Every company will eventually find itself the target of a cyberattack, and yet not every company can afford to keep a team of experts employed to handle the immediate response and aftermath to an attack, especially given the general shortage of skilled cybersecurity workers. Instead of keeping a full team, companies may want to supplement their staff with a cybersecurity incident response retainer, to ensure there’s someone who can step in when needed to help provide external expertise in the event of a significant cyber incident, according to an article in CSO.
Says Will Sweeney, founder and managing partner of Zaviant Consulting, of cybersecurity incident response retainers, “This is a surface-level agreement so that when an incident occurs the company will be prepared to help you deal with the incident and prevent it from spreading or getting worse and turning into a larger problem.”
Says Jess Burn, principal analyst for Forrester Research, to CSO, such a retainer can also often be coordinated via cyber insurance, as “Often this rate is pre-negotiated between an IR provider and the organization’s cyber insurance carrier. Companies with cyber insurance policies typically pick an IR service provider from a panel of providers approved by their carriers.”
As to the content of a retainer, it should typically include considerations like:
- A detailed incident response strategy
- Access to incident response experts
- Training programs to help improve organizational threat detection and prioritization.
- Development of incident response plans and testing
- Support in the event an incident occurs.
Says Brandon Leiker, principal solutions architect for security at 11:11 Systems, “Incident response retainers can be a vital part of your organization’s incident response strategy regardless of whether you’re a small organization without the resources to build out incident response capabilities internally or a large organization that needs to augment its incident response capabilities.”
Source:
