I dislike cliches. I suspect I’m not alone in that, but the truth is I’m guilty of using them on occasion — and I’m probably not alone in that, either.

I was reading a tongue-in-cheek article the other day about the worst clichés in the business world. As you might imagine, some of the usual culprits were there: ideate (is that even a word?), influencer (code for someone who likes the sound of their own voice?) and snackable content (I’d rather have potato chips, thank you).

But there was one word on there that I was surprised to see — and I disagreed with its place on the list: partner.

Much of the reason, I suspect, that I took issue was because I lead the X-Force Incident Response team. I know that when it comes to cyberattacks, even the most well-staffed security team needs a trusted partner. Not just when the attack hits, but before. At the planning stage, creating and rehearsing the playbooks and finding the vulnerabilities before the criminals do. That’s when a partner matters most.

If nothing else, the events over the past 24 months have shown us that having a trusted partner is more important than ever. The number of annual ransomware incidents my team remediates has been on a steady climb: 20% growth in 2019, 23% in 2020, and, most likely, a higher percentage in 2021.

Adding to that, this year the U.S. administration issued an executive order designed to improve the nation’s cybersecurity. While details are still being developed, it’s pretty clear there are sweeping changes ahead — and they will likely have a global ripple effect.

Choosing the right trusted partner in a complex labyrinth of global disruption, government mandates and increasingly aggressive and sophisticated threat actors can seem overwhelming. The good news is IDC may have done much of the footwork for you. IDC recently released the IDC MarketScape: Worldwide Incident Readiness Services 2021 Vendor Assessment, which evaluates vendors and positions them as a leader or a major player in incident readiness.

There are five important attributes and vendor capabilities that IBM feels can help make a trusted partner for organizations. Those attributes are:

1. Employee Strategy

Diversity. Organizations should evaluate vendors that can deliver a comprehensive readiness and incident response (IR) approach. From boots on the ground incident responders, to thought leaders who can develop exceptional educational content and front-of-room trainers who can deliver believable immersive experiences; The vendor should have experts who have experienced cyberattacks in many situations, so they know what to include in your organization’s plans, playbooks and training guides — and how to respond during a live incident.

2. Portfolio

Bespoke. When it comes to incident preparedness, off-the-shelf is insufficient. Every organization has a unique structure and strategy, and a different set of data that is critical to their operation. A meatpacking plant is going to need a different plan than a medical center — and your plans need to reflect those needs. The portfolio offering should be varied and tailored to your specific requirements.

3. Delivery

Education. The incident readiness delivery team must be match-fit professionals working on the latest breaches, attending the best industry training courses, and must hold up-to-date certifications. The team should regularly attend personal incident readiness and incident response training to better understand and appraise the experience they are delivering. The preparation and education of your organization’s staff should include all business stakeholders, including IT, Security Leads, Legal, Communications/PR, HR and C-level executives.

4. Functionality

Industry Knowledge. Whether you are preparing policy, training your staff, or testing your services; the incident readiness provider you evaluate should be knowledgeable of your industry. They need to have research capabilities that can keep them ahead of the threat actors’ tactics and techniques. With procedures and the flexibility in place to offer their services to you match the layout of your organization.

5. Pricing

Flexibility. Pricing should be both flexible and affordable. Your incident readiness services provider should offer a roadmap of services to you with its long-term pricing upfront including the option to purchase in one transaction or spread your payments over several years if necessary (depending on how long the roadmap is). This roadmap should ideally include a retainer that provides proactive services that covers planning, preparing and exercising your response.

Ultimately, you need to choose a partner that you trust — hence the phrase “trusted partner.” Do it now, before an attack happens so you don’t end up choosing the first one that comes along. Take the time to choose the right one.

IBM was named as a leader in the IDC MarketScape because we offer a fast delivery of services at a low cost, with high value, and a vast portfolio of IR capabilities to help organizations build cyber resilience. These are qualities that matter in a trusted partner when it counts most.

In the cybersecurity world, I don’t think the term “partner” is a business cliché at all. I think it’s an absolute necessity.

Download the IDC MarketScape for Worldwide Incident Readiness Services 2021 report excerpt to find out how your organization can improve its incident readiness, register for our webinar Building Cybersecurity Muscle Memory for Effective Incident Response and learn more about IBM Security X-Force.

More from CISO

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

6 Roles That Can Easily Transition to a Cybersecurity Team

With the shortage of qualified tech professionals in the cybersecurity industry and increasing demand for trained experts, it can take time to find the right candidate with the necessary skill set. However, while searching for specific technical skill sets, many professionals in other industries may be an excellent fit for transitioning into a cybersecurity team. In fact, considering their unique, specialized skill sets, some roles are a better match than what is traditionally expected of a cybersecurity professional. This article…

Laid Off by Big Tech? Cybersecurity is a Smart Career Move

Big technology companies are laying off staff as market conditions change. The move follows a hiring blitz initially triggered by the uptick in pandemic-powered remote work — according to Bloomberg, businesses are now cutting jobs at a rate approaching that of early 2020. For example, in November 2022 alone, companies laid off more than 52,000 workers. Companies like Amazon and Meta also plan to let more than 10,000 staff members go over the next few years. As noted by Stanford…