Published by Cain Dornan, Director, Strategy and Consulting, CyberCX on 21 May 2025
This is the first blog in a three-part series ‘Cyber Crisis Ready’ to help organisations prepare and respond to cyber incidents
Imagine your favourite sports team playing the grand final without a game plan.
Imagine a surgeon operating without clear procedures and communication protocols in the theatre.
Imagine your organisation responding to a cyber security incident without a plan.
Reflecting on my time working with organisations to help them prepare for and respond to cyber incidents, I’ve found that many instinctively believe they would be reasonably well placed for a cyber crisis.
And then the reality of an incident actually lands.
There’s nothing quite like the quagmire of competing priorities, conflicting communications, and finger pointing that can emerge when a cyber incident occurs.
A recent study found that 90% of organisations across the US, UK, Europe and Asia-Pacific struggle with effective cyber response.[1]
Without an effective plan (or any plan) to respond to cyber incidents, organisations are basically starting their response to the crisis with a blank sheet of paper.
The early stages of an incident are critical to containment and preventing further damage by a threat actor. Failure to prepare for cyber adversity places organisations at risk of extended downtime, data loss, compliance penalties and reputational harm in the wake of an incident.
A Cyber Security Incident Response Plan (CSIRP) is a critical tool that supports teams to coordinate communication and activities, and understand their roles and functions before, during and after a cyber incident occurs.
The CSIRP isn’t just for IT and cyber security teams. It also supports other teams that will necessarily be involved in the response to a cyber incident, including People and Culture, Legal and Communications. Including these groups supports faster and better decision-making in a crisis.
By the time CyberCX is called to help with an incident, organisations with effective CSIRPs have consistently achieved better, faster outcomes than those who enter an incident unprepared.
In contrast, CyberCX’s Digital Forensics & Incident Response team has worked with many customers whose obvious lack of incident preparedness has resulted in unnecessary complications.
In one such case, the victim organisation had a sprawling network managed by multiple teams that didn’t speak to each other during normal operations – and some team members didn’t consider cyber incidents a concern or their responsibility. This meant the person in charge of the incident spent all their time chasing information from the different teams instead of being able to coordinate. Suffice to say, their response did not go smoothly – and soon afterwards they were working on building out proper plans to be better prepared for next time.
Other incidents CyberCX has responded to include organisations who released communications about the incident without first verifying facts, leading to a situation where statements later had to be walked back, damaging their public image.
When I’ve worked with organisations to uplift their CSIRP, it’s rewarding to see their increased confidence through knowing they have identified their gaps, tightened their processes and are match fit for when, not if, a cyber incident strikes.
Our customers have greater peace of mind when they are not only clear on where to start when something goes wrong, but the plan reflects their cyber threat environment, the way their business operates, and has been tested with key stakeholders.
Proper preparation for a cyber security incident offers the best chance to mitigate incidents while protecting business continuity, stakeholder trust, and organisational resilience.
Ready to get started with CSIRP?
CyberCX’s Strategy & Consulting team can provide the expert support you need to move forward with confidence.
[1] State of Enterprise Resilience 2025 Report
