Why every organization must have a Digital Forensics and Incident Response Team?

The point of security is to keep the bad things from happening and support the occurrence of good things. When Bad things happen to an organization, they usually go to law enforcement and the legal system for compensations. To get the legal support - they must demonstrate that the crime was committed that the suspect committed the crime. It means that the organization must provide a trail of evidence to convince the legal system to support them. This is relatively challenging things to do, and an organization will need Digital Forensics and Incident response teams to run and develop evidence for them. Security teams must think in terms of Legally Defensible Security.