Close

Why Incidents Are Inevitable But the Chaos Doesn’t Have to Be

2026

So here’s a scenario that is probably familiar to any security leader reading this. Your team detects a serious incident at 11 PM on a Thursday. You have excellent tools for understanding what happened technically. What you do not have, apparently, is a way to instantly coordinate your legal team, your communications team, your regulators, your board, and your IT folks all at the same time -- without someone accidentally emailing the wrong person, missing a notification deadline, or leaving the CISO stranded on a boarding flight with no visibility into what is happening back at headquarters.

That scenario, basically, is why BreachRx exists. And it is a pretty compelling reason.

[YOUTUBE VIDEO EMBED]

Stephen Garcia joined BreachRx as Chief Information Security Officer just weeks before we sat down to talk about all of this. His background spans more than two decades across Western Union, BNP Paribas, Broadridge Financial, Johnson Controls, ConsenSys, FanDuel, and Napster -- which is actually a pretty remarkable career arc when you think about it. He did not join BreachRx because he built the platform. He joined it because, as a longtime practitioner on the customer side, he lived every single problem the platform is designed to solve.

The Gap That Has Always Existed in Incident Response

Most organizations, according to Garcia, actually have solid tools for the technical side of an incident. Detection is fairly mature. Containment is manageable. What is essentially missing, in a lot of cases, is what he calls the governance layer -- the system that manages legal exposure, regulatory deadlines, communications obligations, and the accountability trail simultaneously.

"When a technical event transitions into an enterprise crisis and you need more than a binder and a conference call, that’s where we come in," Garcia said. "The platform creates a governed, auditable, legally defensible response process in real time."

This is actually a category that did not really have a name just a couple of years ago. Gartner now calls it cyber incident response management, or CIRM. BreachRx is largely responsible for helping define what that category looks like in practice.

Garcia is also pretty candid about why most incident response plans fall apart under real pressure. A lot of them, he notes, are designed under the assumption that you will be dealing with a single incident at a time. The moment a second or third issue comes in while you are already in flight on the first -- which is increasingly common in the AI era, when agents can act without anyone clearly assigning ownership -- the plan tends to disintegrate pretty quickly.

Speed and Security Are Not Actually in Conflict

One of the more interesting frames Garcia brings to this conversation is his take on the speed-versus-security tension that a lot of organizations wrestle with. His view, basically, is that this is the wrong conflict to be thinking about.

"The real conflict is between clarity and ambiguity," he said. "When organizations move fast and break things, what actually breaks is accountability. Nobody knows who approved what, who owns the outcome, who caused the failure."

The implication of that is pretty significant. Building governance structures before you need them is not about slowing down -- it is about making sure that when speed actually matters, the right people are already organized around the right information. Garcia used a line from BreachRx’s chief legal officer that stuck with him: the platform helps you slow down so you can speed up. As he put it himself, it is a bit like the drifting scene in Cars -- you go left to go right.

That principle shows up in how the platform is actually built. The out-of-band communication layer, for example, keeps response teams connected even during a ransomware event that has taken down internal systems. Legal gets pulled in at exactly the right moment -- not three weeks late, which can make the difference between a manageable regulatory response and a very expensive one. According to IBM’s Cost of a Data Breach Report, the average cost of a data breach reached $4.88 million in 2024, and organizations with strong incident response capabilities consistently see significantly lower costs.

Personal Liability Is Reshaping How Executives Think About This

One of the things Garcia flagged that is really worth paying attention to is the shift in how executive exposure is being framed in boardrooms right now. The anxiety is not just about whether the company will get breached. It is about whether individual executives will be held personally accountable when it happens.

SEC disclosure requirements, personal liability trends, and derivative lawsuits have changed the stakes in ways that were not really a factor even five years ago. Garcia referenced Joe Sullivan and Tim Brown -- two well-known cases in the security community -- as examples of what that exposure looks like in practice.

BreachRx’s response to this is the CIRM Warranty, which is a genuinely new development in the market. It is a roughly $3 million coverage instrument tied directly to using the platform, protecting executives from personal liability arising from incidents managed through BreachRx. As Garcia put it, "This isn’t marketing. This is a financial safeguard." No other incident response platform has done this. It turns what might otherwise be a software decision into a trust decision.

The SEC’s cybersecurity disclosure rules, which took effect in late 2023, require public companies to disclose material cybersecurity incidents within four business days of determining materiality. That timeline alone is enough to make uncoordinated, manual response processes a serious liability.

What the AI Era Actually Changes About Incident Response

Garcia’s view on AI and incident response is worth sitting with for a minute. The conversation has shifted, in his framing, from "can we detect threats faster" to "do we even know who is acting inside our systems." Organizations are deploying AI agents, AI-generated code, and AI-assisted decisions at scale -- and in most cases, nobody has actually mapped the authority those systems have been given.

"The security question isn’t just, is the AI safe?" he said. "It’s if this AI makes a bad decision, who owns it? And right now that question often gets unanswered."

BreachRx’s Rex AI is essentially purpose-built for this environment. It is not a general-purpose AI tool applied to incident response -- it is a generative AI engine built specifically for the fog-of-war conditions that incident responders actually work in. Time pressure, incomplete information, regulatory deadlines, and cross-functional coordination all at once. Rex AI gives responders accurate, real-time direction based on the specific facts of the incident rather than generic summaries.

The Mobile Command feature addresses a related reality: a lot of incident response happens when executives are not at their desks. Garcia mentioned being contacted while boarding a flight during a serious incident. Mobile Command would have made that situation significantly more manageable.

What CISOs Should Actually Tell Their Boards

Garcia closed with a pretty direct piece of advice for security leaders who are still speaking to boards in technical language. Boards, in his view, do not need to understand firewall architecture. They need to understand what the organization is protecting, what could go wrong, what it would cost, and what is being done about it.

"Confidence comes from clarity," he said. "Not from telling them everything’s gonna be fine."

That is a kind of simple reframe that actually matters a lot in practice. It also points to something Garcia mentioned in a different context: security is fundamentally trust management. Every customer who shares data, every employee who uses company systems, every partner who connects to the network -- they are all making a bet that the organization will treat that access responsibly. The moment that bet feels wrong, you lose them.

BreachRx is, at its core, a platform for making sure that bet stays justified. The 2026 Fortress Cybersecurity Award recognizes exactly that kind of sustained, unglamorous discipline. Garcia put it well at the top of our conversation: he would rather win an award for what was built than for what happened to them. That is probably the right way to think about security excellence in general.

Enjoying insights from industry leaders? Subscribe to The Winners’ Circle podcast on your favorite podcast player and never miss an episode. Listen and subscribe at bintelligence.com/podcast.

Close

Stay Up To Date

Be in the know about upcoming industry award programs, nominees, winners, finalists, and judges

Submit
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.