KuppingerCole Report
Leadership Brief
By Mike Small

Responding to Cyber Incidents

The overwhelming majority of organizations now depend upon online services to support their business and this exposes them to cyber security risks. While most have security protection technologies in place few have a plan for how they would respond to a cyber incident. Today, the question is not if your organization will suffer a cyber incident but when - and this makes it essential to have a plan.

1 Executive Summary

According to a UK Government survey - “Over four in ten businesses (43%) and two in ten charities (19%) experienced a cyber security breach or attack in the last 12 months.” - however, “While 90% of businesses had preventative security technologies like firewalls, anti-malware and security patching tools in place, only 27% had a formal cyber incident response plan.”

Cyber criminals work together to attack organizations using ransomware, social engineering other sophisticated cyber tools to steal intellectual property and personal data, to blackmail organizations as well as to fraudulently obtain money and payments.

While it is important to spend on prevention, it is also vital to prepare for an incident. When a cyber incident or data breach occurs, you need a plan for what to do.

Not having an incident response plan can lead to:

  • Increasing the risk to your customers and business by failing to promptly identify what has happened at what data is affected. Your customers inundating your help desk with calls.
  • Financial penalties for failing to properly manage the incident. Loss of revenue, customers as well as reputational damage. The cost of the data breach that affected the UK telecommunications company TalkTalk in 2015 cost £77M.
  • Confusion and poor communication with your staff not knowing what to do. Extra costs for outside help to collect forensic evidence, eliminating malware and recovering your systems.
  • Your CEO being confronted by TV News when arriving at the organization’s headquarter.

You should act now to test your organization’s cyber incident response plan if you have one or to create one if you haven’t.

2 Analysis

Organizations need a plan for managing incidents and this must be prepared and tested in advance of an incident occurring. Not all incidents are th ...

Login Get full Access

3 Recommendations

Organizations must have a prepared and tested plan for how they will respond to cyber incidents and data breaches. Without this there is an increased ...

The plan should be integrated - with organizational major incident and business continuity plans and should cover:

  • Team – who is involved in res ...
Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.