Security bosses need to make sure they are well prepared, and have the right business authority to act decisively during an incident.
Infosec 2013 saw a panel of experts discuss incident response, and what an organisation needed to put in place so they could respond the best way. Edward Tucker, head of cyber security and response at HMRC, said it was essential to have corporate top-level buy-in from the board.
"You need to effectively become God during an incident," he said of an organisation's head of security.
"Heads will run in all directions, both towards you and away from you. It's key that you are in charge and have the authority to coordinate the responses."
It's not just the security team that needs to be responsive during an incident - the rest of the business needs to be fully aware of what's going on to effectively respond.
Tracy Andrew, information security and compliance officer at Field Fisher Waterhouse, added that people needed to be aware of what an incident was and how it needed to be managed.
"If you in your team can't agree what an incident is, how are you going to communicate that to your staff?," he asked.
"Staff need to be aware of what to look for - email phishing, social engineering. It's about making sure the message gets in."
Vicky Gavin, head of business continuity and information security at the Economist Group, said that although they have tried innovative ways of raising staff awareness, ultimately they needed to be an extension of the security team.
She said: "They have to be able to identify when an incident is happening, ideally before it happens, or as soon as it happens so we can get involved quickly.
"We ran a contest last October where we ran a raffle, and to get a ticket to the raffle employees needed to forward a phishing or spam email they received. It was an extremely effective awareness exercise, because it forced people to internalise."