Our site uses cookies to make it work and to help us give you the best possible user experience. By using our site, you agree to our use of cookies. To find out more about cookies and how you can disable them, please read our cookies statement. 

Cookie Settings

You can manage your cookie settings by turning cookies on and off.

Click on the different cookie  headings to find out more about the types of cookies we use on this site and to change your settings. Please be aware that if you choose to turn off  cookies, certain areas of our site may not work and your browsing experience may be impacted.

For further information on how we use cookies, please see our cookies statement. 

Strictly Necessary Cookies


These cookies are essential for the technical operation of and proper functioning of our site  and enable you to register and login, to easily move around our site, and to access secure areas. Without these cookies our site won't function properly.  

These cookies are required

Performance Cookies

Performance cookies allow us to collect aggregated and anonymous data on how our site is used, such as the number of visitors to our site, how you navigate around and the time spent on our site and also to identify any errors in functionality. These cookies also help us to improve the way our site works by ensuring that you can find what you’re looking for easily, to better understand what you are interested in and to measure the effectiveness of the content of our site. 

Marketing Cookies

These cookies allow us to advertise our products to you and allow us to pass this information on to our trusted third parties so that they can advertise our products to you on our behalf. All information these cookies collect is aggregated and therefore anonymous. No personal information is shared to third parties. Any personal information collected while using our website could be used for direct marketing from Dimension Data only.

Why incident response is high on the executive agenda


Incident response can no longer be seen as simply a best practice – rather, it’s an obligation of due diligence. It’s now a topic that’s firmly on the executive agenda.

We recently published the Executive’s Guide to the 2017 Global Threat Intelligence Report which was compiled from data collected by NTT Security and other NTT operating companies from the networks of 10,000 clients across five continents, trillions of security logs, and six billion attempted attacks launched during 2016.

The Report reveals some interesting insights on how prepared organisations are to deal with a breach and the types of incidents that are most commonly occurring.

There’s an encouraging shift towards prioritising incident response

In 2016, we saw an 11% year-on-year improvement in terms of organisations actively maturing their incident response preparedness.

Globally, 32% of organisations had a formal incident response plan in 2016, up from an average of 23% in previous years. This is encouraging and suggests that organisations are starting to realise that being prepared and having a tested response plan, coupled with actionable threat intelligence, can limit the impact of a breach, while also supporting clear business justification for that plan.

Phishing is the cause of most incident response initiatives

In 2016, over 60% of incident response engagements that we were involved in related to phishing attacks. Four industries accounted for 77% of all phishing attacks – business and professional services (28%), government (19%), healthcare (15%), and retail (15%).

Malware - which includes various types of malicious software including ransomware, bot droppers, and payloads - was also prevalent in incident response engagements.

Who’s being targeted?

A total of 59% of all incident response engagements occurred in four industries – healthcare (17%), finance (16%), business and professional services (14%), and retail (12%). Of all incidents in the finance sector, 56% were related to malware, while 50% of all incidents in the healthcare sector were related to ransomware.

The top targeted industries come as no surprise. Their maturity coupled with the value of data they hold, from personally identifiable information, personal health information, credit card data, to intellectual property, make them lucrative targets for cybercriminals.

What can you do?

 There’s much that you can do to step up your level of incident preparedness. Here are some basic recommendations:

  • Obtain executive buy-in – Security leaders must seek executive sponsorship to ensure visibility and accountability of risk as it evolves from the server room to the boardroom. The financial repercussions for failing to disclose security breaches continue to rise.
  • Define roles and responsibilities – Many organisations only include members of the security team in the event of a major incident. At minimum, employees from the business, HR, legal, risk/compliance, security, and IT should be involved to co-ordinate an effective response.
  • Prepare incident management processes and playbooks – Many organisations have limited guidelines that describe how to declare and classify incidents. These are critical to ensuring a response can be initiated. Common practices for incident response also suggest organisations should develop ‘playbooks’ to address how incidents should be handled in their environment.
  • Test, evaluate, and revise effectiveness – Simply having a response plan isn’t enough. It’s critical that you routinely test its
  • Prepare technical documentation – You need comprehensive and accurate details about your network in order to make informed decisions and identify impacted systems, in the event of a breach.
  • Maintain relationships with key external stakeholders – We live in a connected world with dependencies and links to a much larger ecosystem. We advise our clients to maintain relationships with government agencies, law enforcement, and trusted security vendors to support healthy dialogue and open information exchange.
  • Update documentation regularly – As your organisation grows and roles change, it’s important to update documentation related to who’s involved in incident response activities. Updating contact information for vendors such as your ISP, external incident response support, and other providers is equally important.


For more insights and analysis of the global cyber threat landscape, download the Executive’s Guide to the 2017 Global Threat Intelligence Report. Register for our webinar here and discuss the findings live with us.


Previous Article: 2017 Global Threat Intelligence Report Next Article: One-size-fits-all? Not when it comes to disaster recovery

You may be interested in


SDN is redefining the data centre

To understand how the data centre is changing within the enterprise, it’s important to recognise that its essential functions are not changing.

Read blog
Robot hand

Behavioural analytics and artificial intelligence demand a relook at identity

The reignition of interest in and the acceleration of the capabilities of artificial intelligence (AI) are providing security professionals with an expanded toolbox.

Read blog
Doctor examining an Xray

The rise of blockchain at SXSW Part 2

In my last SXSW round-up blog, we left off with a recap of SXSW Interactive, where blockchain and distributed ledger technology (DLT) was far and away the hottest topic.

Read blog
Women working on computers

Eyes wide open: Raising cybersecurity's profile in your business

Our 2017 Global Threat Intelligence Report showed that, year on year, 11% more businesses were improving their incident response ability. But 68% still had no formal incident response plan.

Read blog