From microsoft.com
As enterprise networks grow in both size and complexity, securing them from motivated cyberthreat actors becomes more challenging. The incident response process can be a maze that security professionals must quickly learn to navigate—which is no easy task. Surprisingly, many organizations still lack a coordinated incident response plan, and even fewer consistently apply it. Having a well-thought-out plan can mean the difference between quickly containing a cyberthreat actor and spending a significant amount of time and money rebuilding assets or addressing widespread business impact. In fact, organizations with both an incident response team and an incident response plan identified breaches 54 days faster than organizations with neither.1