A Tabletop Exercise Designed to identify communications gaps impacting on NIS2 and DORA compliance.
In the wake of a cyberattack, over half of all increased cybersecurity budgets include investment in incident response planning and testing. Despite global regulatory drivers – SEC, NIS 2, and DORA, among others – for increased cybersecurity and, in particular, cyber-incident response oversight by boards and executives, senior leadership often hesitates to invest in the appropriate communications technologies for cyber response. This, despite the fact that 3 out of 4 tabletop exercises that specifically question out-of-band preparedness now reveal organizations would struggle to communicate — a gap deserving of immediate attention.
Common misperceptions that result in inappropriate investment include:
- Lack of understanding of the actual challenges faced when a cyber incident occurs.
- A mistaken belief that normal communications will be available during a cyber-incident.
- A lack of understanding of the tactics used by cyber-adversaries.
This workshop will:
- Explore the evolving regulatory landscape, including the NIS2 Directive and DORA which leave open the potential for criminal liability or being ineligible to serve on corporate boards.
- Walk through a guided tabletop exercise simulating a cyber-incident with identity management disruption leading to downstream consequences.
- Explore challenges that arise when secure communications are overlooked or inadequately addressed during incident response preparation.
- Help to identify potential gaps in NIS2 compliance and how effective out-of-band communication solutions differ from enterprise and consumer alternatives during cyber incidents.
