It is foolish to wait until an enterprise is in the midst of a data breach to test its cybersecurity incident response plan (CSIRP). How likely is it that the enterprise will know that a cyberattack is underway and be able to react appropriately? Are the enterprise’s current policies and procedures sufficient to effectively detect, respond to and mitigate sophisticated cybersecurity incidents?