[Reading time: 2 minutes]


This week, I’ve been talking about your incident response to a ransomware attack – Both your organisation’s policy and your incident response plan.

If you are confident that your planning has considered all of the aspects that I mentioned yesterday, my next question is…

Have you ever completed an end-to-end test of the plan to confirm it will work in reality and in the timeframe you expected?


Because, as Mike Tyson once said: “Everyone has a plan until they get punched in the face.”

A boxer standing in the boxing ring, holding a document titled 'Incident Response Plan'. Image generated by OpenAI Dall-E

Testing the plan is like punching yourself in the face (softly!), so you are a little more prepared for the real thing.


The benefit of planning and testing is not just that you end up with a detailed and reliable plan.

It is also the many lessons that you will learn from the act of planning and testing.

Things like:

  • Realising there are critical business processes that you hadn’t even thought about before.
  • Realising that some processes are only critically important on certain days in the week / month / quarter.
  • Realising that you have a significant dependence on Mary (or John), and if they were unavailable during an incident, you’d be in trouble.
  • Realising that the recovery process will take soooo much longer than you had expected.
  • Realising there are some simple things you could do right now to make recovery so much easier in the future.


If you are going to have to learn all of this at some point anyway, wouldn’t you prefer to learn before you’re in the ring with the bad guys?


PS The image in this article has been generated using OpenAI DALL-E 2. This is an Artificial Intelligence (AI) system that can create images based on a text description that you provide. I’ve said it before and I will say it again: If AI is not something you pay attention to, I’m pretty sure you’ll be paying attention soon.