After a serious cybersecurity incident, such as a ruinous business email compromise or a paralyzed encrypted network, a business will want to outline the path to “never again.” This will require top-down support and sufficient resources to ensure successful, measurable and long-term cybersecurity. In this guest article, Lewis Brisbois partner Brian Craig provides 12 steps for engaging with the board and C‑suite after an incident to implement an effective incident response plan. See also “How CISOs Can Use Digital Asset Metrics to Tell a Coherent Cyber Story to the Board” (Jun. 3, 2020).