Responding to cyber incidents: An observation

A secure, vigilant and resilient cyber risk program is key to providing effective threat management within an organisation.

Therefore, when an incident occurs, it is imperative the response is fast, thorough and decisive. However, few organisations comprehend their readiness when it comes to responding to a cyber security incident. Even a company with a well-protected network will eventually encounter an incident challenging their response tools and procedures.


Even though many companies have incident response plans, research into Cyber Incident Response (IR) reveals that a fast, thorough and decisive response to an actual security incident is uncommon. A recent study by the SANS Institute claims more than one-quarter of IR professionals are dissatisfied with their current organisation’s IR capabilities, and only 9% categorise their processes as very effective.

3 key challenges organisations face when implementing a comprehensive incident response plan are:

  • a lack of time to review and practice incident response procedures
  • poor investment in the required people, tools and technology related to incident response
  • lack of reliable accessible audit logs that go back prior to the incident, exacerbated by the rise of cloud computing creating an increasing lack of control over IT infrastructure and sensitive information by forcing organisations to outsource to vendors.

One of the greatest issues in providing effective cyber incident response is a lack of trained incident response staff. Organisations often rely on internal IT staff who do not have the specific incident response knowledge required to handle such incidents. External expertise is frequently a last resort and can result in the deletion or contamination of evidence, and therefore an increase in the recovery time.

Targeted attacks can be more challenging to respond to as they require experienced security analysts, security data analytics and a comprehensive view of the company’s IT assets. Many organisations tend to focus only on the technical dimensions of incident response, ignoring the legal, reputational and regulatory consequences of an incident.

The question is not ‘if’ you will be attacked, but ‘when’. Cyber threats are constantly evolving, increasing in volume, intensity and complexity. Organisations must not only ensure they are sufficiently prepared to prevent an incident, but that they are equally ready to respond when an incident occurs. Thorough preparation and a fast, decisive response will not only provide organisations with a resilient cyber security program, but it will also increase consumer  trust – and trust is key to allowing an organisation to succeed with digital disruption.

If you have experienced any of these issues contact Deloitte Cyber Intelligence Centre.


Want to stay up-to-date?

Stay on trend and in the know when you sign up for our latest content