Skip to content

Focus on Cyber Incident Response

For Cyber Incident Response, Bad News Needs to Travel Faster

Organizations should set criteria for when a technical incident should activate a broader crisis response, says Mike Barcomb, director of executive cybersecurity exercises at the SANS Institute. Those criteria will be tailored to the needs and unique functions of the organization, but they could include a financial threshold (a predetermined dollar amount is met), reputational element (the news hits a major media outlet or gets shared on social media), or other operational impacts (an incident hampers a key production line).
“If any one of these criteria is met, then we have a crisis,” Barcomb says.

Boards' Cyber Scrutiny May Grow

A new SEC rule issued is likely to heighten boards' interest and engagement in cybersecurity even further—and raise expectations for how CEOs report to boards on their companies’ cybersecurity strategies and practices.