This page contains information about the Cybersecurity Readiness and Response Program Fee, which is customarily charged to our MS365 clients.
IMPORTANT: If you're enrolled in a Liquid Mercury Solutions' Service Plan and you have MS licenses for advanced security, your Cyber Fee may be waived or discounted to just $5 / month. See below for details.
Starting in 2019, this fee is charged to all customers who purchase Microsoft 365. This fee is mandatory, where applicable, and covers our exposure for supporting you in the event that your organization or any user within should potentially be compromised and require immediate action from our staff to prevent potential or actual cybe-rattack.
Starting in 2021, in cases where the client demonstrates they have taken significant steps to reduce security vulnerability, the fee is substantially reduced or waived.
Whenever we get that e-mail or call, we've always been there to help - even when providing assistance may come with great disruption or cost. Moreover, starting 2019, our agreement with Microsoft requires us to respond to cybersecurity incidents on behalf of our clients as part of the MCA. Microsoft does not pay our staff to perform these services nor does the MCA tell us how we should seek compensation for such services.
The Cyber Fee provides us with a mechanism by which we're able to provide vital [emergency] cybersecurity services to our clients that go well above the baseline most companies provide.
To keep things affordable, Cyber Fee is still charged on a sliding scale, based on total number of users. Starting 2021, the formula has changed as follows:
$5 + (10*$2) + (15*$1) + (75*$0.50) + (205*$0.20) = $118.50 / month
If you want to avoid the Cyber Fee, we have provided a mechanism to have it substantially reduced or waived. Consult the guidance elsewhere in this FAQ.
Eligibility requirements:
The following table illustrates plans than provide the required protection. (Please note that these may have changed somewhat as of Dec 2020. We will update as information becomes available.):
In fact, nothing can do that. However, the Cyber Fee will greatly reduce the likelihood of a successful attack on your business, but hackers and thieves are working constantly to adjust their tactics.
To protect your company from financial loss or information breach, we recommend that you speak with your preferred insurance agent about "cybersecurity insurance". In addition to direct compensation for losses, such plans may also provide funding for after-action technical services that may be needed to recover or limit further damage.
IMPORTANT: If you're enrolled in a Liquid Mercury Solutions' Service Plan and you have MS licenses for advanced security, your Cyber Fee may be waived or discounted to just $5 / month. See below for details.
What is the Cybersecurity Readiness and Response Program Fee?
This is a required fee. In some communications, such as invoices, it may be referred to simply as "Cyber Fee" or "CYBER".Starting in 2019, this fee is charged to all customers who purchase Microsoft 365. This fee is mandatory, where applicable, and covers our exposure for supporting you in the event that your organization or any user within should potentially be compromised and require immediate action from our staff to prevent potential or actual cybe-rattack.
Starting in 2021, in cases where the client demonstrates they have taken significant steps to reduce security vulnerability, the fee is substantially reduced or waived.
Why are we being charged the Cyber Fee?
Over the years, we've seen many customers attacked by hackers. Sometimes these attacks are even successful.Whenever we get that e-mail or call, we've always been there to help - even when providing assistance may come with great disruption or cost. Moreover, starting 2019, our agreement with Microsoft requires us to respond to cybersecurity incidents on behalf of our clients as part of the MCA. Microsoft does not pay our staff to perform these services nor does the MCA tell us how we should seek compensation for such services.
The Cyber Fee provides us with a mechanism by which we're able to provide vital [emergency] cybersecurity services to our clients that go well above the baseline most companies provide.
How much is the Cyber Fee?
In 2019 and 2020, the fee was $14/month per company unless your purchases total $50 monthly or less. Below that amount, there was a sliding scale from $5 to $10 per month depending on your total purchase amount. This was determined to be far too little funding to protect our clients, especially given the heightened attacked during COVID in 2020.To keep things affordable, Cyber Fee is still charged on a sliding scale, based on total number of users. Starting 2021, the formula has changed as follows:
- $5/month/company
- + First 10 users @ $2/ea/month
- + 11-25 users @ $1/ea/month
- + 25-100 users @ $0.50/ea/month
- + Above 100 users @ $0.20/ea/month
$5 + (10*$2) + (15*$1) + (75*$0.50) + (205*$0.20) = $118.50 / month
How is the Cyber Fee used?
Services funded in whole or in part by the Cyber Fee include (but are not limited to):- Providing security enhancing services, such as enterprise grade password management tools; in certain cases we may also provide pro-bono security tools to help enhance your security posture
- Monitoring system generated e-mail alerts to determine what's a false alarm and what may be a real threat to your business
- Ensuring that Microsoft services are configured to adequately protect your organization from phishing attacks, malware, and fraud - both before and after an attack
- Quarterly security awareness bulletin plus advisories to specific incidents such as the SolarWinds attack in December 2020.
- Maintaining a preferred network of cybersecurity experts
- Keeping our staff on-call, ready to respond to potential emergencies
- Courtesy evaluation of any FW email that you suspect may be phishing, hacking, fraud, or scam
- We perform the following on all tenants who pay into Cyber Fee, free of additional charge:
- Configuring DKIM
- Enabling Auditing policies on *all the things*
- For licensed tenants, Configuring Defender ATP for Office 365
- For licensed tenants, enabling retention policies on key staff
- Periodic advice or training sessions on best practices to prevent attackers from stealing money from your business
- Referrals to pre-evaluated after-action security services such as hunting and forensic experts
Is the Cyber Fee required?
Yes. We believe strongly in protecting our customers. Therefore, if you're purchasing Microsoft licenses or services through us, the Cyber Fee is required. Customers are free to source their licenses through another provider if they wish.If you want to avoid the Cyber Fee, we have provided a mechanism to have it substantially reduced or waived. Consult the guidance elsewhere in this FAQ.
How Do We Get the Cyber Fee Reduced or Waived?
If you're enrolled in a Liquid Mercury Solutions' Service Plan and you have MS licenses for advanced security, your Cyber Fee may be waived or discounted to just $5 / month. (Please note: It is your responsibility to initiate this process and provide evidence that you meet the requirements.)Eligibility requirements:
- Enroll in a qualifying Liquid Mercury Solutions Service Plan, such as Admin 365 On Demand or Event Horizon Co-managed Cloud.
- All users in your tenant must have MFA enabled (with certain exceptions granted for service and break-glass accounts); note that (under Azure AD Premium Plan 2, cited below) this does not necessarily mean they will be required to provide MFA on every login.
- Purchase MS365 plans for security* (or otherwise demonstrate that you've deployed an equivalent security solution from another vendor) that include the following:
- Azure AD Identity Protection (Azure AD Premium Plan 2)
- MS Defender ATP for Office 365 (a.k.a. Threat Intelligence)
- MS Defender ATP for Endpoints (anti-virus/malware)
- Comply with Microsoft's end-user licensing requirements, by purchasing plans that include Defender ATP for Office 365 Plan 1 and Azure AD Premium Plan 1 for end-users as needed.
The following table illustrates plans than provide the required protection. (Please note that these may have changed somewhat as of Dec 2020. We will update as information becomes available.):
Required Feature | Qualifying Plans |
IT/Admins | |
Azure AD Identity Protection | MS365 E5, EMS E5, or Azure AD Premium Plan 2 |
MS Defender ATP for Office 365 Plan 2 | MS365 E5, Office 365 E5, and MS DATP for Office 365 Plan 2 |
MS Defender ATP for Endpoints | MS365 E5, Windows 10 Enterprise E5, and other qualifying plans per MS changes Dec 1, 2020 such as EMS E5 or MS DATP for Endpoint |
End-Users | |
MS Defender ATP Plan 1 | MS365 BP/E3/E5, Office/MS 365 E5, EMS E3/E5, or DATP for Office 365 Plan 1/2 |
Azure AD Baseline Identity Protection | MS365 BP/E3/E5, EMS E3/E5, or Azure AD Premium Plan 1/2 |
Will the Cyber Fee guarantee that my data or money remain safe?
It is important to understand that Cyber Fee is not an insurance policy, nor is it a guarantee that your business will not be successfully attacked.In fact, nothing can do that. However, the Cyber Fee will greatly reduce the likelihood of a successful attack on your business, but hackers and thieves are working constantly to adjust their tactics.
To protect your company from financial loss or information breach, we recommend that you speak with your preferred insurance agent about "cybersecurity insurance". In addition to direct compensation for losses, such plans may also provide funding for after-action technical services that may be needed to recover or limit further damage.