Exclusive first look at Coalition’s new cyber claims dataGet the 2024 Cyber Claims Report
Cyber Incident? Get Help


Get back to business with our trusted forensics expertise

Coalition Incident Response (CIR)* gives you the digital forensics and incident response (DFIR) team you need to take back control of your business.


Respond to incidents confidently

See how our affiliate — Coalition Incident Response (CIR) —delivers expert investigation and support

during the uncertainty of a cyber incident.

Experts with insurance experience

When engaged, the CIR team collaborates with an organisation's legal and other incident response vendors to help speed investigation and mitigate loss.

Advanced technology and threat intelligence

Once engaged, CIR deploys advanced endpoint protection, detection, and response technology to best assist customers. CIR also combines threat intelligence insights with proven forensics and analysis.

Limit potential incident costs

CIR negotiates with threat actors, deploys the latest digital forensics and incident response (DFIR) tools, and partners with leading cybersecurity providers to help minimise costs and mitigate financial and data losses.

Enhanced cybersecurity services

CIR offers post-incident monitoring to improve a business’s security posture after an attack. CIR also offers add-on service options, including Managed Detection & Response (MDR), incident response (IR) Tabletop Exercises, Customised Security Assessments and more.**


Experience that minimises cost and maximises security


of incidents handled by CIR’s pressure tested and experienced experts


of reported events handled with no cost to the policyholder1


of ransom demands that resulted in payment were negotiated down by CIR1

+30 days

with CIR, policyholders can stay secure with at least 30 days of post-incident monitoring1


CIR is one of several vendors that policyholders can engage in the event of a cyberattack, including ransomware, business email compromise, funds transfer fraud, network intrusion, web application compromise, and more. Policyholders also have access to pre–breach support with incident response planning and tabletop exercises.

Think of digital forensics and incident response (DFIR) professionals as the first responders for cyber attacks. DFIR is a cybersecurity profession that focuses specifically on identifying how incidents occurred, investigating them as well as mitigating damage through expert remediation advice and services. 

Yes, CIR is an affiliate of Coalition, Inc. that offers a myriad of cybersecurity services which are available to businesses even if they don’t have cyber insurance through Coalition Insurance Solutions. Contact us today.

Even the largest companies with well-funded security operations will often benefit from assistance from DFIR partners in the event of a cyber incident. That’s because most internal teams and Managed Service Providers (MSPs) have less day-to-day experience handling live incidents. For good reason, most MSPs primary responsibility is to make sure their client’s IT environment is operational and the defensive technology is configured correctly, maintained and monitored. Digital Forensics and Incident Response (‘DFIR’) on the other hand is a specialisation within the cybersecurity field that focuses primarily on investigating, containing and remediating cyber incidents. Because of this, when organisations want help handling cyber incidents, bringing in DFIR specialists is recommended.

Additionally, in the event of a cyber attack there may be legal considerations that your business needs to consider. If a business handles its own investigation, this could lead to improper handling or loss of evidence that is needed to fully conduct an investigation. Businesses that experience a cyber attack often hire an attorney to lead the investigation and direct the DFIR services vendor. This can help protect the business’ investigative findings in the event of litigation.

There are a lot of things businesses can and should do right now to be better prepared to respond quickly when a cyber incident is developing or when one strikes. 

One of the most effective preparation measures for organisations of any size is a cyber incident response plan. There is tremendous value for an organisation in planning for a cyber incident to ensure internal stakeholders and decision makers have a trusted roadmap to guide them through the incident response process. The plan doesn’t need to be long or complex but it should be tested to make sure everyone involved knows their role and how they support the process. 

We also recommend reviewing the Cybersecurity & Infrastructure Security Agency (CISA) guidance here. It’s organised by role, and provides clear and actionable recommendations for risk reduction.  While it’s designed for small businesses, it’s applicable to organisations of any sizes and type.

For more complex organisations, we recommend using a more comprehensive framework such as the Center for Internet Security’s Controls, which can be customised to match your organisation’s risk profile. Many of these frameworks are free of charge and help internal teams handle the complexity of modern information security challenges. Learn more.

Maintain well-tested, routine, offline backups of critical business data. Businesses can avoid paying a ransom demand or losing data by implementing and testing offline backups so that in the event of a ransomware incident, restoration of such data is possible without the need to pay the cyber criminal’s demand.

Work with Coalition Incident Response today

Cyber incidents can be complicated and costly. That’s why businesses should consider experts with proven experience handling cyber incidents for clients of all shapes, sizes, and industries.

Policyholders: Experiencing an incident? Get help ›

*Coalition Incident Response (CIR) services are available to a policyholder pre-claim or after a claim has been filed. CIR is one of several vendors that Coalition policyholders may engage at the time a claim is filed. CIR is an affiliate of Coalition Risk Solutions Limited.  To see a full range of vendors available to Coalition policyholders click here.  

**Incident response services and Coalition Security Services MDR (managed detection and response) services are provided by Coalition Incident Response (CIR), an affiliate of Coalition Risk Solutions Limited. Incident response services are offered to policyholders as an option via our incident response firm panel.

1Coalition 2023 Claims Report