In a video interview for Data Breach Today with the Information Security Media Group (ISMG), A&M cybersecurity expert Rocco Grillo and Kevin Li, CISO for MUFG Securities Americas discuss the importance of cyber resiliency in the face of today’s expansive cyber threats.

Preparation is key. Building effective incident response plans in advance of breaches and conducting tabletop exercises to identify potential gaps and to ensure key stakeholders understand the roles they will play in a response are critical to ensuring quick and efficient responses when incidents do arise. According to Rocco Grillo, “It’s the idea of being proactive, being better prepared and going back to Kevin’s point, testing muscle memory.” Once established, companies should regularly test and update their incident plans to account for changes in the business and to address evolving cyber threats. Rocco says, “Finding gaps during a tabletop exercise is a win. It sure beats finding a gap in the middle of a fire or a crisis.”

Effective teaming is critical for cyber resilience. Cyber incident response involves not only the technical experts, such as the CISO or CIO, but also involves key stakeholders from the business including senior management, executive leadership and the Board. “It’s no longer just making the executive team aware of [an incident]…the executives, the Board need to step in and make critical decisions,” Rocco says. This is increasingly the case as regulatory regimes governing data breaches and cyber incidents expand globally. Senior leadership and the Board increasingly need to be involved in cyber incident response to ensure that all regulatory requirements are met.