Practical, executive-ready guidance on ransomware readiness, incident response, AI agent incidents, security operations, tabletop exercises, and crisis decision-making.
Get new cyber crisis readiness insights by email through The First 72 Hours, Todd Nelson’s newsletter on ransomware preparedness, executive incident response, recovery decision-making, and the first 72 hours of a cyber incident.
Subscribe to The First 72 Hours Newsletter
A practical breakdown of the people, decisions, communications, recovery assumptions, and evidence steps every ransomware plan should define before an attack.
Read Article
Why backups are only one part of ransomware readiness — and what leadership must know about restoration order, credential access, testing, and business continuity.
Read Article
How incident response, recovery planning, executive communications, vendor coordination, and business continuity fit together in a true cyber resilience model.
Read Article
How to design a useful tabletop exercise that tests decisions, roles, assumptions, escalation paths, and communications — not just a script.
Read Article
The decisions executives need to make during a cyber incident, what information they need, and where leadership teams often lose time.
Read Article
Seven practical readiness domains organizations should evaluate before ransomware exposes gaps under pressure.
Read Article
What a usable incident response playbook should include: triggers, triage, evidence, containment, escalation, communications, and closure criteria.
Read Article
How organizations can improve alert triage, escalation, MSSP coordination, and leadership reporting before buying another platform.
Read Article
How cyber insurance expectations are changing and why readiness evidence, documentation, MFA, backups, logging, and response plans matter.
Read Article
How to prepare executives for high-stakes cyber decisions before an actual crisis forces those decisions in real time.
Read Article