Gartner Offer 3 Steps for Incident Response as Attacks Surge

Gartner's report underscores the critical importance of preparedness in the face of escalating cybersecurity threats.
Gartner have released a report that outlines how organisations can implement a successful cyber security incident response as attacks continue to surge

Advisory firm Gartner have released a report arguing for three must haves for cyber security incident response.

The report underscores the critical need for robust cybersecurity incident response strategies in the current climate of increased cyber attacks.

Borrowing statistics from reports from tech giants like IBM - which highlighted the average cost of a data breach reached an all-time high in 2023 of US$ 4.45 million, a cost that as increased 15.3% since the 2020 report -  Gartner links cybersecurity incident response as a way to prepare.

Cybersecurity incident response is a critical process for organisations to effectively manage and mitigate the impact of security breaches or cyberattacks. It involves a structured approach with well-defined phases, including preparation, detection, containment, eradication, recovery, and lessons learned. 

Cybersecurity landscape

Youtube Placeholder

The report highlights the increasing frequency and severity of cybersecurity incidents. 

According to the Chainalysis 2024 Crypto Crime Report, ransomware payments reached an unprecedented US$1 billion in 2023, with ransomware accounting for 24% of all cybersecurity incidents. 

Despite these alarming statistics, the 2023 Thales Data Threat Report found that 51% of organisations worldwide still lack a ransomware incident response plan, even though 10% of organisations experienced attempted ransomware attacks in 2023.

Cybersecurity incident response

With the obvious impetus, Gartner has identified three essential components that organisations must incorporate into their cybersecurity incident response strategies:

Gartner's must-haves for cybersecurity incident response
  • 1. Build an incident response llan
  • 2. Develop detailed response playbooks
  • 3. Conduct regular tabletop exercises

1. Gartner emphasises the importance of having a comprehensive incident response plan that outlines the general procedures for addressing cybersecurity incidents. This plan should include incident severity tiers, escalation paths, and a detailed response process map. The incident response plan serves as a foundational document that guides the organisation's actions during an incident, ensuring a coordinated and efficient response.

2. Beyond a general incident response plan, Gartner recommends creating specific playbooks for common or high-impact incident types, such as ransomware. These playbooks provide detailed guidance and procedures tailored to specific scenarios, enabling organisations to respond more effectively to particular threats. The playbooks should cover all phases of incident response, including containment, analysis, remediation, and recovery.

3. To ensure that incident response plans and playbooks are effective, Gartner advises organisations to conduct regular tabletop exercises. These exercises simulate real-world scenarios and involve leadership and decision-makers across the organisation. By practising their response to various incident scenarios, organisations can identify gaps in their plans, improve coordination, and ensure that all stakeholders are prepared to act swiftly and effectively during an actual incident.

Importance of preparedness

Gartner's report underscores the critical importance of preparedness in the face of escalating cybersecurity threats. 

Cybersecurity incidents are no longer a matter of "if" but "when,", with  telecom company BT last year revealing that more than 46 million signals of potential cyberattacks are seen on average every day worldwide.

The consequences of inadequate preparation can be severe, impacting brand reputation, customer trust, and increasingly with the soaring amount of ransomware, financial stability. 

By implementing the three must-haves identified by Gartner for an incident response plan, organisations can not only be prepared for an attack, but can more easily recover from one too. 

With The crippling economic cost of business downtime and recovery can be avoided if companies can recover from secure, clean backups.

With Lloyds reporting US$3.5tn could be lost if a hack forced a global payments to go offline for a number of days, the price of a successful cyber-attack is compounded the more businesses are unprepared to deal with the fallout. 


Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024


Cyber Magazine is a BizClik brand


Featured Articles

UK Takes Steps to Strengthen Country's Cyber Security

The new government have made cybersecurity one of their top priorities as they lay out their plans for what they intend to do in power

BlueVoyant Launch Platform to Tackle Supplier Attack Surface

BlueVoyant has unveiled a new Cyber Defense Platform which aims to tackle the growing attack surface introduced by the ecosphere of third-party vendors

Irdeto’s Andrew Bunten Talks Securing Online Content Streams

With online streaming services being bigger than ever, Irdeto’s Andrew Bunten explains how they manage to keep streams safe despite the huge attack surface

Fortinet Cyber Survey Shows Global Scope of Skills Gap

Operational Security

What ChatGPT Passing an Ethical Hacking Exam Means for Cyber

Technology & AI

Learn How CTEM can Upskill Your Cyber Strategy

Network Security