The study "Incident Response Management" questioned 200 people from companies with more than 1,000 employees in the UK, France and Germany, which together account for 60% of the Western European cyber security market.
The study was supported by FireEye, HP, Telefonica and Resilient Systems.
Suffering a major breach is a near-certainty. Research from a variety of sources shows that the average firm will suffer one major breach each year. The consequences of a major breach include loss of IP, availability, customer service, revenue and reputation. And the fines for data protection non-compliance are set to soar under the upcoming GDPR and NISD regulations, with mandatory breach reporting due to be introduced from 2017.
Responding to an incident quickly and effectively is a complex process, involving technical, communications & management staff.
And the world is watching as you respond.
We surveyed 200 decision makers in large companies in the UK, France and Germany, to understand their motivations and drivers with regard to Incident Response.
This study deals with the following questions:
To what extent are firms being breached, and what is their broad approach to responding to such incidents?
Do companies understand the importance of IR? Do they have a defined and tested IR plan?
Are they adjusting their cyber security spend, or allocating new budget, in order to fund an IR programme?
Do they test their IR regularly and update processes accordingly? Do they follow best practices?
Do they use an IR management tool? Do they outsource IR capability? Are they aware of the impending NIS and GDPR regulatory changes?
Is their technical IR plan integrated with business and communications contingency planning?