1. Is there 24/7 global support and guaranteed SLA?
During a breach, seconds count. The faster you can track down threat actors and stop them, the less damage will result. An IR Retainer partner should provide 24/7 global support with a guaranteed SLA in one hour or less, along with periodic check-ins during downtime to stay up to date on your organisation’s security posture.
2. What about insights ahead of the threat?
The best way to manage cyber security threats is to prepare for them. An effective IR Retainer should include best practice advice and recommendations on improving your risk posture based on the unique needs of your organisation and the threats you face.
3. Does it include threat detection and mitigation?
When an incident occurs, you need a partner that can conduct urgent triage and advise on immediate action to neutralise the threat. An IR Retainer partner should be able to provide remote assistance and/or on-site support with specialised tools and technology to identify and contain a breach.
4. What’s the return on investment?
An IR Retainer partner can be a force multiplier that allows you to tap into critical expertise in the event of an incident. But it should also provide ongoing value by offering insights, intelligence, and tested experience on how to better protect your organisation all year long. Look for a partner with the flexibility to apply unused days or hours to other cyber security solutions to bolster your resilience.
5. Are advanced digital forensics included?
The ability to analyse evidence and adapt your defences is a key component of incident response. An IR Retainer agreement should include a thorough investigation and threat analysis to understand how and why a compromise happened—and most importantly, how to prevent it in the future.
6. What about post-event consulting services?
Beyond the technical aspects of managing an incident, there are also downstream matters to address, such as regulatory issues, if/when/how to make a public statement and other media and public relations concerns. After all, damage to your reputation will be a serious concern if news of a breach is not handled well.
IR Retainers could offer the scalability, experience, and near-instant coverage you need to go to work quickly and put time on your side when it matters most. But choosing the right partner can make a critical difference in reducing a cyber security incident's time, cost, and reputation damage.
Learn more about strategies to enhance your organisation’s readiness and resilience—download NCC Group’s guide to Incident Response Retainers or get in touch with NCC Group.
For more insights on the latest cyber-security threats to businesses, see our Cyber Security hub.
Please note that the views and information have not been endorsed, issued or approved by RBS. Any views expressed in this content are not necessarily those of RBS.