TL;DR:

Cyber incidents are a reality in today’s digital world. The focus must shift from avoidance to response, resilience, and learning. Effective IT leadership, incident recovery plans, and continuous improvement are vital in minimising long-term impact.

Cyber Incidents Are Inevitable What Truly Matters Is the IT Response and Organisational Learning

By Richard Keenlyside

In an age of sophisticated cyber threats, the question is no longer if a cyber incident will occur, but when. As organisations become increasingly interconnected and data-driven, cyber incidents are a near-certainty. For IT leaders, especially in large enterprises, the critical focus must be on how teams respond and what they learn from each event.

The Real Measure of Resilience: Response and Recovery

At the LoneStar Group, where I serve as Global CIO, our operational scope spans 13 international entities. We understand that cybersecurity threats don’t respect borders or business hours. In 2024, we executed a global cybersecurity enhancement initiative—penetration testing, awareness training, endpoint hardening, and outsourcing to a dedicated Security Operations Centre (SOC). These weren’t reactive decisions but part of a broader proactive IT strategy.

Effective cyber incident response isn’t about eliminating every risk—it’s about minimising the impact of those that do get through. A robust response framework should include:

• Rapid threat identification and containment

• Clear chain of command and escalation procedures

• Integrated communication plans for internal and external stakeholders

• Post-incident reviews with cross-functional input

  
  

Why IT Teams Must Adopt a Learning Mindset

Cybersecurity is as much about culture as it is about technology. Organisations that treat incidents as learning opportunities emerge stronger. IT teams must foster a blameless post-mortem environment—what went wrong, why, and how to improve systems and training moving forward.

From my advisory role with M.I. Dickson, I’ve repeatedly seen the benefits of a closed feedback loop. AI-powered insights, data lakes, and dashboards (like those deployed via Power BI) are instrumental in identifying breach patterns and systemic vulnerabilities.

Embedding Cybersecurity into Business Strategy

Cyber incidents should not be seen solely as technical failures—they are business risks. Embedding cyber resilience into the corporate strategy involves:

• Board-level ownership of cybersecurity

• Alignment of IT and business continuity planning

• Continuous simulation and red-teaming exercises

• Investing in staff awareness and phishing simulations

IT leaders must be strategic, not just reactive. Whether advising private equity clients at Endava or overseeing cloud migrations, I’ve found that aligning cybersecurity with strategic growth plans is essential for sustainable success.

The Role of Technology in Enhancing Response

Today’s landscape demands more than just firewalls and antivirus. Intelligent automation, AI-enabled threat detection, and incident orchestration platforms are game-changers. At Northumbrian Water Group, the implementation of Robotic Process Automation (RPA) freed up 75,000+ hours annually—time that can now be redirected towards resilience planning and innovation.

Similarly, tools like SIEM, SOAR, and AI-driven anomaly detection are not luxuries; they are necessities.

Frequently Asked Questions (FAQs)

Q1: What’s the first step in responding to a cyber incident?

A1: Containment. Preventing lateral movement and preserving evidence should be prioritised immediately.

Q2: How can organisations better learn from cyber incidents?

A2: Conduct structured post-incident reviews, document lessons learned, and integrate them into policies and training.

Q3: Who should be involved in incident response?

A3: A cross-functional team including IT, legal, communications, HR, and senior leadership.

Q4: How often should incident response plans be tested?

A4: At least annually, with additional tests when there are significant changes in infrastructure or personnel.

Conclusion

Cyber incidents may be unavoidable, but the damage isn’t. An agile IT team, a strategic mindset, and a culture of continuous improvement define an organisation's true cyber maturity. It’s not about avoiding every attack—it’s about being prepared to respond, recover, and learn. That’s how we future-proof our enterprises.

Richard Keenlyside is the Global CIO for the LoneStar Group and a former IT Director for J Sainsbury’s PLC.

Call me on +44(0) 1642 040 268 or email richard@rjk.info.

Follow me on X https://x.com/cioinpractice & LinkedIn https://www.linkedin.com/in/richardkeenlyside/