Understanding incident response readiness through human and system telemetry
Muntathar Abid, Priyadarsi Nanda, Manoranjan MohantyPurpose
Small-to-medium enterprises (SMEs) remain vulnerable to cyber incidents because of resource constraints. While incident response plans exist, they are often untested, creating a critical readiness gap. This paper aims to introduce the Incident Response Readiness Score (IRRS), a scenario-based framework designed to empirically evaluate organisational incident response (IR) capability under simulated conditions.
Design/methodology/approach
The IRRS applies a structured scoring rubric calibrated through a Scenario Risk Index to evaluate performance. The authors further introduce human-centric telemetry – decision latency, communication entropy and authority drift – which operate as diagnostic lenses to explain observed readiness outcomes and identify organisational friction without altering IRRS scoring.
Findings
The study diagnosed an SME with a “Reactive” maturity level, revealing a stark contrast between technical potential and operational reality. In spite of modern tooling, response capability was compromised by human–system friction. Telemetry isolated extended decision latency and significant authority drift as root causes. These findings confirm that readiness is defined by decision clarity rather than tool ownership and that the IRRS successfully exposes cognitive failures that static audits miss.
Originality/value
This paper presents the first empirical framework specifically designed to quantify SME IR readiness using risk-weighted simulations. Unlike static compliance audits, IRRS isolates the gap between documented policy and operational execution. The introduction of diagnostic telemetry offers a novel method for distinguishing between technical deficits and human-process failures.