Security leaders are increasingly prioritizing cyber resilience as global regulations become more stringent. Mickey Bresman, CEO of Semperis, emphasizes that frameworks like the SEC’s cybersecurity disclosure rule and the EU’s DORA regulation are compelling organizations to develop and test disaster recovery plans. Despite recognizing the importance of resilience, many organizations struggle to implement it effectively across their operations.

A significant challenge in executing these plans lies in maintaining up-to-date roles and responsibilities as organizational changes occur. Bresman highlights the necessity of preparing well-structured response frameworks, emphasizing that roles should extend beyond security and IT departments. CEOs, legal advisors, and board members, who now face regulatory obligations, must also be involved in tabletop exercises. Such exercises should include mechanisms for tracking decisions and managing media communications to prevent missteps during crises.

Bresman stresses the importance of having a clear succession of roles in disaster response playbooks. If the designated individual is unavailable, it’s crucial to know who can take over and ensure continuity. Having a seasoned incident leader participate in these exercises is vital to maintaining a robust response capability.

In an interview at the RSAC Conference 2025, Bresman discussed why many organizations still fall short in cyber resilience planning. He explored how regulatory pressures are reshaping response plans and highlighted the need for contingency roles and real-time decision-tracking during crises.

As the CEO of Semperis, Bresman leads a company renowned for its enterprise identity protection, threat research, and incident response solutions. Semperis is acknowledged for providing the most comprehensive hybrid directory protection technology and services in the industry, supporting organizations in fortifying their cyber resilience.