Effective response to cyberattacks requires organizations to prioritize communication with stakeholders throughout the entire cyberattack cycle [2]. This includes regularly engaging with business leaders [3], educating them about cybersecurity [1], and ensuring their understanding of the security landscape and potential risks [1]. The support and understanding of leaders are crucial for CISOs in the event of a cyberattack.


During a cyberattack [1] [2] [3], organizations should prioritize effective and empathetic communication to quickly activate response teams and reassure those impacted. To ensure clarity on responsibilities during an incident [1], CISOs and security teams should develop a comprehensive framework that outlines roles and responsibilities [1]. This framework should be reviewed and approved by appropriate leaders in advance [1].

After a cyberattack [1] [2] [3], organizations should conduct postmortems to reflect on the incident and make necessary improvements [3]. Regularly testing and evaluating response plans is crucial to proactively detect flaws and make necessary adjustments [1]. By stress-testing their plan through tabletop exercises [1], organizations can identify weaknesses or issues that need to be addressed [1]. The results of these exercises should be reported to leadership for further improvements [1].


Consistent communication [2] [3], education [2] [3], testing [1] [2], and reflection are key to improving an organization’s response to cyberattacks and avoiding surprises. Creating a frequently tested plan [3], establishing roles and responsibilities [1] [3], updating playbooks [3], and seeking outside help when needed are all important steps in enhancing response to cyberattacks. By prioritizing these measures, organizations can mitigate the impacts of cyberattacks and better prepare for future incidents.


[1] https://ciso2ciso.com/steps-cisos-should-take-before-during-after-a-cyberattack-source-www-darkreading-com/
[2] https://www.darkreading.com/attacks-breaches/steps-cisos-should-take-before-during-after-cyberattack
[3] https://cybersecurity-see.com/key-actions-for-cisos-prior-to-during-and-following-a-cyberattack-source-www-darkreading-com/