I dislike cliches. I suspect I’m not alone in that, but the truth is I’m guilty of using them on occasion — and I’m probably not alone in that, either.

I was reading a tongue-in-cheek article the other day about the worst clichés in the business world. As you might imagine, some of the usual culprits were there: ideate (is that even a word?), influencer (code for someone who likes the sound of their own voice?) and snackable content (I’d rather have potato chips, thank you).

But there was one word on there that I was surprised to see — and I disagreed with its place on the list: partner.

Much of the reason, I suspect, that I took issue was because I lead the X-Force Incident Response team. I know that when it comes to cyberattacks, even the most well-staffed security team needs a trusted partner. Not just when the attack hits, but before. At the planning stage, creating and rehearsing the playbooks and finding the vulnerabilities before the criminals do. That’s when a partner matters most.

If nothing else, the events over the past 24 months have shown us that having a trusted partner is more important than ever. The number of annual ransomware incidents my team remediates has been on a steady climb: 20% growth in 2019, 23% in 2020, and, most likely, a higher percentage in 2021.

Adding to that, this year the U.S. administration issued an executive order designed to improve the nation’s cybersecurity. While details are still being developed, it’s pretty clear there are sweeping changes ahead — and they will likely have a global ripple effect.

Choosing the right trusted partner in a complex labyrinth of global disruption, government mandates and increasingly aggressive and sophisticated threat actors can seem overwhelming. The good news is IDC may have done much of the footwork for you. IDC recently released the IDC MarketScape: Worldwide Incident Readiness Services 2021 Vendor Assessment, which evaluates vendors and positions them as a leader or a major player in incident readiness.

There are five important attributes and vendor capabilities that IBM feels can help make a trusted partner for organizations. Those attributes are:

1. Employee Strategy

Diversity. Organizations should evaluate vendors that can deliver a comprehensive readiness and incident response (IR) approach. From boots on the ground incident responders, to thought leaders who can develop exceptional educational content and front-of-room trainers who can deliver believable immersive experiences; The vendor should have experts who have experienced cyberattacks in many situations, so they know what to include in your organization’s plans, playbooks and training guides — and how to respond during a live incident.

2. Portfolio

Bespoke. When it comes to incident preparedness, off-the-shelf is insufficient. Every organization has a unique structure and strategy, and a different set of data that is critical to their operation. A meatpacking plant is going to need a different plan than a medical center — and your plans need to reflect those needs. The portfolio offering should be varied and tailored to your specific requirements.

3. Delivery

Education. The incident readiness delivery team must be match-fit professionals working on the latest breaches, attending the best industry training courses, and must hold up-to-date certifications. The team should regularly attend personal incident readiness and incident response training to better understand and appraise the experience they are delivering. The preparation and education of your organization’s staff should include all business stakeholders, including IT, Security Leads, Legal, Communications/PR, HR and C-level executives.

4. Functionality

Industry Knowledge. Whether you are preparing policy, training your staff, or testing your services; the incident readiness provider you evaluate should be knowledgeable of your industry. They need to have research capabilities that can keep them ahead of the threat actors’ tactics and techniques. With procedures and the flexibility in place to offer their services to you match the layout of your organization.

5. Pricing

Flexibility. Pricing should be both flexible and affordable. Your incident readiness services provider should offer a roadmap of services to you with its long-term pricing upfront including the option to purchase in one transaction or spread your payments over several years if necessary (depending on how long the roadmap is). This roadmap should ideally include a retainer that provides proactive services that covers planning, preparing and exercising your response.

Ultimately, you need to choose a partner that you trust — hence the phrase “trusted partner.” Do it now, before an attack happens so you don’t end up choosing the first one that comes along. Take the time to choose the right one.

IBM was named as a leader in the IDC MarketScape because we offer a fast delivery of services at a low cost, with high value, and a vast portfolio of IR capabilities to help organizations build cyber resilience. These are qualities that matter in a trusted partner when it counts most.

In the cybersecurity world, I don’t think the term “partner” is a business cliché at all. I think it’s an absolute necessity.

Download the IDC MarketScape for Worldwide Incident Readiness Services 2021 report excerpt to find out how your organization can improve its incident readiness, register for our webinar Building Cybersecurity Muscle Memory for Effective Incident Response and learn more about IBM Security X-Force.

More from CISO

Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

5 min read

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read