Assume one of your employees inadvertently clicks on a 'dirty' link. The screen goes blank and a message then appears requesting a bitcoin payment to release the system.
How would your average employee react?
The employee is scared senseless and doesn't know what to do. She decides to fetch a random colleague and asks him to take a look at her computer. Unfortunately, they can only stare blankly at the screen, as neither one has the faintest idea what to do.
The employee is scared senseless and after recovering from the initial shock decides she should contact the IT department. Since her computer has been hijacked, she can't look up their contact details online so she goes around asking co-workers for the number.
The employee is shocked but knows she should phone the IT department. Luckily, the number is displayed on a sticker on her computer screen. After a few minutes, she manages to speak with an IT help desk operator. The operator doesn't immediately understand the situation and tries to reach the company's IT security officer. Unfortunately, he is unable to do so and asks the employee to call back tomorrow.
The employee curses herself for not having been more careful but immediately pulls herself together, refers to the cyber incident chart, which all employees received, and contacts the responsible person in the IT department. The IT department immediately mobilizes the incident team, and each member starts handling the incident in accordance with the procedures discussed during their annual training sessions.
If you picked scenario 1, 2 or 3, you should start working on your incident handling procedure as soon as possible! While it's unrealistic to think that you'll be able to avoid cyber security incidents altogether, you can put in place appropriate procedures to mitigate the adverse effects of such incidents and ensure compliance with the applicable statutory obligations, such as the duty to notify data breaches.