SME looking for Information Security Incident Management

As per an above-average awareness level as per security breaches in its sector, being the financial services industry, this SME is quite concerned about keeping its data safe while also complying to current and upcoming regulation. With all the topics in the newspapers on security incidents, every SME should be keen on the management of those incidents, and this SME actually does. Besides that, new regulations such as the General Data Protection Regulation (GDPR) and the Network Information Security (NIS) Directive with daunting high penalties are a trigger as well. However, it is not easy for the SME to obtain the right in-depth information from the CSP it needs to assess the risks, the way breach notification is taken care of, to what extent and how fast, and how incidents are managed and repeat-incidents avoided.