In the Market Guide for Digital Forensics and Incident Response Services, Gartner emphasises the need for organisations to evaluate incident response (IR) retainers that include both proactive and reactive service offerings.

The report aims to provide security and risk management leaders with information to assess their IR strategies and identify providers that can improve organisational resilience.


In the report, Gartner recommends security and risk management leaders to:

  • Operate under the working assumption that they will have a security breach, and the only variable factors will be the timing, severity and response.
  • Use prepurchased retainer time for proactive activities that can improve their IR capabilities.
  • Define and document the required outcomes of an IR, particularly if they may require legally binding evidence.
  • Consult their cyberinsurance policy for a recommended list of IR retainer services that are existing partners. They could potentially lower their rates by using an approved IR provider or avoid issues in case of an incident requiring that they collect on a cyberinsurance policy.

mnemonic works with organisations before, during and after data breaches, cyberattacks and other security incidents.

Read more about mnemonic’s incident response services.

Read the full Market Guide for Digital Forensics and Incident Response Services here.


Market Guide for Digital Forensics and Incident Response Services, 2019. Toby Bussa, Brian Reed, 11 December 2019.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.