← All glossary terms Glossary

What is Incident Response (IR)?

The structured process of containing, investigating, eradicating, and recovering from a security incident — ideally guided by a tested plan.

Incident Response (IR) is what happens after detection: the structured process of containing the incident, investigating its scope, eradicating the attacker, recovering operations, and learning from what went wrong. Mature organizations have a written IR plan, defined roles, and tested playbooks; less mature ones discover their plan during the incident itself, which is expensive. Many organizations now keep an IR retainer — a pre-agreed contract with a response provider — so the relationship and pricing are in place before an incident happens.

Keep learning

Related terms

Business Email Compromise (BEC)

A scam where attackers take over or impersonate a business email account to redirect payments or steal sensitive information.

Read definition →

Managed Security Services Provider (MSSP)

A company that delivers ongoing security operations — monitoring, detection, response, advisory — as a service.

Read definition →

Managed Detection and Response (MDR)

A security service that combines continuous monitoring, threat investigation, and hands-on response into a single managed outcome.

Read definition →

Endpoint Detection and Response (EDR)

Security software on laptops, servers, and workstations that detects and stops attacks attackers run on the device itself.

Read definition →

Want to talk through how this fits your environment?

Book a no-obligation consultation and we'll explain how this plays out for an organization like yours.

Talk to our team