Source: How Enterprises Are Responding to the Incident Response Challenge, Dark Reading
Enterprise security teams are increasingly collaborating with members of other internal business functions and with external partners when responding to a security incident, according to a Dark Reading Research report on incident response.
Security teams appear to recognize the importance of coordinating incident response with other business groups such as human resources, communications, and legal. The survey found that 63% of IR teams at responding organizations currently coordinate with their internal communications group to keep employees updated on a security incident. In fact, 44% said they know whom to contact within the HR function when an incident happens, and 39% have dedicated resources for handling external communications. Nearly one in four respondents (38%) have a contact within the legal function.
Security experts have long considered such cross-functional collaboration and partnerships as fundamental to mounting an effective incident response. The main reason is that the impact of a security breach often extends far beyond the IT security realm. A security incident that affects customer or employee data, for instance, can trigger breach notification requirements and have legal and financial consequences that are the responsibility of other groups with the organization. A lack of coordination with these groups can negatively affect an organization's ability to respond to an incident.
Efforts by IR teams to bolster incident response capabilities don't end with better coordination with internal business groups. Dark Reading's survey data showed that many organizations are aware of threats to enterprise security from external service providers, technology suppliers, and other third parties and have a plan for addressing that risk as well. Thirty-six percent — or more than one in three — survey respondents said their IR team knew exactly whom they needed to work with in the event of a breach or vulnerability involving an external entity.
Some organizations are outsourcing incident response, as one in five (22%) currently rely on an external service provider for incident response.