BREACH RESPONSEPREPAREDNESS

INCIDENT RESPONSERETAINER LEVELS

BENEFITS OF AN ANNUAL IR RETAINER

NON RETAINER CUSTOMERIndustry average time from breach to initial analysis

2-15 DAYS

RESPONSE TIMINGCOMPARISON

RSA RISK & CYBERSECURITY PRACTICE

IR RETAINER:

70%IR Retainers help an organization align with the requirements and incentives offered by cybersecurity insurance providers

IR Retainers provide rapid access to top tier IR professionals and supplement internal teams via surge resourcing during sophisticated attacks

IR retainers are a proactive cyber-security measure that can significantly reduce an attacker's dwell time and reduce the impact of a breach

Incident respondersfamiliar with customer’s

environment

IR vendor search and selection

PROCUREMENT OF IR, LEGAL PARTNER

ENGAGED* 

• Proactively prepare for an incidentor breach

• Accelerate response time fromseveral days to as little as 3 hours

• Be better prepared to satisfyregulatory requirements like GDPR’s72 hour window for reporting abreach after discovery

• Enable future and rapid procurementwith a contracted and pre-approvedIR vendor

• Facilitate rapid response with IR expertise that is already familiar withyour environment, technology,available data, challenges and otherimportant details

Be Prepared! An incident response retainer reduces the time required to engage top-tier IR professionals and reduces exposure to risk during an incident or breach.

90% of organizations are

dissatisfied with their response time2

RSA Risk & Cybersecurity Practice team's expertise has beenacknowledged as a “Strong Performer” in the Forrester Digital Forensics and Incident Response (DFIR) report and is an NSA accredited Global Incident Response practice.

Explore the four levels of RSA Incident Response Retainers

RSA and the RSA logo are registered trademarks of Dell Technologies in the United States and other countries. © Copyright 2018 Dell Technologies. All rights reserved. Published in the USA 3/17 Infographic H17025.

LEARNMORE

SIGN UPNOW

of organizationsknew they were compromised

in the past year1

IR RETAINER CUSTOMERIndustry average time from breach to initial analysis

3 HOURS

Ongoing analysisPreliminary analysis complete

Multiple IR resources engaged

REMEDIATION UNDERWAY

Compliance notifications distributed

Day 1

3 hours

Day 2Day 2

Day 3 / 72 hours

Day 11

Duration

Effort Estimate(hours)

SLA: Initial Response

SLA: Initial Analysis

SLA: On-site Analysis

Use of Unused hours

Deliverables

1 year

24

8

24

72

n/a

Preliminary analysis report

1 year

66

6

24

48

Preliminary analysis report

1 year

120

3

12

24

Preliminary analysis report

1 year

242

3

12

24

Preliminary analysis report

Incident discovery report

Board readout from RSA Exec

Bronze Silver Gold Platinum

SUSPECTED INCIDENT DETECTED

GDPR REPORTING DEADLINE 72 hours 72 hours

Ongoing analysis

Preliminary analysis complete

Multiple IR resources engaged

REMEDIATION UNDERWAY

Compliancenotifications distributed

Day 12

Day 13

Day 14

SUSPECTED INCIDENT DETECTED Day 1]

*Many unfavorable terms are missed in a rush and understanding of consequencesare not understood.

1 RSA Cybersecurity Poverty Index 20162 RSA Threat Detection E�ectiveness Survey 2016

The hour glasses below show a real-world response timing comparison. IR Retainer customers gain several bene�ts from establishing a long-term relationship with an IR �rm who is already familiar with their organization, environment, technology, available data, critical assets, people, regulation mandates and any other critical information.