New platform aims to fix gaps in corporate cyber response plans

Semperis has launched Ready1, an enterprise resilience platform aimed at improving the speed and coordination of cyber crisis management, alongside a new global report highlighting shortcomings in current incident response practices.

The report, entitled The State of Enterprise Cyber Crisis Readiness, draws on a survey of 1,000 organisations across the US, UK, Germany, France, Italy, Spain, Singapore, Australia and New Zealand, and reveals a significant gap between organisations' perceived preparedness and their actual ability to respond to cyber incidents.

According to the study, 96% of companies surveyed claim to have a cyber crisis response plan in place. However, 71% experienced at least one high-impact cyber event in the past year that resulted in critical business disruptions, with 36% experiencing multiple such incidents. The report also notes that 90% of organisations activated their crisis response plan at least once over the previous year, with some reporting more than 25 activations.

In the UK, data indicate that 49% of organisations activated their crisis response team up to four times in the last 12 months due to cyber events, while 37% did so five or more times.

Despite frequent testing of these response plans, the report finds that most organisations are not adequately prepared for real-world scenarios. The main issues identified are disjointed processes, poor coordination and tool sprawl. Staffing shortages, often cited as a cybersecurity challenge, ranked last globally among the blockers to effective incident response.

The top five blockers identified by global respondents were: cross-team communication gaps (48%), out-of-date response plans (45%), unclear roles and responsibilities (41%), too many disparate tools (40%) and staffing shortages (39%).

Cross-team communication was the most significant blocker in the UK, Australia, Singapore and Spain. Outdated response plans and communication issues were the primary challenges in the US, while tool sprawl posed the greatest challenge for respondents in France and Germany. Staffing shortages were most prominent in Italy and New Zealand.

The IT and telecom sectors reported the most frequent high-impact cyber events, followed by energy, transportation, education and healthcare industries.

Marty Momdjian, Executive Vice President at Semperis and responsible for Ready1, commented on the findings, saying: "Cyberattacks don't check your calendar — they hit when you're at your weakest. In moments of crisis, it's not about rising to the occasion, but falling back on the strength of your preparation."

Chris Inglis, the first US National Cyber Director and Semperis Strategic Advisor, said: "In today's cyber threat landscape, the ability to respond swiftly and decisively is just as critical as prevention. Companies need a command centre for crisis management, ensuring organisations have the playbook, the training and the coordination needed to turn chaos into control."

Ready1 is designed to address challenges identified in the report by unifying stakeholders, coordination teams and technical experts under a secure platform. The platform features a secure command centre with live dashboards and automated playbooks, real-time coordination tools, and integrated systems for communications, documentation and task management. The platform also supports continuous readiness through tabletop exercises, role-based team development and after-action review processes.

On average, enterprises utilise more than 20 separate tools for cyber crisis response. Semperis positions Ready1 as a solution to consolidate these various systems into a single, secure platform which remains operational even during infrastructure outages.

Jim Bowie, Chief Information Security Officer at Tampa General Hospital, noted the impact of downtime in healthcare, saying: "In the healthcare industry, downtime isn't just an inconvenience, it's a matter of patient safety. Ready1 is a game-changing all-in-one solution that enables teams to rapidly respond, assess, contain and remediate threats, even when traditional infrastructure fails, because in a crisis, minutes cost millions."