Although companies develop cybersecurity protection and response strategies, rarely are they prepared for all the risks they face when a serious incident actually occurs. These risks include business, legal and regulatory liabilities that arise not only from the attack, but from how a company responds to the attack. They can damage the business and threaten its viability. Addressing those risks often far exceeds the costs of remediating the attack itself.
That is why an effective response to a serious cyber incident is not just a technical effort managed by an in-house response team. It must be a multi-faceted response overseen by an outside expert tasked with protecting the interests of the entire enterprise.