Incident Response

All organizations face cyber threats that compromise data and interrupt operations. Once an incident is detected, immediate action is critical. Our experts know how to respond to all threat types and understand that cyber incident response capabilities must seamlessly integrate across existing mission-critical functions.

Whether it’s ransomware, business email compromise, a trusted insider, or foreign actor, we provide complete cyber incident response solutions, including preparedness and response planning, incident response, analysis, identification, containment, eradication, mitigation, system refinements, and ancillary mission support functions, such as crisis management, strategic communications and reputation management.

Cyber attacks and other critical security incidents can impede your ability to keep your business moving. We help clients get to the bottom of what happened and limit additional damage. We focus on each phase of the incident response life cycle to deliver tailored plans that meet your organization’s needs. This custom application of fundamental incident preparedness and response components maximizes your organization’s efficiency and effectiveness when dealing with an incident. Clients rely on us to help them at every stage of the incident response life cycle.

Types of incidents we respond to:

  • Ransomware
  • Data breaches
  • Insider threats
  • Business email compromise
  • DDoS attacks

1. Preparation

Being ready for cyber threats is fundamental to the success of your incident response program. This phase involves establishing and training an incident response team and developing appropriate tools and resources you will need for each aspect of incident response. We work with your business to select and implement controls based on the results of our risk assessments to limit the number of potential incidents your organization may face.

2. Detection & Analysis

Residual risk inevitably persists after controls are implemented. Early steps to identify, detect, and analyze threats facing your networks are key to developing effective containment and eradication strategies. Once an incident is identified, we combine the resources and tools necessary to determine the scope, impact, and appropriate response. These efforts determine the source of the incident and preserve necessary forensic artifacts.

3. Containment, Eradication & Recovery

This phase of incident response seeks to prohibit data from leaving networks and prevent further damage. Eradication is the removal of malicious code, actor accounts, or unnecessary access, as well as repairing vulnerabilities that may be the root cause of the incident. Once the incident has been contained and eradicated, recovery can begin. Through a post-incident assessment, we detail the cost, cause, and response for the incident, along with steps that should be taken to prevent future incidents.


Through FTI Technology’s Information Governance, Privacy & Security team, we provide end-to-end e-discovery services globally, using leading e-discovery technology, expert teams, and innovative workflows to help clients quickly and cost-effectively understand the matter and develop case strategy.

Data Identification & Review

Data breaches can have long-lasting effects if they are not properly remediated. We regularly conduct reviews in multiple formats and languages, and our expertise ensures important information is not overlooked, allowing for remediation, regulation compliance, and accurate document preparation. Learn more.

In-bound Call Center & Notification

We can set up an in-bound call center with unique phone numbers in over 30 languages. Our team handles the call center setup, training of staff, and escalation of issues, allowing your organization to focus directly on handling the breach itself. We also provide notification services depending on the need of the organization. Learn more.

Crisis Management & Strategic Communications

Effective management coupled with internal and external communication is imperative during any cybersecurity event – from a business email compromise to a ransomware attack threatening full extinction. Our Strategic Communications experts provide strategic counsel to clients in sensitive situations with legal, financial, regulatory, and reputational implications. They can develop your communications strategy, map stakeholders and audiences, and develop messaging and materials in preparation of a cybersecurity event.