Focus on Cyber Incident Response
For Cyber Incident Response, Bad News Needs to Travel Faster
Organizations should set criteria for when a technical incident should activate a broader crisis response, says Mike Barcomb, director of executive cybersecurity exercises at the SANS Institute. Those criteria will be tailored to the needs and unique functions of the organization, but they could include a financial threshold (a predetermined dollar amount is met), reputational element (the news hits a major media outlet or gets shared on social media), or other operational impacts (an incident hampers a key production line).
“If any one of these criteria is met, then we have a crisis,” Barcomb says.