Incident Response Management - ElevenPaths › wp-content › uploads › 2015 › 06 › MC… · Incident Response Management 2015 5 Suffering a major breach is a near-certainty

© PAC 2015

Incident Response Management How European Enterprises are Planning to Prepare for a Cyber Security Breach

Gold Sponsor of the study:

© PAC

About Telefonica Telefonica is one of the largest telecommunications companies in the world in terms of market capitalisation and number of customers. From its consolidated position in the sector, and with fixed telephony and mobile broadband as key areas that support future growth, the company focuses its strategy on securing its leadership in the digital world. Present in 21 countries and with a customer base of more than 341 million customers, Telefonica has a strong presence in Europe and Latin America, important industrial alliances and a leading global scale which positions the company to capture growth opportunities. Telefonica is a fully publicly traded company with more than 1.5 million direct stakeholders and its ordinary shares are traded in various stock markets, including London and New York among others. Telefonica is committed to delivering more secure and market leading innovation across its security value proposition through its division Telefonica Business Solutions, a leading provider within the Telefonica Group of a wide range of integrated communication and digital solutions for the B2B market. The security value proposition in Telefonica Business Solutions is underpinned by its Security product division including ElevenPaths, Telefonica’s fully-owned subsidiary, which brings radical and disruptive innovation in security services and Alliances which include world leading security partners and organizations. At ElevenPaths, the vision is to develop innovative security products that redefine how Telefonica addresses emerging threats, as well as guaranteeing security and privacy for all without interfering with their day-to-day lives. Telefonica’s customers depend on technology, communications and the Internet which makes them vulnerable to exposure to security threats. The breakneck pace of change has to be matched by the speed of innovation, creating agile structures that enable us to stay ahead of attackers.

Telefonica – company profile

MC template 2 2015

© PAC

About Telefonica (continued) The Security division within Business Solutions is designed to enable Telefonica to exceed customer expectations while adapting to their specific characteristics and needs though a ground-breaking value proposition. Telefonica’s extensive experience in security and communication networks, expert workforce and the development of intelligence-driven managed security services of cutting-edge technology, as well as the capillarity of focused local security units across the world, makes Telefonica a market leading partner. In the cyber-security, Telefonica is dedicated to protecting the property and businesses of its customers (Government, Enterprises, Multinationals and Small and Medium Business) through unobtrusive services, providing a portfolio of solutions that help prevent attacks, detect any breaches or incidents, and ensure we support our customers address the ongoing challenge of security. For more information: https://www.elevenpaths.com http://www.telefonica.com Follow us in: Blog: Blog.elevenpaths.com (http://blog.elevenpaths.com) Twitter: @ElevenPaths (https://twitter.com/ElevenPaths) LinkedIn/elevenpaths (https://www.linkedin.com/company/eleven-paths?trk=top_nav_home) YouTube/elevenpaths (https://www.youtube.com/channel/UCX_PjrbhDhw_IsaNmiZkfGQ)

Telefonica – company profile

MC template 3 2015

© PAC

Agenda

Incident Response Management 4 2015

Introduction and Key Findings

A snapshot of Incident Response

Preparing for a cyber breach

Resourcing for Incident Response

Conclusions

© PAC

Introduction


Suffering a major breach is a near-certainty. Research from a variety of sources shows that the average firm will suffer one major breach each year. The consequences of a major breach include loss of IP, availability, customer service, revenue and reputation. And the fines for data protection non-compliance are set to soar under the upcoming GDPR and NISD regulations, with mandatory breach reporting due to be introduced from 2017.

Responding to an incident quickly and effectively is a complex process, involving technical, communications & management staff.

And the world is watching as you respond.

Our hypothesis for this study was that enterprises are struggling to cope with Incident Response. We wanted to investigate the extent to which firms are experiencing cyber breaches, and if so how organisations are prepared for this eventuality. Are cyber breaches inevitable?

We were also interested in how firms cope with the skills shortage, and if they use technology and/or outsourced services to deliver Incident Response. Do firms seek to offset cyber breach risk, through a combination of IR planning and Cyber Risk insurance?

We surveyed 200 decision makers in large companies in the UK, France and Germany, to understand their motivations and drivers with regard to Incident Response.

This study deals with the following questions:

●  To what extent are firms being breached, and what is their broad approach to responding to such incidents?

●  Do companies understand the importance of IR? Do they have a defined and tested IR plan?

●  Are they adjusting their cyber security spend, or allocating new budget, in order to fund an IR programme?

●  Do they test their IR regularly and update processes accordingly? Do they follow best practices?

●  Do they use an IR management tool? Do they outsource IR capability? Are they aware of the impending NIS and GDPR regulatory changes?

●  Is their technical IR plan integrated with business and communications contingency planning?

© PAC

Key Findings


Most organisations suffered a breach last year

67% of organisations surveyed reported that they had suffered a cyber breach in the last 12 months. In addition, all (100%) firms surveyed said that they had experienced a cyber breach at some point in the past. From this we can assert that all organisations will experience a cyber breach at some point, with a high likelihood that this will occur within any 12 month period. This shows that a breach is - to all intents and purposes - inevitable.

Traditionally, cyber security has focused on Prevent & Protect approaches such as firewalls, endpoint protection and DDoS attacks. With the inevitability of a breach, it makes sense to migrate spend towards detecting a breach quickly, and to minimise the impact of that breach through remediation as soon as possible.

86% of firms claim a high state of readiness for cyber breaches. This is good news, but only as far as it goes. This study reports that 39% of respondents do not have a cyber readiness plan, bringing into question their true state of readiness. Furthermore, only 30% of firms that do have a plan test it monthly. Most test it quarterly, but given the dynamic and complex nature of the cyber threat landscape we think companies should test their incident response plans more often.

Most organisations outsource Incident Response

With most cyber security activities, CISOs prefer to keep operations in house, as they fear a loss of visibility and control. But with incident response, there seems to be a preference towards outsourcing capability. This allows organisations to source expertise in a timely fashion without incurring too much cost.

Technology support for Incident Response is emerging

We asked our respondents whether they use technology to support incident response. Two-thirds of organisations do use some technology in this way, but most that do use in-house developed solutions or a patchy variety of existing technologies. A new category of software is beginning to emerge that is specifically designed to support incident response operations.

Security spend is shifting towards Incident Response

Are firms really ready for cyber breaches?

© PAC

About the Study


200 survey respondents in Western Europe

65% CIO/VP IT respondents

35% CISO respondents

UK Survey conducted between Apr-May 2015

All respondents had over 1,000 employees FR DE

33% 35% 33%

F M A M J

Others 8%

Services 12%

Healthcare 4% Retail 9%

Manufacturing 14% Education 15%

Public Sector 24% Financial Services 17%

© PAC

Agenda






Conclusions

© PAC

The cyber landscape: Bad and getting worse


28%

“We see things more or less the same as last

year.”

There are some interesting differences between countries in the view of the cyber landscape. More respondents in the UK (71%) think it is getting worse, whereas 63% in Germany and only 55% in France concur. A mere 1% of firms in the UK reported an improving situation, but 8% of German respondents and a notably high 17% of French firms report an improving cyber landscape. This variance has implications for software and services providers in their approach to the three countries we surveyed in this study.

64%

“The threat landscape is getting worse – there are more threats.”

“The threat landscape is getting

better”

9% Most organisations (64%) report that the threat landscape is getting worse. This is consistent with other reports both in the media and by cyber security vendors, including our sponsors. There is an argument that suggests that this increase is due, at least in part, to better monitoring and detection. But the sheer volume of attacks confirms that the increase is real and continues to grow.

The 28% of organisations that see things more or less the same as last year should not be discounted. While they see no notable increase in the threat landscape, neither do they see it diminishing. So at best the situation is static. This is important, as we shall see, because the threat level is already high with a strong likelihood of a breach occurring.

© PAC Incident Response Management 10 2015

Q. How do you measure the cyber landscape?

Having asked the respondents whether they see the threat landscape increasing or decreasing, it is interesting to understand exactly how they measure the threat levels. Most organisations use the absolute number of threats to measure the threat landscape, but in addition they also use other measures.

The second most common measure is the type of attackers. This refers to a broad segmentation of attackers: nation states, cyber criminals and hacktivists. The reason that organisations are interested in these types is that cyber criminals tend to be more opportunistic, whereas nation states are usually the source of advanced persistent threats (APT). These are targeted attacks, meaning that the threat is likely to be sophisticated and sustained over a long period of time. Understanding these differences in motivations then dictates defensive strategies and detection approaches.

A majority of organisations also consider the potential impact on their business as a measure of the threat landscape. This is an indicator that a more risk-based approach to cyber security is on the increase.

55%

49% 49%

59% 66%

74%

Number of threats by

type

Number of attackers

Type of attackers

Severity of attacks

Potential impact on your organisation

Number of threats

Measuring the threat

© PAC

Anatomy of a Cyber Breach Incident


67% of firms have had a cyber breach in the last year, and 100% report a breach at some time in the past

€75k

Firms require between one and six man months to recover from a breach

V.High High Med

23%

Low

Breach severity

We were alerted by the media

We found it ourselves

We were alerted by a third party

37%

1%

21%

69% of breaches are discovered between one and six months after attack

J F M A M J

Average cost of most severe breach in last year

We used a 3rd part monitoring service

43%

9%

35% 34%


Q. What is the split today of spend between planning, preparing and prevention versus detection, response and recovery? And how do you see this changing over the next two years?

Most organisations have built their cyber security approach around protecting the perimeter and preventing attacks. However, as we have seen, cyber breaches still occur. This means that organisations have used up most of the budget that has, ultimately, failed to do wha t i t was spen t t o do . Mos t organisations take between one and six months to discover an attack, meaning that the perpetrator has been inside to the organisation long enough to cause damage or to extract information.

The shift in spend towards a Detect & Respond approach is therefore a reaction to the inevitability of a cyber breach. We see this as a re-balancing of cyber security spend to a more appropriate split of operational attention. While the focus on Prevent & Protect needs to be maintained, looking for breaches and quickly remediating them has increased in priority.

Pre

vent

& P

rote

ct

Detect &

Respond

77% 61%

75% 60%

Average spend in 2 years

Average spend today

Median spend today

Median spend in 2 years

23% 39%

25% 40%

Average spend in 2 years

Average spend today

Median spend today

Median spend in 2 years

A fundamental shift in security spending


Q. Where do you consider you organisation’s key strengths in its response capabilities?

Q. And where do you see its key challenges?

Respondents indicate that technology is regarded as the key area of capability. This reflects the traditional approaches to cyber security, being technology-based as opposed to skills-based.

Interestingly, despite much talk in the media about the cyber security skills shortage, most organisations believe that their in-house capacity and skills are a strength.

Not surprisingly, organisations see their key challenges in areas where they have least strength. So the emergence of threat intelligence is creating a challenge for them. We think this is partly to do with the confusion surrounding the sourcing of threat intelligence and its effectiveness, and partly to do with firms’ ability to contextualise and make sense of the in te l l igence re la t ing to the i r own organisations.

Availability of skills remains a challenge for many organisations, as does in-house capacity. Both of these relate to generic cyber security skills but, as we shall see, the skills required for incident response are so specific that they prompt an uncommon way of resolving this resource issue.

38% 35% 29% 21%

Technology

68% 59% 53%

In-house capacity

46% Threat

Intelligence

Technology Cyber security

skills

In-house capacity Threat

Intelligence

Cyber security skills

A balance of strengths and challenges


Very concerned

Q. How aware are you of the incoming EU cyber security and data protection legislation?

Q. How concerned are you at the prospect of Mandatory Breach Notification?

37%

40% 16%

Somewhat concerned

Not at all concerned

Uncertain as to the impact on my organisation 8%

The General Data Protection Regulation (GDPR) and the Network And Information Security Directive (NISD) have had much media attention over the last 12 months. So it is no surprise that all of our respondents said that they were at least somewhat aware of both of these initiatives, and the majority were very aware. This is extremely encouraging, as the impact of these changes in EU legislation, both individually and collectively, is extensive. One of the key concepts embedded

in both GDPR and NISD is Mandatory Breach Notification, which compel firms to inform regulators on the instance of a breach. Seventy-seven per cent of firms surveyed are concerned at this prospect, largely because of the implications for preparing their approach to incident response. The next section in this report examines in more detail how organisations prepare for a breach.

NIS Directive

GDPR

53% 47% 0%

52% 48% 0%

Yes, very

aware

Some-what

aware

Not at all aware

✔

??

!!!

Regulatory awareness and impact

© PAC

Agenda






Conclusions

© PAC

How prepared are you for a cyber breach?

It's a case of good news followed by bad news, when it comes to preparedness for a cyber breach. An extremely healthy 86% of organisations say that they are very or somewhat ready for a cyber breach. However, readiness clearly means different things to different firms: 39% do not have a cyber readiness plan. How an organisation can claim readiness without having a plan to describe what readiness means or how to test it is a clear indication of the variability of maturity across organisations when it comes to incident response.

Frequency of testing a plan is also highly variable. Only 30% of firms that have a plan test it monthly or more frequently. Most (65%) test their plan quarterly, which is


common but increasingly insufficient given the rate of change in the threat landscape. 5% of firms test their incident response preparedness annually.

Overall, we are concerned at the state of readiness of firms for a cyber breach. While most companies believe that they are ready for a breach this confidence does not match the reality of the situation. Firms are at best unaware of best practice when it comes to incident response, and at worst are in denial of the precariousness of their situation.

39% 86% 30%

Of firms don’t have a cyber readiness plan

Of those firms with a plan test it monthly or

more frequently

Of firms claim they are very or somewhat ready

for a cyber breach

✔ ✗

© PAC

We thought that firms’ top priority would be resolving technical issues, but this is not the case. Although 48% of organisations do regard to technical issues as a priority, it is only fourth on the list of concerns.

At the top are customer concerns, in response (we think) to media attention given to high profile breaches such as Target and Sony. Protecting a firm's reputation and brand image with its customers is of primary importance, as it directly affects sales as


Management Pressures

52%

Customer Concerns

71% Dealing with the Media

49%

Regulatory Concerns

48%

Technical Issues

32%

Q. What do you think the main issues are with responding to cyber security incidents?

well as competitors’ positioning.

This is why the second highest priority is on dealing with management pressures. Board awareness of cyber risk has increased markedly in the last 24 months, because a cyber outage has negative effect on the company's performance and perception. CISOs responsible for responding to cyber breaches therefore have to deal not only with the immediate concerns surrounding remediation but also management attention.

Breach response: the priorities

© PAC

Mitigating the risk

13%

43%

44%

Yes No, but considering it No, and no plans


Q. Are you using cyber risk insurance

One way of approaching incident response is to mitigate the financial risk by taking out cyber risk insurance. There has been much media attention on the subject in the past year. However, our survey suggests that adoption is lagging behind this interest: only 13% of our respondents said they are using it. A fur ther 43% of f i rms are considering cyber risk insurance, but 44% have no plans to introduce it.

As seen in the US following the introduction of Mandatory Breach Notification, we expect the adoption of cyber risk insurance to increase as the introduction of new EU legislation approaches.

© PAC

Agenda




Conclusions



© PAC

Technology for Incident response


Q. Are you using any technology to assist in incident response?

We asked the respondents whether they are using any technology to assist in incident response. We were surprised to find that 61% of firms do use technology in their incident response.

However, when asked to describe this technology we get a very patchy view. The most common answer type of technology used is built in-house, as opposed to a commercial off-the-shelf solution. Firms corral a wide variety of technologies to support incident response, such as SIEM,

61%

✔ 11%

Built in-house

threat monitoring and network security. Clearly, these technologies are not designed for managing and organisations incident response program.

There is some evidence to suggest that organisations are aware that more specialised solutions for incident response are available, although this is clearly still an emerging market. Awareness of such solutions appears to be low, but as spend shifts towards Detect & Respond activities we expect this to increase rapidly.

22%

✖

Of which…

… and the rest is a wide variety of existing capability delivering patchy IR coverage


Q. How do you resource incident response?

M o s t o r g a n i s a t i o n s e s c h e w outsourcing for cyber security. They fear loss of visibility and control of their security operations. So, typically, they use outsourcing in a cautious, risk-based and selective manner. They also outsource security as a short-term fix until they are able to back-fill resources with in-house expertise.

With incident response, however, the opposite appears to be true. In our s u r v e y, 6 9 % o f f i r m s u s e a combination of internal and external staff, with a further 14% using external resources exclusively.

Use external staff only

18% Use internal

staff only

69% Use a combination of

internal & external staff

The nature of incident response dictates that resource utilisation is unpredictable. Although all of the companies surveyed reported a cyber breach (67% in the last 12 months), the timing of a breach is indeterminable. This means that if internal staff are to be used then they are drawn from other security activities as and when the need arises. But this may impact on-going operations. So it makes sense to plan to use external resources, either retained on standby or on a more ad hoc basis.

14%

Internal or external resourcing?


Q. Do you see outsourcing of Incident response as an interim solution?

In contrast with normal approaches to outsourced cyber security provision, our respondents see the use of external incident response expertise as a long-term strategy. This is again unusual, as most firms use external staff as an interim approach to sourcing adequate security skills. For incident response we think that organisations are building the use of outsourced

48%

Outsourcing is a long-term strategy,

resourced exclusively with

external resourced staff

15% Outsourcing is an interim strategy

37% Outsourcing is a

long-term strategy, resourced with a hybrid of internal

and external resourced staff

resources into their incident response plans from the start, calling upon these specialist skills on a planned but as-required basis. There also appears to be a preference to use externally resourced staff exclusively, as opposed to a hybrid of internal and externally resourced staff, suggesting that firms will rely increasingly on their providers for incident response capability.

Outsourcing – a short-term strategy?


Q. Why do you use external resources?

You don’t have enough investment resources

58% 83% of organisations surveyed use external resources for incident response, either exclusively or as a hybrid approach. But what are the motivations for using external staff? Primary in importance is the quality of service, which is perceived to be superior when using external resources. Incident response is a specialist craft requiring knowledge not only of technical aspects such as forensics, but also the softer issues such as customer communication and regulatory compliance.

But speed is also important, given that response times are a critical factor in remediation. The implication here is that it is faster to bring in external resources that it is to redeploy internal staff from other areas of operation.

Access to specialist skills is also a key driver, with 41% of firms citing lack of internal skills as a driver.

Interestingly, cost is much less of an issue than one might have thought. Only a third of the organisations surveyed cite the advantageous costs and lack of investment as drivers, while only 22% are motivated by a Capex-to-Opex shift.

54%

You wish to switch to OPEX

35% 33%

It addresses security concerns more quickly

6% It’s a general approach of your company

41% Costs are more advantageous

You don’t have enough internal skills

22%

Quality of service is better

Motivations for outsourcing Incident Response

© PAC

As cyber security breaches impact business performance it seems reasonable to treat incident response as part of an organisation's business continuity program. And our survey indicates that this is beginning to happen: 23% of firms surveyed say that incident response and business continuity are part of the same organisation. Encouragingly,


the remaining 78% of organisations have some link between incident response and business continuity, either a strong link (shared reporting lines or membership of relevant committees and working parties, for example) or an informal relationship (such as one based on personal relationships).

Q. Are your Cyber Incident Response resources linked or related to your organisation’s business continuity resources?

23% Yes, they are the same resource

54% No, but they are linked strongly

24% No, but they are linked informally

0% No they are not

linked at all

Is Cyber Response part of Business Continuity?

© PAC

A minority of firms surveyed use no external resource to provide incident response. Of these firms, the most commonly-cited reason for using internal resources exclusively is a sufficiency of internal resources. It is interesting to explore this in more detail: the firms reporting a high level of internal resources come mostly from the public sector, and particularly from that in the UK.

Another commonly cited inhibitor of outsourcing incident response is that security is too critical to leave to external


We have all the necessary

internal resources

66%

Security is too critical to outsource

63% 31%

I don‘t know what the market offers

51%

I have not found suitable offers

Q. Why do you not use external resources?

providers. Again, the UK respondents in our survey seem to be the most reluctant to use external resources for incident response.

The survey responses indicate that providers of incident response may need to improve their marketing outreach programs: 51% of organisations that only use internal resources claim that they have not found suitable providers. And 31% simply don't know what the market offers.

3%

I don‘t think that response will be

better

(n=35)

Inhibitors for Outsourcing Incident Response

© PAC

We were interested to understand what organisations look for in a provider of incident response capability. The top two responses give a strong indication of what firms look for: a strong track record in security and a trusted and well-known brand. This is important, as many providers have entered the security market opportunistically due to its rapid growth. But many of these lack the credentials that enterprises seek. So established providers with references and a history of success in security (and preferably incident response) have an advantage: this should feature strongly in their marketing messages.

Not surprisingly, security skills & expertise and specialist qualifications feature highly. Qualifications can either be


government-issued, such as CLAS in the UK or ESSI in France, or internationally-recognised certifications such as CISSP and ISACA.

Curiously, government accreditation at the firm level (as opposed to individually held certification) is much less important.

We were surprised to see that local delivery teams are not important for instant response. One might think that data sovereignty issues would be a consideration. However, on reflection, this makes sense: incident response is a matter of urgency and requires the requisite staff to be made available more or less immediately. This means that their home location is largely irrelevant. In fact many service providers fly in their experts from a variety of locations in order to resource urgent incidents appropriately.

Q. When considering a security services provider for incident response what do you look for?

13%

Local delivery team

Strong track record in cyber

security

70%

A trusted and well-known

brand

62%

Security skills & expertise

63%

Specialist qualifications

36%

Government accreditation

69%

What to look for in an Incident Response provider

© PAC

Agenda





Conclusions


© PAC

Analyst Conclusion


This study has shown that cyber breaches are, to all intents and purposes, inevitable. All of the companies we surveyed have experienced a cyber breach and most have been breached within the last 12 months. Consequently, cyber security spend is shifting away from traditional Prevent & Protect approaches towards Detect & Respond operations, resulting in a more balanced security budget. Firms are trying to address not only the inevitability of a breach but also its impact, both in direct remediation costs and in reputational damage. They are also attempting to reduce the time for breach discovery. With Mandatory Breach Notification on its way linked to upcoming EU regulations, organisations are increasingly concerned at the impact of a breach and the way it is handled. We discovered, however, that although organisations believe they are prepared for a breach many do not have a formalised cyber readiness plan in place, nor do they test it frequently. Firms need to do more work in this area, as preparedness for a cyber incident cannot be based simply on hope.

Over the next two years we expect to see an increase in take-up of software specifically designed to manage the IR process, either as an alternative, or supplementary, to outsourcing. This will include both the management of IR plans and simulation of response and mitigation activities. We will also undoubtedly see a strengthening of outsourced incident response adoption, as firms plan for breaches by forging relationships with services providers, typically on a retainer basis. This provides the assured service levels required to fulfill a readiness plan, while accessing rare expertise and skills and keeping costs manageable. Cyber risk insurance, while adopted at low levels today, will also grow, driven in particular by incoming EU legislation.

Firms in the UK, France and Germany are on a journey of maturity in cyber security incident response. They are moving from a position of vulnerability, where defences are insufficient to prevent a breach. Firms increasingly view third parties as a critical source of advice, support and guidance in doing so. The journey will not be a smooth ride, but organisations seem to be heading in the right direction.

Duncan Brown Research Director

PAC

© PAC

Disclaimer, usage rights, independence and data protection


This study was compiled in multi-client mode under the sponsorship of FireEye, HP, Telefonica and Resilient Systems. For further information, please visit www.pac-online.com. Disclaimer The contents of this study were compiled with the greatest possible care. However, no liability for their accuracy can be assumed. Analyses and evaluations reflect the state of our knowledge in May 2015 and may change at any time. This applies in particular, but not exclusively, to statements made about the future. Names and designations that appear in this study may be registered trademarks. Usage rights This study is protected by copyright. Any reproduction or dissemination to third parties, including in part, requires the prior explicit authorization of the sponsors. The publication or dissemination of tables, graphics etc. in other publications also requires prior authorization. Independence and data protection This study was produced solely by Pierre Audoin Consultants (PAC). The sponsors had no influence over the analysis of the data and the production of the study. The participants in the study were assured that the information they provided would be treated confidentially. No statement enables conclusions to be drawn about individual companies, and no individual survey data was passed to the sponsors or other third parties. All participants in the study were selected at random. There is no connection between the production of the study and any commercial relationship between the respondents and the sponsors of this study.

© PAC

Contact

Founded in 1976, Pierre Audoin Consultants (PAC) is part of the CXP Group, the leading independent European research and consulting firm for the software, IT services and digital transformation industry. The CXP Group offers its customers comprehensive support services for the evaluation, selection and optimization of their software solutions and for the evaluation and selection of IT services providers, and accompanies them in optimizing their sourcing and investment strategies. As such, the CXP Group supports ICT decision makers in their digital transformation journey. Further, the CXP Group assists software and IT services providers in optimizing their strategies and go-to-market approaches with quantitative and qualitative analyses as well as consulting services. Public organizations and institutions equally base the development of their IT policies on our reports. Capitalizing on 40 years of experience, based in 8 countries (with 17 offices worldwide) and with 140 employees, the CXP Group provides its expertise every year to more than 1,500 ICT decision makers and the operational divisions of large enterprises as well as mid-market companies and their providers. The CXP Group consists of three branches: Le CXP, BARC (Business Application Research Center) and Pierre Audoin Consultants (PAC). For more information please visit: www.pac-online.com PAC’s latest news: www.pac-online.com/blog Follow us on Twitter: @PAC_Consultants



Duncan Brown Research Director +44 (0) 20 7553 3966 [email protected]

Dominic Trott Senior Consultant +44 (0) 20 7553 3966 [email protected]

2015

Documents

Incident Response Management - ElevenPaths › wp-content › uploads › 2015 › 06 › MC… · Incident Response Management 2015 5 Suffering a major breach is a near-certainty