Organisations need to have plans in place for cyber attack response, which should only be used infrequently but must be able to limit damage and speed recovery. The plan needs to be thoroughly analysed and rehearsed, involve stakeholders of increasing seniority, and should be built into existing structures. It should be regularly exercised to ensure it will function correctly in a crisis situation, and a senior manager should be accountable in its development and maintenance.

Only 1% of malicious emails that reach inboxes deliver malware
In 2024, 99% of email threats to corporations were found to be social engineering or phishing attacks, as per Fortra. Most pre-delivery email defenses struggle