There are a growing number of cyber response companies beginning to hit the scene in response to the sheer number and cost of breaches.
Recently, I read an interesting article by EY in the Business Times about the lack of suitably skilled IT security folk available to protect against the cyber threat and importantly the lack of those skilled in what was referred to as IT forensics.
Whilst this article was right on the money in terms of the lack of skills
and readiness, it misses (or perhaps takes for granted) the all-too-important investigation skills needed for an organisation to be truly ready to tackle a cyber breach.
The reason that I make this point is because I have hired and worked with some absolutely superb digital investigators (my preferred term ;-) and I have also worked with some who were not so capable. One major difference between these two groups is not only their technical skills but also commonly, their ability as good detectives.
Many who enter into IT forensics come for the cyber security field and I have to say that many lack the discipline for process and the ability to be fastidious, yet possess and enquiring mindset of a good investigator. Moreover, many of the IT forensics courses pay little attention to the need for solid investigatory skills and instead almost downplay this important aspect; or most likely just assume that anyone can learn such skills. I can tell you now that this is definitely NOT the case!
If your team does not have the necessary investigative talent then it will likely fail in determining the important causes and extent of the damage from a cyber breach. If you outsource this work then it is vital that you confirm that your selected partner has good investigators in their team; do not take it for granted.
Finally, here is a good wiki link to a quite relevant skills reference for cyber detectives; that of a Fire Investigator.