Skip to Content

Are you prepared today for tomorrow’s cyber crisis? Why incident response matters

Drew Morefield
3 Jul 2023

Imagine you are driving a car and suddenly encounter a roadblock. Would you have a detour plan ready to navigate around it or would you continue driving, hoping it would disappear?

You only have one choice, right? Now consider this in the context of cybersecurity incident response where only 30% of businesses are prepared for an attack; or to continue the analogy, where almost 70% would drive on before they realize it’s too late.

An incident response plan (IRP) helps to protect your business, customers, and finances in the event of a cybersecurity disruption, and as advanced and unknown cyber threats gain ground, it has become a business essential. So why do so few have one?

One reason is that preparing for the unexpected takes time and proactivity. Many companies have vulnerabilities in their defenses that they haven’t prepared for, often because they lack the resources or board-level interest. And even of the minority the organizations with an IRP, more than half fail to test regularly. This means that many only assess the readiness of their plans at the worst possible time – in the middle of a cyberattack.

This is clearly unsustainable. As hackers increase in sophistication and entry points proliferate with increased digitization, an attack is not a matter of if, but when. While risk detection and mitigation are critically important, so is unlocking the value of major innovations and transformations, such as flexible working or connected devices. To move with confidence, organizations must be proactive, practical, and prepared.

Communicating your response

In 2021, a business suffered a ransomware attack every 11 seconds. By 2031, this figure is expected to be one every two seconds. While the global cybersecurity workforce is growing, the industry is short of almost 3.5 million workers. Cybersecurity professionals know this, and a study by (ISC)2 shows that 70% feel like their organization doesn’t even have enough staff to be effective.

However, we know that a solid incident response plan is a critical step to business resilience. If you have your ducks in a row before a problem strikes and everyone knows what to do, you can overcome the challenge of resource shortages. Just like in an emergency room scenario, staff at all levels cannot be learning at the same time as the crisis is happening.

Communication is therefore one of the main challenges that organizations face during incidents. Many simply don’t know how to communicate effectively with internal and external stakeholders, authorities, and experts before, during, and after an attack.

This is essentially a human issue; in the event of security frameworks being compromised, even the most robust technology might not be enough. That’s why one of the most effective ways to prepare incident response is by running simulated scenarios where each level of the organization goes through the script and understands the consequences of deviating from it.

To do this, businesses need to define and triage risk into categories so that they can assign a severity tier from low to full crisis. This will help guide incident escalations, assign an appropriate service level, and inform stakeholders of the potential or realized impact of an incident. The severity level will also inform who is notified, what the escalation path will be and which playbook to communicate.

This way, response will be standardized and more easily activated, so when something unanticipated does occur, leaders can be more agile in dealing with it. Of course, it’s also critical that the sector-specific business context is properly understood so that organizations know exactly what to focus on.

By learning how to react quickly, how to isolate a threat, and understanding people’s perspectives and operational responses, organizations can potentially save millions within the first 24 hours: a huge saving built on practical and inexpensive measures such as email templates and step-by-step guides.

What your organization should do next

From manufacturing to financial services to life sciences and beyond, too many organizations find themselves underprepared at a time when they should be asking: “If a cyber crisis hits tomorrow, can our business still function and operate ?” Here are three steps your organization should take to ensure the answer is “yes”:

  • Define your evolving risk level by conducting a comprehensive assessment of your organization’s incident response capabilities, including technology, personnel, and communication processes, and identify any gaps and areas for improvement.
  • Proactively plan to protect against attacks by creating a detailed IRP that outlines the necessary steps and procedures to follow in the event of a cybersecurity incident.
  • Embed rapid response capabilities to defend in a crisis by running simulations, establishing clear communication channels, and regularly testing your defenses.

At its core, IRP is a workplace cultural change that will prepare businesses to fully embrace technology transformation. This is a change which can only be achieved proactively, and it starts with communication.

But when resources are stretched, this might be easier said than done. That’s why Capgemini has crafted an effective approach to cybersecurity that can be tailored to your business needs, offering rapid real-time response to evolving threats through our seasoned Incident Response Team.

It is never easy to prepare for the unexpected and always easier to adopt the “it won’t happen to me” mindset. But the consequences of not having an IRP in place can be catastrophic and cost your company more than just millions, but its reputation. Implementing strong IRP and end-to-end cybersecurity will ultimately do far more than manage risk – it will unlock opportunity.

Contact Capgemini today to find out about our incident response services.


Drew Morefield

Head of Global Portfolio – Cybersecurity Service Line