In this blog you will hear directly from Microsoft’s Deputy Chief Information Security Officer (CISO) for Customer Security, Ann Johnson, about the need for proactive planning in cyber incidents, particularly surrounding communications. This blog is part of a new, ongoing series where our Deputy CISOs share their thoughts on what is most important in their respective domains. In this series you will get practical advice and forward-looking commentary on where the industry is going, as well as tactics you should start (and stop) deploying, and more.
Many companies have strong protocols in place for natural disasters such as earthquakes, fires, and floods. There is a shared understanding that when those events strike, you do not want to improvise your response. You want to act quickly, communicate clearly, and protect what matters most.
Yet when a cyberattack hits—often quietly, invisibly and without warning—many organizations find themselves scrambling. They lack the same level of coordination, rehearsal, and leadership they would apply to a visible crisis. In those moments, when minutes can cost an organization millions, the absence of a tested response plan can be…
