THANK YOU FOR SUBSCRIBING
Gov CIO Outlook Weekly Brief
Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Gov CIO Outlook
Melissa Kraft, CIO, City of FriscoIn today’s evolving cyber threat landscape, government agencies are facing increased pressure to modernize their approach to cybersecurity while continuing to provide uninterrupted public services. While many organizations have technology incident response plans, a common gap I’ve seen, both in past experiences and peer discussions, is the failure to tightly integrate these plans with business continuity and operational recovery strategies.
This disconnect can cause confusion during high-stakes incidents and extend downtime far beyond what’s necessary. In local government, where public trust and essential services are at stake, we simply can’t afford that.
Why Linking Incident Response to Business Continuity Matters
Technology incident response plans are often focused on detection, containment, eradication, and recovery from cyber threats like malware or ransomware. Business continuity plans, on the other hand, are broader; they define how critical operations continue in the face of disruption, whether due to a cyber event, natural disaster, or infrastructure failure.
“At the heart of continuity and response planning is leadership. It’s not just about having the right tools; it’s about building trust”
Too often, these plans are built in isolation by separate teams—IT security handles incident response, while emergency management or administration leads continuity planning. But these functions are deeply interconnected. For example:
• A ransomware attack can quickly escalate from an IT issue to a city-wide crisis impacting emergency response, financial operations or utility billing.
• Without pre-aligned continuity playbooks, departments are left guessing how to function during IT outages.
• Delays in communications, internally and with the public, erode trust and hamper recovery.
When you link incident response and business continuity, you enable faster decision-making, reduce confusion during an event, and restore critical functions more effectively.
Practical Steps for Leaders
1. Involve Departments in Scenario Planning
Run cross-departmental tabletop exercises. Ask: What if the network is down for 72 hours? What workarounds exist? These conversations uncover dependencies and set realistic expectations.
2. Link Systems to Business Impact
Not all systems are equal. Determine which systems support critical functions and set recovery time objectives (RTOs) accordingly. This helps prioritize limited resources during an event.
3. Define Clear Roles and Communication
A major barrier in incident response is unclear roles. Establish a decision-making structure that includes IT, emergency management, and communications. Don’t wait until an incident to figure this out.
4. Train and Test Together
Regular joint exercises improve readiness. At the City of Frisco, we bring business units and IT together to simulate cyber events. This builds alignment and reveals both technical and operational gaps.
5. Review and Evolve Continuously
Post-incident reviews should result in real updates to both the incident response plan and business continuity strategy. Resilience is a living process—not a one-time checklist.
What to Expect: Recovery Timelines
Recovery from a cyber incident isn’t just about restoring systems quickly, it’s about navigating a month’s long process. IBM’s 2023 Cost of a Data Breach Report found it takes an average of 277 days to identify and contain a breach. That timeline includes investigation, mitigation, system restoration, and addressing the operational and reputational fallout. This makes it critical to have a response plan that supports long-term recovery, not just the immediate technical fix.
Building Trust Through Leadership
At the heart of continuity and response planning is leadership. It’s not just about having the right tools; it’s about building trust. That includes bringing departments into the process early, celebrating small wins, and creating psychological safety so teams feel comfortable asking questions and speaking up during uncertainty.
When leaders view cybersecurity as part of operational resilience, not just a tech issue, the entire organization becomes stronger, more responsive, and better equipped to serve the public, even in times of crisis.
• IBM Cost of a Data Breach Report 2023: https://www. ibm.com/reports/data-breach.
Read Also
