The SolarWinds cyberattack, which impacted over 18,000 entities, revealed that many organizations respond to breaches with disorganized, makeshift command centers.
Kevin Mandia, CEO of Mandiant, recognized the 2020 attack on his own firm as the work of Russia's SVR, noting the attackers' sophistication and professionalism. He and other experts argue that with increasing regulatory pressure and reputational risk, this reactive approach is no longer adequate. Effective incident response requires a pre-established infrastructure for rapid action and collaboration among legal, technical, and executive teams.
Cybersecurity experts observe that attackers often show more discipline and coordination than the companies they target. Many businesses have contacts ready but lack a systematic strategy for managing the fallout of a breach, such as regulatory filings, legal risks, and customer notifications.
Anderson Lunsford, CEO of the incident response firm BreachRx, notes that dealing with regulators and auditors can often prove more difficult than managing the technical aspects of the breach itself. This lack of organization puts defending companies at a significant disadvantage.
Traditional training methods like tabletop exercises are criticized as being insufficient for real-world scenarios. Lunsford describes them as theoretical discussions that fail to account for the pressure and dispersion of teams during an actual crisis. A common oversight is the lack of clear guidelines for escalating an incident to the CEO or board. Mandia himself was not informed of the breach at his own company for several days because the threshold for escalation was too high and the response team was focused on containment rather than communication.
To address these shortcomings, a shift from static response plans to a proactive, automated framework is necessary. Modern solutions can automate action plans based on the specific incident and legal jurisdiction, creating secure communication channels for legal, risk, and executive teams. This approach aids operational efficiency and protects the organization and its leaders from regulatory fines and lawsuits. With over 200 global regulations and increasing personal accountability for executives, this has become a critical governance issue.
Finally, the mindset around cybersecurity must shift: breaches are inevitable business risks, not rare disasters. Executives must proactively prepare, regularly practice realistic scenarios, and coordinate across all functions. The capacity to respond quickly and cohesively—treating cybersecurity as a core leadership responsibility—will distinguish organizations that endure minor setbacks from those that suffer major scandals. The takeaway is clear: success in cybersecurity incident response depends on preparation, practice, and viewing the challenge as a fundamental aspect of modern leadership.
