Crisis readiness and GRC: what this partnership means for IAM teams

TL;DR: 96% of organisations have a cyber crisis response plan, yet over 70% still experienced at least one high-impact cyber event in the past 12 months, underscoring a gap between documented readiness and operational resilience, according to Semperis. The governance problem is no longer whether a plan exists, but whether it survives real incident pressure and audit scrutiny.

NHIMG editorial — based on content published by Semperis: partnership with CGS CyberDefense to improve crisis response and audit-ready compliance

By the numbers:

• 96% of organizations have a cyber crisis response plan, while over 70% experienced at least one high-impact cyber event in the past 12 months.
• 70% experienced at least one high-impact cyber event, event in the past 12 months.

Questions worth separating out

Q: How should organizations prepare identity response plans for a cyber crisis?

A: They should define incident ownership, approval authority, evidence capture, and recovery sequencing before the event occurs.

Q: Why do identity incidents create audit and compliance problems so quickly?

A: Because access changes, recovery actions, and privilege decisions happen under pressure and often across multiple tools.

Q: What do security teams get wrong about cyber crisis readiness?

A: They often treat readiness as a document rather than an operational capability.

Practitioner guidance

• Map identity incident ownership across security, IAM, and GRC Define who approves access changes, who preserves evidence, and who signs off on recovery decisions before a crisis begins.
• Test recovery plans against identity-specific failure modes Run exercises for Active Directory outage, privileged account compromise, and access recovery loss.
• Build audit-ready evidence collection into response workflows Capture privileged actions, change approvals, and recovery timestamps as part of the incident process.

What's in the full analysis

Semperis's full post covers the operational detail this post intentionally leaves for the source:

• The Ready1 and CGS CyberDefense partnership scope and how the combined workflow is positioned for crisis coordination.
• Semperis's breakdown of the specific blockers behind response failure, including communication gaps, outdated plans, staffing shortages, and tool overload.
• The company’s cited readiness study details behind the 96% plan figure and the high-impact event rate.
• The practical framing of audit defensibility and regulatory-ready reporting in identity-led incident response.

👉 Read Semperis's post on the Ready1 and CGS CyberDefense partnership →

Crisis readiness and GRC: what this partnership means for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →