The first thing many organizations do after a cyber incident is to buy the latest technology that should prevent a recurrence of that kind of incident. This purely reactive response is akin to shutting the barn door after the horse has bolted, and it doesn’t take many incidents before the organization is sinking beneath a disorganized medley of security software and policies. This is an expensive and unsustainable approach.

After a cyber incident, the first order of business should be to identify regulatory mandates that must be addressed. If confidential information has been compromised, for example, the organization must notify the affected stakeholders.

Next, organizations must do a root-cause analysis to fully understand what went wrong and take the appropriate corrective measures. A solution could involve a new piece of technology, a revamp of the organization’s security strategy or simply a stricter enforcement a company’s existing policies. In some cases, educating employees may be all that’s needed - often security threats arise from attackers taking advantage of naïve or careless employees who reveal passwords and access codes.

The cost of the cyber incident also needs to be calculated not just in terms of lost or compromised data and systems, but also loss of good will, regulatory penalties, liability, and system remediation. A better understanding of the cost implications allows an organization to make better decisions about investing in threat-response technology or worker education, for example.

An organization can achieve ironclad security only if it is not online. But that is simply not an option in today’s networked business environment. Organizations must therefore work to understand the nature of the cyber threat and to develop an appropriate response.