When it comes to digital forensics and incident response, are you mostly relying on internal or external resources to conduct forensics?

Security Strategy & RoadmapThreat Intelligence & Incident Response

External58%

Internal41%

Not sure

127 PARTICIPANTS
1.3k viewscircle icon1 Comment
Sort by:
CIO in Education2 years ago

it's important for organisations, regardless of whether they opt for in-house forensics or outsourced, to have a basic understanding of forensics readiness to ensure investigations are conducted using forensics principles. The same applies for incident response. An outsourced provider can triage events to a certain extent but depending on the MSSP model you opt for, your outsourced provider won't be able to remediate all incidents to ensure BAU. They can provide you with the necessary context and information (if they manage your EDR they can even isolate affected endpoints), but the BAU part tends to be in-house hence having an internal incident response plan is also vital. Lastly - remember to test these using table top exercises, and ensure post-mortems are also conducted after legitimate incidents as these highlight areas of improvement, or help you confirm your plan is adequate. 

Content you might like

We’re currently evaluating Cyble as an AI-native CTI / digital risk protection platform and I’d love to hear from anyone with real-world experience. Our use cases span: – Dark web / cybercrime monitoring – External attack surface management (EASM) – Executive monitoring (VIP / board) – Brand protection (lookalike domains, social impersonation, phishing sites) – Takedown services for fake domains, sites and social accounts For those who’ve used Cyble in production: – How would you rate coverage quality (dark web, brand, ASM) vs other DRP/CTI vendors? – Any feedback on noise levels / false positives and how well their team helps tune alerts? – Real-world experience with takedown speed and success rates (domains, social, app stores)? – How is their onboarding, support, and CSM engagement over time (not just during POC)? Any candid feedback (good, bad, or mixed) would be really helpful as we shape our 2026 external threat intelligence / DRP roadmap.

What do you think about the countries that pledged not to pay ransoms? Will that last, or do you think some will likely walk back that pledge?

Pledges will likely last for all26%

Some will walk back their pledge67%

Don’t know — time will tell7%

View Results

What’s the top cybersecurity challenge concerning your organization right now?

AI-driven threats (deepfakes, automated attacks) 18%

Software supply chain risks 16%

Insider risk (both malicious & accidental) 11%

Regulatory compliance 9%

Cloud misconfigurations 13%

Shadow IT (or shadow AI) 13%

Ransomware 7%

Talent shortage in cybersecurity9%

Something else (comment to explain)3%

View Results

When evaluating cybersecurity solutions, what's the most important non-technical criteria you consider? Has it changed in recent years?

What key learnings has your organization gained from the cloud outages that we’ve seen this year with Azure, AWS or Cloudflare? Have any of these outage events led you to implement additional resilience measures, or make other changes?