Sign up to save your podcasts
Or
Share How Booz Allen Hamilton Prepares Organizations For A Cyber Crisis
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
How Booz Allen Hamilton Prepares Organizations For A Cyber Crisis
What really determines whether a company survives a cyberattack, the sophistication of the attacker or how well the organization prepared before the breach ever happened?
In this episode of Business of Cybersecurity, I sat down with Andrew Carr, Managing Director at Booz Allen Hamilton and leader of the firm’s Commercial Threat Detection and Response practice. Andrew has spent nearly two decades working in digital forensics, ransomware response, and incident investigations across both government and enterprise environments. During our conversation, he shared lessons drawn from hundreds of cyber incidents and explained why preparation, clarity, and coordination often matter far more than the tools organizations deploy.
One of the most striking themes in this conversation was the importance of the first seventy-two hours during a cyber crisis. Andrew explained that organizations that stabilize quickly tend to have one thing in common. They understand their environments with precision. They know where critical data lives, how systems connect, and which assets attackers are most likely to target. When that visibility is missing, those early hours are often spent trying to answer basic questions rather than containing the incident.
We also explored why traditional incident response exercises sometimes fail to prepare organizations for real attacks. Many companies still run tabletop exercises within individual departments, yet real cyber incidents rarely stay confined to a single team. Andrew described why effective rehearsals must involve the entire business, from technical responders to executive leadership, and why organizations need to define what he calls the “minimum viable company,” the core functions required to keep operations running during a major disruption.
Another key takeaway from our discussion was the role of leadership. Cybersecurity can no longer be treated as a purely technical function handled by the IT or security team. Andrew argues that cyber risk is a business risk, and executives across the organization must understand how decisions, priorities, and communication shape the response when a crisis unfolds.
We also discussed emerging risks around supply chains and AI systems, and how organizations are beginning to think more seriously about resilience rather than prevention alone. In a world where no company can block every attack, the ability to respond quickly and recover effectively is becoming the true measure of cybersecurity maturity.
If you lead a technology team, oversee risk, or simply want to understand how organizations prepare for high-stakes cyber incidents, this conversation offers a clear look inside the realities of modern incident response. When the next breach happens, will your organization be scrambling to understand its environment, or ready to act within those critical first seventy-two hours?
View all episodes
By Neil C. HughesWhat really determines whether a company survives a cyberattack, the sophistication of the attacker or how well the organization prepared before the breach ever happened?
In this episode of Business of Cybersecurity, I sat down with Andrew Carr, Managing Director at Booz Allen Hamilton and leader of the firm’s Commercial Threat Detection and Response practice. Andrew has spent nearly two decades working in digital forensics, ransomware response, and incident investigations across both government and enterprise environments. During our conversation, he shared lessons drawn from hundreds of cyber incidents and explained why preparation, clarity, and coordination often matter far more than the tools organizations deploy.
One of the most striking themes in this conversation was the importance of the first seventy-two hours during a cyber crisis. Andrew explained that organizations that stabilize quickly tend to have one thing in common. They understand their environments with precision. They know where critical data lives, how systems connect, and which assets attackers are most likely to target. When that visibility is missing, those early hours are often spent trying to answer basic questions rather than containing the incident.
We also explored why traditional incident response exercises sometimes fail to prepare organizations for real attacks. Many companies still run tabletop exercises within individual departments, yet real cyber incidents rarely stay confined to a single team. Andrew described why effective rehearsals must involve the entire business, from technical responders to executive leadership, and why organizations need to define what he calls the “minimum viable company,” the core functions required to keep operations running during a major disruption.
Another key takeaway from our discussion was the role of leadership. Cybersecurity can no longer be treated as a purely technical function handled by the IT or security team. Andrew argues that cyber risk is a business risk, and executives across the organization must understand how decisions, priorities, and communication shape the response when a crisis unfolds.
We also discussed emerging risks around supply chains and AI systems, and how organizations are beginning to think more seriously about resilience rather than prevention alone. In a world where no company can block every attack, the ability to respond quickly and recover effectively is becoming the true measure of cybersecurity maturity.
If you lead a technology team, oversee risk, or simply want to understand how organizations prepare for high-stakes cyber incidents, this conversation offers a clear look inside the realities of modern incident response. When the next breach happens, will your organization be scrambling to understand its environment, or ready to act within those critical first seventy-two hours?