An effective detection and response capability is essential for monitoring key assets, containing threats early and eradicating them. However, due to the current disparate nature of potential attack vectors within an organization, affording the wide range of sensors necessary can be a challenge as well as the worry of the disruption of critical services. Yet, without robust detection and response processes, businesses are left vulnerable. Organizations are also under pressure to manage the potential business and financial costs and complexities of post-breach activities such as privileged investigations, litigation, crisis communications and breach notification to name just a few. Alongside this, they must respond to the changing requirements of cyber insurers, many of whom now require retainers for new policies and renewals.
How can businesses tackle this current landscape to ensure they have the services they need when they need it, without disrupting their business and not breaking the bank? The answer is a more flexible “cyber risk retainer,” as opposed to an incident response (IR) retainer, combined with an MDR service, as this allows them to achieve significant cost savings by bundling together any pre-incident services from tabletop exercises, penetration tests, dark web monitoring or cloud configuration reviews, to any post-incident services such as digital forensics, breach notification and litigation support.
In this article, we outline why it would be misguided to solely rely on a traditional MDR solution or an incident response (IR) retainer and explain why combining a cyber risk retainer with an MDR service significantly advances an organization’s security posture.