August 1, 2023

Understanding the Costs of Incident Response

Today we’re kicking off a series of posts, Understanding the Costs of Incident Response, that will walk through the various costs that organizations encounter during the incident response process. Over the next few weeks, we’ll look at each of these “buckets” of costs and breakdown what the expected costs would be based on the typical ransomware scenario. Cyber controls play a crucial role in limiting the frequency of attacks. However, what often goes unnoticed is their profound impact on the severity of an attack when it inevitably occurs.

Let’s consider two organizations: one, a typical ransomware victim where there are some controls deployed but others may be missing, misconfigured or there are legacy systems in place; the other, a well-prepared peer where controls are modern and deployed thoroughly and correctly.

Now, we understand that companies of different sizes or industries can have very different cyber risk profiles - a manufacturing company's cyber risk profile will differ significantly from that of a hospital or a law firm. However, when we look at these seemingly identical companies who operate in the same space, engage in similar activities, and with a similar number of employees, the disparity in outcomes between the two becomes glaringly apparent.

Implementing robust and comprehensive controls can help not only limit the frequency of attacks by potentially preventing them in the first place but can also have a substantial impact to the severity and help reduce the overall cost of an attack by mitigating the damage that can be done should an attacker gain entry.

Over the next several weeks, we will share a series of posts that break down the costs across the full IR process that make up the $2.875 million estimate in the typical ransomware scenario shown in this post and then look at key security controls that can help organizations better prepare themselves to face the aftermath of a cyber-attack and make informed decisions that strike the right balance for their own unique risk profile.

Next Post: Investigation Costs >>

Need help now? Contact us at or on our website and talk to one of our technical advisors.

James Gimbi

James Gimbi brings over ten years of breach response, cybersecurity strategy, and public interest technology experience to MOXFIVE. He investigated state sponsored and criminal cyber attacks across defense, finance, healthcare, and government and advanced bipartisan privacy and technology initiatives as a policy advisor in the US Senate. James's blended expertise helps corporate and federal leaders reduce cyber risk and tackle complex threats.

Experts predict there will be a ransomware
attack every 11
seconds in 2021.
from Cybercrime Magazine
Our mission is to minimize the business impact of cyber attacks. 


Incident Response

MOXFIVE provides the clarity and peace of mind needed for attack victims during the incident response process. Our platform approach enables victims of attacks to work with a Technical Advisor who provides the expertise and guidance needed in a time of crisis, and facilitates the delivery of all technical needs required, consistently and efficiently.

Learn More

Business Resilience

With experience on the front lines responding to incidents daily, MOXFIVE Technical Advisors have the unique ability to connect the dots between business, information technology, and security objectives to help you quickly identify the gaps and build a more resilient environment.

Learn More