Our site uses cookies to make it work and to help us give you the best possible user experience. By using our site, you agree to our use of cookies. To find out more about cookies and how you can disable them, please read our cookies statement. 

Cookie Settings

You can manage your cookie settings by turning cookies on and off.

Click on the different cookie  headings to find out more about the types of cookies we use on this site and to change your settings. Please be aware that if you choose to turn off  cookies, certain areas of our site may not work and your browsing experience may be impacted.

For further information on how we use cookies, please see our cookies statement. 

Strictly Necessary Cookies


These cookies are essential for the technical operation of and proper functioning of our site  and enable you to register and login, to easily move around our site, and to access secure areas. Without these cookies our site won't function properly.  

These cookies are required

Performance Cookies

Performance cookies allow us to collect aggregated and anonymous data on how our site is used, such as the number of visitors to our site, how you navigate around and the time spent on our site and also to identify any errors in functionality. These cookies also help us to improve the way our site works by ensuring that you can find what you’re looking for easily, to better understand what you are interested in and to measure the effectiveness of the content of our site. 

Marketing Cookies

These cookies allow us to advertise our products to you and allow us to pass this information on to our trusted third parties so that they can advertise our products to you on our behalf. All information these cookies collect is aggregated and therefore anonymous. No personal information is shared to third parties. Any personal information collected while using our website could be used for direct marketing from Dimension Data only.

Why incident response is high on the executive agenda


Incident response can no longer be seen as simply a best practice – rather, it’s an obligation of due diligence. It’s now a topic that’s firmly on the executive agenda.

We recently published the Executive’s Guide to the 2017 Global Threat Intelligence Report which was compiled from data collected by NTT Security and other NTT operating companies from the networks of 10,000 clients across five continents, trillions of security logs, and six billion attempted attacks launched during 2016.

The Report reveals some interesting insights on how prepared organisations are to deal with a breach and the types of incidents that are most commonly occurring.

There’s an encouraging shift towards prioritising incident response

In 2016, we saw an 11% year-on-year improvement in terms of organisations actively maturing their incident response preparedness.

Globally, 32% of organisations had a formal incident response plan in 2016, up from an average of 23% in previous years. This is encouraging and suggests that organisations are starting to realise that being prepared and having a tested response plan, coupled with actionable threat intelligence, can limit the impact of a breach, while also supporting clear business justification for that plan.

Phishing is the cause of most incident response initiatives

In 2016, over 60% of incident response engagements that we were involved in related to phishing attacks. Four industries accounted for 77% of all phishing attacks – business and professional services (28%), government (19%), healthcare (15%), and retail (15%).

Malware - which includes various types of malicious software including ransomware, bot droppers, and payloads - was also prevalent in incident response engagements.

Who’s being targeted?

A total of 59% of all incident response engagements occurred in four industries – healthcare (17%), finance (16%), business and professional services (14%), and retail (12%). Of all incidents in the finance sector, 56% were related to malware, while 50% of all incidents in the healthcare sector were related to ransomware.

The top targeted industries come as no surprise. Their maturity coupled with the value of data they hold, from personally identifiable information, personal health information, credit card data, to intellectual property, make them lucrative targets for cybercriminals.

What can you do?

 There’s much that you can do to step up your level of incident preparedness. Here are some basic recommendations:

  • Obtain executive buy-in – Security leaders must seek executive sponsorship to ensure visibility and accountability of risk as it evolves from the server room to the boardroom. The financial repercussions for failing to disclose security breaches continue to rise.
  • Define roles and responsibilities – Many organisations only include members of the security team in the event of a major incident. At minimum, employees from the business, HR, legal, risk/compliance, security, and IT should be involved to co-ordinate an effective response.
  • Prepare incident management processes and playbooks – Many organisations have limited guidelines that describe how to declare and classify incidents. These are critical to ensuring a response can be initiated. Common practices for incident response also suggest organisations should develop ‘playbooks’ to address how incidents should be handled in their environment.
  • Test, evaluate, and revise effectiveness – Simply having a response plan isn’t enough. It’s critical that you routinely test its
  • Prepare technical documentation – You need comprehensive and accurate details about your network in order to make informed decisions and identify impacted systems, in the event of a breach.
  • Maintain relationships with key external stakeholders – We live in a connected world with dependencies and links to a much larger ecosystem. We advise our clients to maintain relationships with government agencies, law enforcement, and trusted security vendors to support healthy dialogue and open information exchange.
  • Update documentation regularly – As your organisation grows and roles change, it’s important to update documentation related to who’s involved in incident response activities. Updating contact information for vendors such as your ISP, external incident response support, and other providers is equally important.


For more insights and analysis of the global cyber threat landscape, download the Executive’s Guide to the 2017 Global Threat Intelligence Report. Register for our webinar here and discuss the findings live with us.


Previous Article: 2017 Global Threat Intelligence Report Next Article: One-size-fits-all? Not when it comes to disaster recovery

You may be interested in

Man working on computers

Protect your data from the inevitable ransomware attack

To cope with this new kind of threat, your backup and recovery strategy needs to adapt.

Read blog
Rocky ocean

What I learned from hacking the Winter Olympics

I used to think that technology was the answer to all security questions, but my experience post 9/11 taught me that governance should always be the starting point for security discussions.

Read blog

The two-way conversation you need to have with your CEO on cybersecurity

With cyberattacks featuring regularly in mainstream news, it’s good to see that Boards and CEOs are becoming more cybersecurity conscious.

Read blog

Balancing risk and innovation

There’s no question that digital is the way forward. It offers tremendous benefits to your business: faster speed to market, more business intelligence and improved customer relationships.

Read blog