During the time of a crisis or emergency, what is the one thing everyone wishes they had more of? Time. In a crisis caused by a cyber security breach you will have information from multiple sources, often incomplete or of uncertain accuracy, that must be factored into decision-making under tight deadlines. There will be pressure from internal and external entities ranging from customers to employees, from shareholders to business partners to regulators, and from the media. There will be competing demands to stop the loss of data, mitigate the effects of the breach, identify the perpetrator, resume normal operations, lock down the systems, analyze the problem, quickly communicate internally and with regulators, and make public statements right now. So how do you get more time? By developing an incident response plan that addresses every aspect of a breach and your response, and of course practicing it.