The Importance of Regular Cyber Attack Response Drills


Cyber Security is becoming a top priority for most organizations.  The majority of business and government entities have a cybersecurity strategy in place that includes various solutions for meeting each organization’s unique needs.  One of the items that should be included across the board however, is a well coordinated cyber response plan.

Cyber attacks will eventually occur.  How an organization responds once it has been attacked is the key to reducing the extent of the damage done as well as improving recovery time.  Once a solid cyber response plan is in place, practicing regularly is one of the best ways to ensure it’s success.

cyber attack response plan is most beneficial when it’s employed across all C-suite functions.  Not only that, it must also be designed to combat threat actors which are constantly evolving.  This requires a complex yet fluid plan involving many players.  Regular practice is essential.

Like fire drills, having a cyber attack “drill” gives all levels of the organization an opportunity to practice their specific roles should a real cyber breach occur.  In addition to improving the overall team response during a cyber attack, practicing the cyber response plan regularly also offers an organization a variety of additional benefits.

  • Gaps in the response can be identified and filled.
  • Coordination is reviewed and streamlined.
  • An opportunity to discuss new developments in the cyber security strategy, and how the response plan will be adjusted to meet them is created.

Another benefit of setting aside this time to practice and discuss the organization’s cyber strategy and response is that it provides a rare chance to improve cyber fluency.  Public and private entities require many types of professionals to ensure success.  Only a handful will have more than a base knowledge of cyber security and technology.  Supporting the rest of the staff in broadening their cyber fluency can improve security, along with overall efficiency throughout the organization.

While some entities will be able to meet these needs internally, others can take advantage of support from organizations like Innové.  Our team of former NSA professionals employs proprietary frameworks to inventory and prioritize client Critical Systems and Data Assets (CSDAs), we provide regular current cyber-intelligence briefings on cyber threat actors and their emerging capabilities, we monitor and report on developments in vendor capabilities (including startups) and update recommendations to optimize the mix of cyber vendor solutions for the unique needs of each client. We then improve cyber fluency and “executive team” incident response across C-suite functions.  To learn more about how we can help your organization, please contact Innové Strategy Vice President Brandon Neff at