Announcing The Forrester Wave™: Cybersecurity Incident Response Services, Q2 2024 - Forrester

Home > Featured Blogs > Announcing The Forrester Wave™: Cybersecurity Incident Response Services, Q2 2024 Electricity, water, internet… and incident response. In a threat-glutted 2024, incident response (IR) services are practically a utility, but unlike the providers of the former, these services don’t come from some form of a monopoly. In fact, security leaders have a vast array of choices of highly competent providers, 14 of which Forrester evaluated in The Forrester Wave™: Cybersecurity Incident Response Services, Q2 2024. Are all these providers able to help security leaders on their worst day? Yes. The digital forensics and IR capabilities of each provider are solid. But IR is a lifecycle — from preparation and simulation to post-incident recovery, support, communication, and transformation. This life cycle is supported by an ecosystem of partners and watched closely by three key constituencies: customers, cyber insurance carriers, and regulators. Choosing the right cybersecurity incident response services (CIRS) provider comes down to: The strengths and weaknesses of your program and people. Incident readiness and resilience is, in the eyes of those three key constituencies, just as important as incident response. To get or maintain cyber insurance coverage, for example, organizations must demonstrate overall program maturity and attest to the IR skills and capabilities of internal teams. Look for a provider with a thorough onboarding process that helps them gain a detailed understanding of your environment. The insights gained through onboarding also help them help you use contract, retainer, or engagement time wisely for incident preparation and crisis simulation activities to fill program gaps and meet customer, carrier, or regulatory requirements. The influence of counsel and carrier. From the perennially underskilled to the most mature, all security teams need outside help in a time of crisis. And when it’s time, outside counsel and CIRS providers are the first calls, in that order, security leaders make to ensure every step is covered under attorney-client privilege. Law firms specializing in breach coaching have their favorite providers, as do cyber insurance carriers. In the past few years, CIRS providers courted these IR influencers and added talent with regional, legal, and regulatory expertise. This is particularly helpful given the ever changing breach notification landscape. They also developed ties with carriers beyond panel participation to include posture assessments and attack surface discovery scans during the underwriting and claims management process to speed outcomes for all involved. Be sure your provider is well liked by these influencers and well versed in meeting their needs in addition to your own. The provider’s ability to keep pace with bad actors. To meet retainer- or contract-based response times and keep pace with evolving attacker techniques, many CIRS providers are investing in innovation and initiatives focused on speeding all stages of the IR lifecycle and automating more time-consuming or rote processes like evidence collection. They’re also investing in training for responders and supporting staff to ensure handoffs between teams and communication with stakeholders are smooth and consistent across geographies in a global delivery model. Regardless of the attack or breach type, your provider should be your primary partner and main point of contact throughout the IR lifecycle. Your CIRS provider is critical to timely, thorough, and defensible breach response. This is a market that every security leader should keep up with, so check out the full report for more detail. Forrester clients can schedule a guidance session or inquiry with me to discuss your needs and the providers evaluated in our latest Forrester Wave™ evaluation — or those included in our broader Landscape overview of incident response services. Categories Cybersecurity TrendsSecurity Risk ManagementSecurity Services Get The Insights At Work Newsletter Business Email Address* Country* Country United States Åland Islands Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belgium Belize Benin Bermuda Bhutan Bolivia, Plurinational State of Bonaire, Sint Eustatius and Saba Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Cambodia Cameroon Canada Cape Verde Cayman Islands Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Cook Islands Costa Rica Côte d'Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guyana Haiti Heard Island and McDonald Islands Honduras Hong Kong Hungary Iceland India Indonesia Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, Republic of Kuwait Kyrgyzstan Lao People's Democratic Republic Latvia Lesotho Liberia Liechtenstein Lithuania Luxembourg Macao Madagascar Malawi Malaysia Maldives Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia, Federated States of Moldova, Republic of Monaco Mongolia Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory, Occupied Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Rwanda Saint Barthélemy Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Martin Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Seychelles Sierra Leone Singapore Sint Maarten (Dutch part) Slovakia Slovenia Solomon Islands South Africa South Georgia and the South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syria Taiwan Tajikistan Tanzania, United Republic of Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States United States Minor Outlying Islands Uruguay Uzbekistan Vanuatu Vatican City Vietnam Virgin Islands, British Virgin Islands, U.S. Wallis and Futuna Western Sahara Zambia Zimbabwe Yes, I’d like to receive Forrester’s Insights At Work newsletter and receive occasional survey invitations and marketing communications. New For 2026! Security Budget Planning Guide + Workbook Prepare your 2026 security budget for critical risks. Get our budget planning guide and workbook to assess, prioritize, and implement investments for fortified security in uncertain times. DOWNLOAD NOW Blog Prevent MDR-To-IR Handoff Chaos Before A Breach Jess Burn 6 Hours Ago Security leaders often assume that once they’ve invested in managed detection and response (MDR) services, the hardest parts of breach detection and response are behind them. Alerts are monitored. Playbooks exist. Someone is watching the environment 24/7. Then, they have a security incident. It escalates quickly. And the response feels less coordinated than expected. We […] Read More Blog From Operating Rooms To iPhones: What The Stryker Attack Reveals About Third-Party Risk Alla Valente 8 Hours Ago A recent cyberattack on a global medical device manufacturer shows how third-party failures can cascade from enterprise IT into patient-facing operations. This post unpacks what the incident reveals about concentration risk, vendor dependencies, and real-world impact. Read More