Cyber Crisis Governance: what the board should rehearse

Many organisations do not have a formal cyber incident response plan. That reality matters, because you cannot rehearse decisions at pace if the basics such as roles, escalation routes, reporting triggers etc. are not written down. Testing cyber crisis governance by engaging the board in a cyber exercise is essential for a viable and dynamic incident response plan and achieves so much more, by bolstering the board’s confidence to be ready.