The cyber concierge, not the cyber tool

The cyber market in 2026 has roughly two product shapes. There is the point tool, which scans something, finds something, and tells you what to do. And there is the platform, which scans many things, finds many things, and tells you what to do at scale. Both shapes are useful. Neither is a concierge.

A concierge is a person you call. They know your situation. They pick up the phone. They handle it.

That is the product we built.

Where the concierge pattern came from

The frame is borrowed from private banking and family-office work. A family-office client of one of our founders called the office one Saturday morning. A laptop had been compromised the night before. The family had run two endpoint products, one MDR, and one identity provider with conditional access. Each gave a different signal. The client's question was not "what does my tool say." It was "who is on my side and what do I do."

The answer most cyber vendors give is "open a ticket." The answer we gave was a person on the phone within a minute. The compromise turned out to be a credential theft that the MDR had flagged correctly. The MDR was right. Reading the MDR alert and acting on it on a Saturday morning was the gap.

That gap is the entire business.

The MDR was right. Reading it on a Saturday morning was the gap.

The 47-second number

We measure first-pickup time for every call, every chat, every form submission that comes through the concierge channel. The median in April 2026 was 47 seconds, measured from inbound signal to a Syba engineer in conversation with the client. The 90th percentile was 2 minutes 11 seconds. The worst single response in the month was 6 minutes 19 seconds, on a Sunday at 4 a.m. local.

Those numbers are not industry benchmarks. They are above industry benchmarks. The reason they are achievable is staffing model, not technology. We staff for the worst hour of the worst day, not the average hour of the average day. That means the engineer-to-client ratio is generous on a Tuesday at 2 p.m., and exactly right on a Saturday at 6 a.m.

A US-based engineer is on every call. Not a chatbot, not an offshore SOC, not a routing tree. The engineer who answers is the engineer who handled three similar incidents in the last month and knows what to ask in the first question.

Why the platform pattern fails the concierge test

We have looked closely at the platform vendors. The product is genuinely good. The reason the concierge pattern still wins is the cognitive model. A platform is a thing the client has to use. A concierge is a person the client gets to call.

The buying decision for a platform is a procurement decision: who has the best dashboard, the lowest false-positive rate, the cleanest integration. The buying decision for a concierge is a trust decision: who picks up. Procurement decisions are won on feature parity. Trust decisions are won on the first incident.

We have lost procurement decisions. We have not yet lost a trust decision after the first incident.

What concierge actually means in practice

Three observable things, none of which are software features.

First. The client has a named engineer. The name is on the contract. The engineer is the same person every time, until the client requests otherwise. The engineer has read the client's environment briefing and reviews it quarterly.

Second. The phone number is published. There is one number per client account. It is answered by a Syba engineer 24 hours a day, every day, including holidays, including the week between Christmas and New Year, which is when half of the cyber incidents we handled in 2025 actually happened.

Third. The engineer has the authority to act. Within scopes agreed at policy inception, the Syba engineer can quarantine a device, rotate a credential, file a regulatory notification draft, or open a coverage ticket against the client's binding policy, without paging a manager. The decision is made by the person on the call. That is the only way a 47-second pickup means anything.

What this does not mean

We are not a managed security service provider. We do not run client SOCs. We do not replace endpoint, identity, or MDR. We sit on top of the tools the client already runs, read their signals, and act when something matters. Where the client does not have a tool, we recommend one. Where the client has one that does not fit, we say so.

We are also not a generalist help desk. The concierge handles cyber, regulatory, board-level, and AI-agent issues. It does not handle the printer.

What the client signs up for

A client who buys a Syba product subscribes to two things. The first is the coverage form: AgentShield Pro, Director Shield, Jencap-Bind, depending on segment. The second is the concierge. The two are sold together because the concierge is what turns the coverage from a paper into a service.

A policy without a person to call is documentation. A person to call without a policy to back them is a phone bill. The combination is the product.

If you have read this far, you understand the bet. We are betting the market wants a person on the phone more than it wants another dashboard. Twelve months in, the conversion rate says we are right.