How to Control the Message with Commander’s Intent During Cyber Crises

Who is Limor Kessem?

Limor Kessem is a prominent figure in the cybersecurity industry, currently serving as an Executive Security Advisor at IBM Security.

Limor is renowned for her deep understanding of emerging cybercrime threats and their impact on businesses and consumers alike.

Her unique position at IBM Security allows her to work at the intersection of multiple research teams, giving her valuable insights into current and evolving security trends.

She is known for her ability to help security professionals understand and manage business risks effectively.

As a public speaker, she frequently shares her knowledge at industry events and conferences.

Her expertise spans the full spectrum of information security trends, covering issues that affect consumers, corporations, and the broader industry.

Limor's work is particularly focused on emerging threats, making her an authority on the cutting edge of cybercrime.

Interestingly, her passion for security extends beyond the digital realm – she is also an avid Brazilian Jiu Jitsu fighter, demonstrating her commitment to both mental and physical disciplines.

Pro Tip for Connecting with Limor

As a seasoned security advocate and thought leader, Limor is likely to appreciate meaningful discussions and questions related to her areas of expertise, such as cyber intelligence and emerging cybercrime threats.

Remember to:

• Read her posts carefully and respond thoughtfully.

• Ask insightful questions about cybersecurity topics she discusses.

• Share or retweet her content when you find it valuable, adding your own perspective if possible.

• Participate in any discussions she might be involved in.

Insights and Key Takeaways

What Are Crisis-Level Cyberattacks?

Insight: Crisis-level cyberattacks impact the entire organization, not just the security team.

Unlike regular incidents, a crisis-level cyberattack disrupts core business operations, damages reputation, and can even trigger regulatory scrutiny.

The scale of these attacks often overwhelms cybersecurity teams, requiring a broader, unified response involving the entire C-suite and functional teams across the organization.

These attacks are no longer just IT’s problem—they demand a whole-of-business approach to maintain customer trust and business continuity.

Cyber Crisis Management Goes Beyond Cybersecurity

Insight: Effective cyber crisis management involves integration across all departments, not just the IT team.

A crisis response needs more than technical solutions—it requires coordination between business continuity, communications, finance, and legal teams.

Every department must have clearly defined roles, responsibilities, and pre-approved strategies to handle a crisis effectively.

This approach not only ensures a rapid response but also prevents the chaos that can arise when teams operate in silos during a breach.

Preparation vs. Resilience: What’s the Difference?

Insight: Cyber resilience is not just about being prepared—it’s about maintaining control when under pressure.

While preparedness is crucial, true cyber resilience requires a proactive approach that includes regular drills, simulations, and stress tests.

It’s about fostering a culture where every team member knows their role and can act decisively.

Organizations often have incident response plans in place but fail to test them adequately.

This lack of real-world simulation can lead to failures when teams encounter the unexpected chaos of an actual attack.

GTM Teams’ Role in Cyber Crisis Management

Insight: Go-to-market (GTM) teams can enhance resilience by supporting education and awareness campaigns.

Limor emphasizes that GTM teams, especially marketing and sales professionals, can play a crucial role in cyber resilience.

Their insights into market trends and customer behavior can be leveraged to create awareness campaigns that prepare the organization for potential threats.

By supporting the CISO and IT teams, GTM professionals can contribute to the organization’s overall readiness, ensuring that crisis response efforts are well-aligned with broader business strategies.

Commander’s Intent: Control the Crisis Narrative

Insight: Controlling the crisis narrative is key to maintaining trust during a cyberattack.

One of the most crucial aspects of managing a crisis is controlling how information is communicated externally.

Limor advocates for a strategy known as “commander’s intent,” where the organization pre-defines the most critical messages and actions to be taken during a crisis.

This ensures consistency, clarity, and speed in communication, even when executives or key decision-makers are not immediately available.

The goal is to protect the brand and maintain customer trust by delivering clear, accurate, and reassuring messages during chaotic moments.

Learning from Past Mistakes: Equifax and Uber Case Studies

Insight: High-profile breaches reveal the importance of timely, transparent, and well-coordinated crisis responses.

Limor shares two well-known examples of crisis management failures: Equifax and Uber.

Both organizations suffered not just from the breaches themselves but from the way they handled communication and decision-making during the crisis.

Equifax delayed disclosing the breach, leading to greater public distrust, while Uber chose to conceal the breach by paying off hackers—decisions that led to significant reputational damage and regulatory consequences.

These cases underscore the need for pre-defined strategies, transparency, and swift action.

3 Ways GTM Teams Can Boost Cyber Resilience

1. Develop Boundaries to Avoid Burnout

Cyber crisis management can be draining, both physically and mentally.

GTM teams should set boundaries to maintain personal resilience, which directly impacts their performance and effectiveness during a crisis.

Without healthy boundaries, burnout is inevitable, and it reduces overall team effectiveness.

2. Stay Curious and Keep Learning

For GTM teams, staying curious about cybersecurity developments is key to providing relevant insights during a crisis. T

his means understanding key technical terms, being aware of current threats, and learning from cybersecurity experts within the organization.

3. Support Awareness Campaigns

GTM teams should actively support the CISO’s awareness campaigns by communicating the potential impact of cyber risks across the organization.

They can use their communication skills to craft messages that resonate, making the importance of cybersecurity clear to all employees.

TL;DR

Cyber crisis management isn't just about having a plan—it’s about ensuring that plan is understood, rehearsed, and refined regularly.

The difference between surviving a breach and being consumed by it often comes down to preparation and communication.

Organizations that commit to building resilience not only reduce risk but also strengthen trust with customers and partners.

So, the real question is:

Are you truly prepared to manage a crisis?

If not, start now—before it’s too late.

Until next time,
Dani