Andy Lunsford, Matt HartleyMarch 20, 20254 Min Readsyahrir maulana via Alamy StockThe reality of the current cyber environment is harsh, and no matter how well-funded or how skilled a security team may be, theres a good chance theyre not quite as prepared as they think.Verizons most recent Cost of a Data Breach Report found that more than 10,000 breaches were reported last year, exposing over 8.2 billion records.With an average cost nearly $5 million, you can imagine the toll of mega-breaches that are making global headlines. The true financial and reputational toll of a breach is incalculable.While its tempting to think that experience and planning can shield an organization from an attack, the simple fact is that incidents happen. No matter an organization's size, malicious actors target networks for financial gain or strategic advantage. Cybercriminals and nation states are relentless, skilled and constantly evolving. For most companies, its not a matter of if they will face a breach but when. Despite best intentions, no company is prepared for the moment that when turns to now.There are several misconceptions fueling an inflated sense of security. Only by acknowledging these limitations can organizations begin to effectively address the challenges when its their turn under the gun.Our Plan Will Guide Us Safely Through a CrisisRelated:Incident response (IR) plans have been an essential component of most companies cybersecurity strategy for a long time. But when an attack takes place and the rubber meets the road, many IR plans tend to be overly strategic and somewhat theoretical, lacking real value for security teams on the ground who are trying to mitigate the impact. In practice, they often fall short because the plan does not include the detailed information necessary to address the chaotic, real-world nature of a cyberattack and the high-stress decision-making that takes place when an attack occurs.When talking with firms specializing in cybersecurity, we hear the same thing almost without exception: Weve never once used a companys IR plan as part of our process. These plans often are too high-level, updated once a year at best, and predominantly focus on broad, strategic directives. When an attack occurs, the immediate need is for clear, actionable steps that reflect the dynamic, evolving nature of the breach, not just an outline of who should be informed and when.We Nailed Our Tabletop Exercise, So Were ReadyWhile tabletop exercises are valuable tools for familiarizing teams (and especially leadership) with incident scenarios, they fall short when it comes to executing in the face of the complexities of a real-world attack.Related:Its hard enough to gather multiple departments -- legal, compliance, IT, public relations and senior leadership, to name a few -- with their own priorities and spread out across multiple locations and time zones during times of real crisis. Now, imagine trying to get a half-day block into calendars for what many of the employees who are needed for the tabletop to be effective -- are likely to write off as an inconsequential training exercise. To maximize participation and secure critical buy-in from across departments, organizations should consider hybrid or staggered exercises that mimic the complexity of live incidents.When the time comes, most internal teams -- no matter how recently theyve had their last training -- will default to what they know. In times of crisis, people will inevitably drop everything and start executing. That often means they do it without planning or following existing procedures, if those even exist. Worst Case: We Break Glass and Experts Come to RescueMany organizations fall prey to the heroic expertise fallacy. Thats the belief that if something catastrophic happens, expert third parties who are external incident response teams, lawyers, and consultants will swoop in and save the day. While third-party experts are certainly skilled at what they do, it takes costly time to develop the understanding that will allow them to be effective.Related:Additionally, during large-scale cyber incidents, your company is not the only one calling for help. If multiple organizations are affected, external IR teams and law firms may be overwhelmed, with larger companies -- often with bigger budgets -- taking precedence. Its a harsh reality: Expert help is often in high demand, and when everyone faces the same crisis, response times can be slower than anticipated, even if youre paying through the nose for it.Building Cyber Resilience in an Unpredictable LandscapeNo organization is truly prepared for a cyber incident. Attacks are unpredictable, messy, and fast-moving, and no amount of planning can fully eliminate the risks. That said, proactive planning is critical in reducing potential incident impacts. Successful organizations recognize the inherent uncertainties and complexities of a breach, even a small one, and take steps to prepare much more thoroughly.The goal isnt to achieve perfect preparation. Thats impossible. Rather, its to build resilience, flexibility, and the organizational muscle memory to respond effectively when the inevitable occurs.About the AuthorsAndy LunsfordChief Executive Officer and Co-Founder, BreachRxAndy Lunsford is CEO and co-founder of BreachRx, provider of the first intelligent incident response platform designed for the entire enterprise. Prior to founding BreachRx, Andy spent 15 years in privacy law and large-scale commercial litigation. Andy co-founded BreachRx to transform incident response and reporting into a routine operational business process while shielding C-level executives from personal liability. Andy has a BA from Washington and Lee University, a JD from the University of Arkansas, and an MBA from the Wharton School of the University of Pennsylvania.See more from Andy LunsfordMatt HartleyChief Product Officer and Co-Founder, BreachRxMatt Hartley is co-founder and chief product officer of BreachRx. He is a 20+ year innovator in cyber security, threat intelligence, cyber warfare, and information operations. Prior to BreachRx, he was a Senior Vice President of Engineering at FireEye and Vice President of Product at iSIGHT Partners, where he held a variety of other leadership roles. Matt previously served in the US Air Force in the Air Intelligence Agency and Air Force Information Warfare Center. After leaving the military, he led research and development teams creating disruptive and next generation cyber and information security, cyber warfare, and information operations technologies at Sytex Inc. and Lockheed Martin's Advanced Technology Labs. Matt holds a CISSP and a Bachelors and Masters in Computer & Systems Engineering from Rensselaer Polytechnic Institute.See more from Matt HartleyWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like