TechCentral and Veeam recently hosted a high-level executive roundtable focused on the critical actions business leaders must take during cybersecurity incidents.

The session was moderated by Jaydev Chiba and brought together senior delegates from various sectors including retail, banking, local and provincial government, and online gaming, alongside key Veeam executives.

The objective was to foster a strategic discussion on key areas of the incident response lifecycle. The discussion was structured around three pivotal topics of a cyber event:

The first six hours: Executive awareness and initial action
To pay or not to pay: Decision making in response to ransomware
Rebuild or restore: Executive strategy in recovery planning

Key takeaways from the session

Participants shared real-world experiences and emphasised several critical factors for effective incident response:

Speed is essential: Initial escalation and response must happen rapidly – often within five to 20 minutes in high-impact scenarios. Delays can significantly worsen the situation.

Clear escalation protocols: Organisations must have well-defined management frameworks to guide swift and effective decision making.
Accurate, real-time information: Leaders need fast access to key details – scope of the incident, affected systems, potential customer impact and immediate response actions.
Communication strategy: Transparent, timely communication – internally and externally – is vital to maintaining trust and managing stakeholder expectations.
People matter: From cyber teams with strong business context to well-informed end users, the human factor is central. Calm, competent responders can make all the difference.
Ransomware preparedness: Pre-defined frameworks for ransomware response – whether to pay or not – must be rooted in a clear understanding of recovery capabilities. The ability to restore without paying ransom is the ultimate defence.
Business-driven recovery: Recovery efforts must be aligned to business priorities and impact, not just technical availability. Business continuity planning, disaster recovery planning and executive oversight are key enablers.
Evolving threat landscape: Executives noted the rise of AI-driven attacks and advanced ransomware tactics, including data exfiltration and threats to disclose breaches to regulators – requiring constant evolution of security strategies.
Third-party risk: Supply-chain vulnerabilities remain a significant challenge. Continuous assessment of partner and supplier cyber maturity is a must-have.
Data resilience: True resilience is more than just backup and recovery – it requires an integrated approach spanning security, portability and intelligence across on-premises, hybrid, multi-cloud and SaaS environments. Achieving high resilience is a continuous journey, underpinned by investment in people, process and technology. Benchmarking against industry standards and independent assessments can support this progression.

The roundtable was defined by open and frank sharing, insightful debate and practical takeaways. Delegates left with a deeper understanding of how to refine their incident response strategies and better prepare their organisations for the inevitable challenges to come.