Develop and test incident response plans and procedures

Even a well-defended organization will experience a cyber incident at some point. When network defenses are penetrated, an organization should have a clear idea of how to respond. Documented cyber incident response plans that are exercised regularly help to enable timely response and minimize impacts. Coordinate cyber incident response planning across the organization. Early response actions can limit or even prevent possible damage. A key component of cyber incident response preparation is planning in conjunction with the entire executive, business leaders, continuity planners, system operators, general counsel, and public affairs. This includes integrating cyber incident response policies and procedures with existing disaster recovery and business continuity plans.
Source :
https://www.connectsmart.govt.nz/assets/NCSC-Cyber-security-risk-management-Executive.pdf