Incident response (IR) is a key part of any large organization’s security posture. Ensuring your teams know how to react to different situations and scenarios enables companies to respond quicker and more effectively to cyberattacks.
There’s also a cost benefit. According to IBM’s Cost of a Data Breach Report 2020, companies with an incident response team that tests IR plans using tabletop exercises or simulations saw breach costs reduced by an average of $2 million compared to companies with no IR team or IR testing.
But what is the right cadence for such tests to ensure proper decision making during a crisis?
Once-a-year wargames are not enough for effective IR
Rebecca McKeown, an independent chartered psychologist, is an expert in decision making and understanding situational awareness who worked with both the UK Civil Aviation Authority and the UK’s Ministry of Defense. She sees direct parallels between military and cyber, and a way to carry learnings about decision making from one to the other. “The problems are the same: high pressure, fast paced, very complicated, high stakes, and a lot of stakeholders,” she says. “It’s the same sort of problem just in a different domain.”
