It is now commonplace to state that there are only two kinds of companies: those that have been the target of a cyberattack and those that will be. Another way to think about this statement is that regardless of how good an organization’s cyber defenses may be, cyber breaches—whether caused by an external actor, insider threat, or otherwise—are almost certain to occur. From this perspective, it is imperative not only that organizations have world class defenses, but that they also have equally mature incident response plans to mitigate the effects of any breach.
Recent events underscore the importance of preparation in mitigating a cybersecurity incident. For example, when shipping firm Maersk suffered an attack during the major NotPetya malware events, the company contained the attack within approximately one day and restored normal operations in ten days—drastically limiting the overall cost of the incident to Maersk. On the other hand, other recent incidents, such as the data breach Equifax suffered, have demonstrated the negative outcomes from not having a thorough plan in place.
