3555: Immersive on Why Incident Response Plans Break Down in Reality

What really happens inside an organization when a cyber incident hits and the neat incident response plan starts to fall apart?

That question sat at the heart of my return conversation with Max Vetter, VP of Cyber at Immersive. It has been a big year for breaches, public fallout, and eye-watering financial losses, and this episode goes beyond headlines to examine what cyber crisis management actually looks like when pressure, uncertainty, and human behavior collide. Max brings a rare perspective shaped by years in law enforcement, intelligence work, and hands-on cyber defense, and he is refreshingly honest about where most organizations are still unprepared.

We talked about why written incident response plans tend to fail at the exact moment they are needed most. Cyber incidents are chaotic, emotional, and non-linear, yet many plans assume calm decision-making and perfect coordination. Max explains why success or failure is often defined by the response rather than the initial breach itself, and why leadership, communication, and judgment matter just as much as technical skill. Real-world examples from major incidents highlight how competing pressures quickly emerge, whether to contain or keep systems running, whether to pay a ransom or risk prolonged downtime, and how every option comes with consequences.

One idea that really stood out is Max's belief that resilience is revealed, not documented. Compliance and audits may tick boxes, but they rarely expose how teams behave under stress. We explored why organizations that rely on annual tabletop exercises often develop a false sense of confidence, and how that confidence can become dangerous when decisions are made quickly and publicly. Max shared why the best-performing teams are often the ones that feel less certain in the moment, because they question assumptions and adapt faster.

We also dug into the growing role of crisis simulations and micro-drills. Rather than rehearsing a single scenario once a year, Immersive focuses on repeated, realistic practice that builds muscle memory across technical teams, executives, legal, and communications. The goal is not to predict the exact attack, but to train people to think clearly, collaborate across functions, and make defensible decisions when there are no good options. That preparation becomes even more important as cyber incidents increasingly spill into supply chains, manufacturing, and the physical world.

As public scrutiny rises and consumer-led legal action becomes more common after breaches, reputation and response speed now sit alongside forensics and recovery as business-critical concerns. This episode is a candid look at why cyber crisis readiness is a discipline, not a document, and why assuming you will cope when the moment arrives is a risky bet.

So if resilience only truly shows itself when everything is on the line, how confident are you that your organization would perform when the pressure is real and the clock is ticking?

Useful Links

• • Connect with Max Vetter on Linkedin
  • Learn more about Immersive Labs
  • Follow on LinkedIn, Instagram, Twitter and Facebook

Thanks to our sponsors, Alcor, for supporting the show.