COALITION INCIDENT RESPONSE
Get back to business with our trusted forensics expertise
Coalition Incident Response (CIR)* gives you the digital forensics and incident response (DFIR) team you need to take back control of your business.
THE CIR ADVANTAGE
Respond to incidents confidently
See how our affiliate — Coalition Incident Response (CIR) —delivers expert investigation and support
during the uncertainty of a cyber incident.
Experts with insurance experience
When engaged, the CIR team collaborates with an organisation's legal and other incident response vendors to help speed investigation and mitigate loss.
Advanced technology and threat intelligence
Once engaged, CIR deploys advanced endpoint protection, detection, and response technology to best assist customers. CIR also combines threat intelligence insights with proven forensics and analysis.
Limit potential incident costs
CIR negotiates with threat actors, deploys the latest digital forensics and incident response (DFIR) tools, and partners with leading cybersecurity providers to help minimise costs and mitigate financial and data losses.
Enhanced cybersecurity services
CIR offers post-incident monitoring to improve a business’s security posture after an attack. CIR also offers add-on service options, including Managed Detection & Response (MDR), incident response (IR) Tabletop Exercises, Customised Security Assessments and more.**
Experience that minimises cost and maximises security
1000s
of incidents handled by CIR’s pressure tested and experienced experts
47%
of reported events handled with no cost to the policyholder1
44%
of ransom demands that resulted in payment were negotiated down by CIR1
+30 days
with CIR, policyholders can stay secure with at least 30 days of post-incident monitoring1
Trusted by businesses and brokers
Businesses can feel confident knowing they have expert support to investigate, mitigate losses, and help them recover from cyber attacks.
RESOURCES
Active Cyber Insurance is a unified approach to digital risk
Prepare
Explore this primer on cyber incident response planning and guidance. See how the best way to prevent a cyber attack is to prepare for one.
Respond
Coalition’s claims team works closely with panel vendors, including CIR, to help policyholders recover.
Secure
Effective incident response doesn't stop with the investigation, see what services CIR can help a business after a cyber attack.
FAQ
What type of cyber incidents does Coalition Incident Response (CIR) handle?
CIR is one of several vendors that policyholders can engage in the event of a cyberattack, including ransomware, business email compromise, funds transfer fraud, network intrusion, web application compromise, and more. Policyholders also have access to pre–breach support with incident response planning and tabletop exercises.
What is “digital forensics and incident response”?
Think of digital forensics and incident response (DFIR) professionals as the first responders for cyber attacks. DFIR is a cybersecurity profession that focuses specifically on identifying how incidents occurred, investigating them as well as mitigating damage through expert remediation advice and services.
Can I use CIR if my business does not have a policy provided by Coalition?
Yes, CIR is an affiliate of Coalition, Inc. that offers a myriad of cybersecurity services which are available to businesses even if they don’t have cyber insurance through Coalition Insurance Solutions. Contact us today.
I have an internal IT team and a managed service provider, do I still need Digital Forensics and Incident Response (DFIR) in the event of a cyber incident?
Even the largest companies with well-funded security operations will often benefit from assistance from DFIR partners in the event of a cyber incident. That’s because most internal teams and Managed Service Providers (MSPs) have less day-to-day experience handling live incidents. For good reason, most MSPs primary responsibility is to make sure their client’s IT environment is operational and the defensive technology is configured correctly, maintained and monitored. Digital Forensics and Incident Response (‘DFIR’) on the other hand is a specialisation within the cybersecurity field that focuses primarily on investigating, containing and remediating cyber incidents. Because of this, when organisations want help handling cyber incidents, bringing in DFIR specialists is recommended.
Additionally, in the event of a cyber attack there may be legal considerations that your business needs to consider. If a business handles its own investigation, this could lead to improper handling or loss of evidence that is needed to fully conduct an investigation. Businesses that experience a cyber attack often hire an attorney to lead the investigation and direct the DFIR services vendor. This can help protect the business’ investigative findings in the event of litigation.
What are some things I can do right now to prepare my business for a cyber incident?
There are a lot of things businesses can and should do right now to be better prepared to respond quickly when a cyber incident is developing or when one strikes.
One of the most effective preparation measures for organisations of any size is a cyber incident response plan. There is tremendous value for an organisation in planning for a cyber incident to ensure internal stakeholders and decision makers have a trusted roadmap to guide them through the incident response process. The plan doesn’t need to be long or complex but it should be tested to make sure everyone involved knows their role and how they support the process.
We also recommend reviewing the Cybersecurity & Infrastructure Security Agency (CISA) guidance here. It’s organised by role, and provides clear and actionable recommendations for risk reduction. While it’s designed for small businesses, it’s applicable to organisations of any sizes and type.
For more complex organisations, we recommend using a more comprehensive framework such as the Center for Internet Security’s Controls, which can be customised to match your organisation’s risk profile. Many of these frameworks are free of charge and help internal teams handle the complexity of modern information security challenges. Learn more.
What is one recommendation to minimise the impact of ransomware on my business?
Maintain well-tested, routine, offline backups of critical business data. Businesses can avoid paying a ransom demand or losing data by implementing and testing offline backups so that in the event of a ransomware incident, restoration of such data is possible without the need to pay the cyber criminal’s demand.
Policyholders: Experiencing an incident? Get help ›
*Coalition Incident Response (CIR) services are available to a policyholder pre-claim or after a claim has been filed. CIR is one of several vendors that Coalition policyholders may engage at the time a claim is filed. CIR is an affiliate of Coalition Risk Solutions Limited. To see a full range of vendors available to Coalition policyholders click here.
**Incident response services and Coalition Security Services MDR (managed detection and response) services are provided by Coalition Incident Response (CIR), an affiliate of Coalition Risk Solutions Limited. Incident response services are offered to policyholders as an option via our incident response firm panel.
1Coalition 2023 Claims Report
Coalition’s products are offered with the financial security of Allianz Global Corporate & Specialty SE (A.M. Best A+ rating) and Lloyd’s of London (A.M. Best A rating).
