includes the following components:

  • Data Breach Response Planning and Notification Services
    • Services for up to two data breach events per 12-month period.
    • Initial assessment to determine compliance and notification requirements based on the event circumstances.
    • Recommended response plan including timeline and notice content.
    • Fully managed identity fraud research, remediation and recovery services for up to 50,000 affected consumers per data breach event.
    • Optional mailing and address management services available at preferred pricing.
    • Optional call center services available at preferred pricing.
  • Optional live and on-site services for consulting, training, managed network services and post-event consultation, investigation and forensic analysis at preferred pricing.

About Vero

Vero is a CU Direct Company that supports the identity theft and data breach risk management objectives of the SMB marketplace. Vero has partnered with Merchants Information Solutions to help bring value added solutions while helping businesses manage risk.

About Merchants Information Solutions

Since 1912, Phoenix-based Merchants Information Solutions, Inc. (MIS) has been providing essential credit and risk management solutions – including a 70-year legacy as one of the larger, regional credit bureaus in the United States. MIS is one of the leading Identity Theft and Data Breach risk management companies in the U.S. and is the solution provider supporting the Access Notifi solution.

MIS minimizes the costs associated with a business data breach event and the potential for identity theft by providing the most highly trained and qualified recovery advocates in the industry.

MIS Recovery Advocates are professionally trained and certified in a number of areas including:

  • FCRA (Fair Credit Reporting Act) and FACT Act (Fair and Accurate Credit Transaction Act)
  • HIPAA (Health Insurance Portability and Accountability Act)
  • CITRM (Certified Identity Theft Risk Management Specialist)
  • On-staff CFE (Certified Fraud Examiner)
  • On-staff CFCI (Certified Financial Crimes Investigator)
  • New RA Certification: Certified Identity Protection Advisor (CIPA)
  • Base training includes crisis response skills, certified by NXG Strategies
  • More than 19 years’ average experience

Since 1990, Merchants has successfully managed and resolved over 750,000 credit resolution cases and more than 35,000 fraud remediation cases…more than all current recovery industry competitors combined.