Crisis readiness reality check

15/05/26 Wavenet
Crisis readiness reality check placeholder thumbnail

8 practical steps to see if your response to a crisis will hold up under pressure.

Think your crisis drills make you ready? Think again.

It’s important to acknowledge a hard truth. Scenario planning and tabletop exercises are valuable, but they can create a false sense of confidence. Real crises do not follow a script. They move faster, hit harder, and expose gaps that controlled rehearsals often miss.

Most crisis plans look strong on paper, clearly structured, documented, and approved. However, real disruption quickly reveals how an organisation actually operates, testing not just the plan itself but the speed of response, the alignment between teams, and the quality of decision-making under pressure.

The reality is that disruption is both more frequent and more costly than many organisations expect. The average cost of downtime can reach thousands per minute, and only around 20% of organisations consider themselves fully prepared for outages1. At the same time, incidents often take months to detect and contain, extending impact far beyond the initial trigger.

Success depends on whether teams can act together, with clarity and confidence, when it matters most. This is why leading organisations are moving towards more connected, real-time approaches to resilience, where visibility, communication and action are fully aligned.

Use the following practical steps to stress-test your plans and sense-check whether your organisation is truly ready.

1. Can you make decisions quickly when it matters?

In a crisis, hesitation creates risk. The ability to make fast, confident decisions depends on having the right insight at the right time, particularly when most breaches take on average, over 200 days to detect and contain2, leaving organisations exposed if visibility is limited.

Do this:

    • Define clear decision thresholds before a crisis happens
    • Give teams access to a shared, real-time operational view
    • Empower teams to act without waiting for multiple approvals

Solutions that bring together cyber, network, and operational visibility make this possible, removing blind spots and enabling faster, more informed decisions.

2. Are you relying too much on key individuals?

Disruption does not wait for the right people to be available. Your response must be resilient to absence, especially when many organisations still rely heavily on small, centralised teams to manage continuity and response.

Do this:

    • Assign deputies for every critical crisis role
    • Document responsibilities clearly and share them across teams
    • Rotate leadership roles in exercises to build real capability

Building capability across teams, supported by shared systems and processes, reduces dependency on individuals and strengthens resilience overall.

3. How quickly can issues move across your organisation?

How quickly information flows across your organisation will define how effectively you respond. Poor communication and unclear response structures remain a major barrier, with 29% of technology leaders citing unclear response plans as a key challenge during incidents3.

Do this:

    • Simplify escalation paths so anyone can raise a critical issue quickly
    • Align cyber, operational, and business teams on a shared process
    • Remove unnecessary approval layers during incidents

Connected systems and unified communications ensure incidents are escalated and understood in real time.

4. Will communication stay clear under pressure?

When disruption hits, clarity becomes one of your most valuable assets. Yet, human factors such as poor coordination and slow response remain one of the leading causes of plan failure.

Do this:

    • Establish a single source of truth for incident updates
    • Define who communicates what, internally and externally
    • Set up backup channels if primary systems fail

Strong communication frameworks keep teams aligned and reduce uncertainty.

5. Can you handle more than one issue at once?

Real crises rarely happen in isolation. They are layered, fast-moving, and interconnected across systems, suppliers, and operations. In fact, third-party involvement is now seen in around 30% of breaches4, highlighting how quickly external issues become internal problems.

Do this:

    • Run scenarios involving multiple, overlapping incidents
    • Plan for impacts across cyber, supply chain, and operations
    • Build flexibility into how resources are allocated

End-to-end visibility across networks, systems, and partners is key to understanding and managing this complexity.

6. Can your plans adapt when things change?

No crisis will follow your plan exactly. Your ability to adapt is what determines success, particularly when organisations that rely on rigid processes struggle to keep up with fast-moving disruption.

Do this:

    • Train teams to respond to changing conditions, not just follow scripts
    • Allow for deviation in playbooks based on real-time insight
    • Review and adjust actions continuously during an incident

Being flexible and scalable enables organisations to adjust their response in real time and effectively manage incidents of varying size and complexity.

7. Have you actually tested your plan properly?

Controlled exercises rarely reflect reality. If your testing feels predictable, it is not preparing you for real disruption.

Despite this, only 30% of organisations regularly test their incident response plans. The other 70% have plans that look good on paper but have never been validated under pressure5 leaving many unprepared for real-world disruption.

Do this:

    • Introduce unexpected variables mid-exercise
    • Simulate loss of systems, people, or data
    • Run cross-functional exercises instead of siloed ones

The goal is not to validate your plan; it is to challenge it.

8. Will your people act, or wait?

Ultimately, it is your people who determine how your organisation responds. When crisis management fails, it’s often due to behaviour, not process, with poor coordination and lack of clarity being key issues.

Do this:

    • Encourage teams to act, not wait for permission
    • Build understanding of crisis roles beyond individual functions
    • Reinforce trust and accountability across the organisation

When people are supported by the right tools, visibility, and processes, they can act with confidence and alignment under pressure.

Need some help?

Building real crisis readiness goes beyond documentation. It requires connected systems, clear visibility, and the ability for teams to act quickly and in alignment when it matters most.

We work with organisations across all sectors to strengthen resilience by connecting critical systems, improving visibility, and enabling seamless communication.

If you are looking to move beyond isolated planning and build a resilience capability that performs in the real world, we are here to help.

 

1 The True Cost Of Downtime (And How To Avoid It)

2 State of Resilience 2025: Confronting Outages, Downtime, and Enterprise Readiness

3 The Global Cyber Resilience Study 2024-25

4 Cyberattacks surged in 2025, with third party attacks seeing a huge rise | TechRadar

5 Cyber security breaches survey 2025 - GOV.UK

Ready to see how your response holds up?

Get in touch to discuss how we can help you stress-test your crisis readiness in real-world scenarios.

Cyber security services Talk to us

Cyber Security, business continuity

Latest blogs

See all posts
Think you’re safe from modern threats? Think again.
Think you’re safe from modern threats? Think again.

By Martin Lewis, Head of Business Continuity Sales at Wavenet

Read more
Teamslink
How TeamsLink is evolving into an AI-powered contact centre, and what it means for your organisation

Expectations aren’t slowing down. Teams are being asked to do more with less. At the same time, the way we manage conversations is changing fast, driven by AI, data, and growing compliance demands.

Read more
pstn-switch-off-dates
PSTN switch-off dates explained: what’s really happening (and when)

If you’ve seen different dates quoted for the UK’s PSTN switch‑off, you’re not alone.

Read more
phishing
Phishing remains the UK’s most disruptive cyber threat | Cyber Breaches Survey 2025/26

The latest Cyber Security Breaches Survey 2025/26, published by the UK Government, reinforces a reality many organisations already recognise: phishing remains the most common and most disruptive type of cyber attack facing UK businesses and charities.

Read more
cyber-insurance
How to reduce cyber insurance premiums through better IT security

Cyber insurance premiums for UK businesses have risen sharply in recent years. Insurers are tightening underwriting requirements, increasing excesses, and in some cases refusing cover altogether - particularly for organisations with weak cyber security controls.

Read more
Cyber resilience is no longer about prevention
Cyber resilience is no longer about prevention

For years, organisations have measured their cyber maturity by how well they prevent incidents. How many controls are in place. How many standards are met. How clean the audit looks.

Read more