Organizations are increasingly realizing that preparing for the inevitable – and it’s rarely a sophisticated cyberattack – requires a broader view of incident response. While significant resources are devoted to defending against ransomware and nation-state actors, more frequent disruptions stemming from misconfigurations, aging infrastructure, environmental events, and software flaws are often overlooked. This shift in thinking, focusing on overall business continuity rather than solely on cybersecurity breaches, was a key theme of a recent webinar featuring cybersecurity experts and thought leaders.
The conversation around redefining incident response strategies beyond the breach highlights a growing recognition that resilience isn’t just about stopping attacks, but about quickly recovering from any disruption. Ann Dunkin, an external fellow and distinguished professor of the practice at the Georgia Institute of Technology, emphasized the importance of preparation, clear communication, consistent practice, and continuous improvement in building that resilience. The discussion, part of a live webinar presented by InformationWeek and Mandiant on February 19, 2026, underscored the need for a more holistic approach to risk management.
Beyond the Cyberattack: A Wider Lens on Risk
Traditionally, incident response plans have been heavily weighted toward cyber threats. However, Dunkin and other experts argue that this narrow focus leaves organizations vulnerable to a range of operational disruptions. A faulty software deployment, a power outage caused by a severe weather event, or even a simple misconfiguration can bring operations to a standstill, often with significant financial and reputational consequences. These events, while less glamorous than a headline-grabbing data breach, occur far more frequently.
The webinar explored strategies for addressing these broader threats. A central idea was the need to move beyond simply reacting to incidents and instead proactively identifying and mitigating potential risks. This includes regularly assessing infrastructure vulnerabilities, implementing robust change management processes, and developing comprehensive disaster recovery plans. The goal is to build an organization that can withstand – and quickly recover from – a wide range of challenges.
The Importance of Living Risk Registers
Dunkin, in a recent interview with HSToday.us, advocated for the adoption of “living risk registers” as a key component of real cyber resilience. Unlike traditional risk registers, which are often static documents created for compliance purposes, living risk registers are continuously updated to reflect the current threat landscape and organizational vulnerabilities.
“I notice the risk register as tactical. It reflects what’s happening day-to-day, whereas the security plan is strategic,” Dunkin explained. She pointed out that in many organizations, particularly within government, compliance requirements often drive security efforts without sufficient funding to address the underlying risks. By integrating compliance considerations into a dynamic risk register that assesses both likelihood and consequence, organizations can prioritize the most critical vulnerabilities and allocate resources accordingly. A risk with a high consequence – such as a potential business shutdown – will naturally rise to the top of the list.
Preparation, Communication, and Continuous Improvement
The webinar highlighted several key elements of an effective incident response strategy. Preparation is paramount, requiring organizations to invest in training, develop clear procedures, and regularly test their response capabilities. Communication is also crucial, both internally and externally. A well-defined communication plan can facilitate protect an organization’s reputation during a crisis by ensuring that stakeholders are informed and that accurate information is disseminated quickly.
However, preparation and communication are not one-time efforts. Practice builds resilience, and organizations must regularly conduct tabletop exercises and simulations to identify weaknesses in their plans and improve their response capabilities. Finally, continuous improvement is essential. After each incident, organizations should conduct a thorough post-mortem analysis to identify lessons learned and update their plans accordingly. This iterative process ensures that the incident response strategy remains effective over time.
You can watch the archived “Beyond Cyberattacks: Evolution of Incident Response in 2026” webinar to learn more about these strategies and how to implement them in your organization. The 62-minute session features insights from Ann Dunkin, Ryan Fries and Jose Toledo of Mandiant, Google Cloud, and Brandon Taylor of InformationWeek.
As organizations face an increasingly complex and unpredictable threat landscape, a shift towards a more holistic and proactive approach to incident response is no longer optional – it’s essential for ensuring business continuity and protecting against a wide range of potential disruptions. The next step for many organizations will be evaluating their current incident response plans and identifying areas for improvement, focusing on the broader spectrum of risks beyond just cyberattacks.
Have thoughts on this evolving approach to incident response? Share your comments below and let us grasp how your organization is preparing for the unexpected.
