Achieving Integration

To address this vulnerability, Hagerty Consulting developed a programmatic approach to cyber incident management, the Cyber Nexus Approach (CNA). CNA provides a framework for collaboration that focuses on clarifying roles and responsibilities and identifying key points of coordination between the diverse stakeholders involved in cybersecurity.

DNA strand showing the 3 steps of the Cyber Nexus Approach. These steps include Identify and Protect, Detect and Respond, and Recover. The sub-steps include Conduct Assessments and Strategize, Initiate Coordinated Response, Delineate Recovery Roles, and Evaluate Effectiveness of Response.

•  Information & Operational Technology Teams

Manage the technical incident response

•  Emergency Management

Manage the consequences and cascading effects of the incident

$4.54 Million

is the average ransom demand in 2022.

IBM, 2022

Cyber Threat Ready Graphics_SRW_Slider-3

$10.5 Trillion

is the annual expected Cybercrime costs in 2025.

Cybersecurity Ventures, 2020

Cyber Threat Ready Graphics_SRW-12

422 Million

identities were impacted by data breaches in 2022.

PCMag, 2023

Cyber Threat Ready Graphics_SRW_Slider-2


complaints of suspected internet crimes were made in 2022.

Water ISAC, 2023

Cyber Threat Ready Graphics_SRW_Slider-4

The Cyber Disruption Team

The Cyber Disruption Team enables collaboration between Emergency Management (EM) partners and Information Technology (IT) partners in order to effectively respond to cyber incidents and their physical consequences.

Emergency Management (EM) Partners

Management Partners

Information Technology (IT) Partners

Technology Partners

Our Approach


Why Does it Matter? 

To effectively prevent, respond to, and recover from cyber disruptions, emergency management, information technology/operational technology (IT/OT), local and state government partners, and private sector partners must collaboratively establish plans for managing complex cyber incidents and test those plans. Ensuring cyber preparedness establishes relationships pre-event and tests viability of planning. Effective planning leads to hardened, more resilient systems, effective alert systems, and a clear chain of command to handle cyber incidents and mitigate cascading impacts.

Recommended Coordination Actions
  • Develop and Maintain Cyber Incident Response Plans
  • Hold Quarterly Cyber Disruption Team Meetings
  • Conduct IT/EM Trainings and Exercises


Team Roles & Responsibilities

IT/OT Team

  • System Monitoring and Hardening
  • Patch Management
  • Penetration Testing
  • Hardware/Software Maintenance

Emergency Management Team

  • Cyber Risk Management
  • Cyber Incident/Disruption Response Planning
  • Training and Exercise

Incident Response

Why Does it Matter? 

A coordinated response ensures that all parties are performing their functional missions while minimizing or eliminating unnecessary duplication of efforts. Coordinating response across IT/OT, emergency management, local and state government, and private sector partners ensures that the response is as comprehensive and effective as possible. An effective response can lead to faster threat identification and stronger coordination across agencies and partners, which enables the targeted organization to better safeguard their assets and reputation.

Recommended Coordination Actions
  • Establish Regular Briefing Schedule Across Disciplines
  • Communicate and Prioritize Response Actions
  • Deconflict Any Response Issues Across Disciplines
Team Roles & Responsibilities

IT/OT Team

  • Digital Forensics
  • Malware Analysis and Quarantine
  • Breach Management
  • Information Technology Disaster Recover Restoration

Emergency Management Team

  • Consequence Management (response to physical cascading impacts)
  • Operational Coordination Across Relevant Disciplines


Why Does it Matter? 

Coordinated recovery actions ensure that the restoration of virtual and physical systems align and that lessons learned from the incident are improved upon. Collaborating on recovery and mitigation activities and managing the long-term impacts of complex cyber incidents supports a community’s ability to recover quickly and increase resilience. Effective post-incident activities enable the targeted organization to restore services faster, complete after-action reporting promptly, and begin mitigation activities to prevent future attacks. 

Recommended Coordination Actions
  • Establish a regular meeting schedule for virtual and physical asset recovery coordination
  • Conduct After-Action Reporting that captures areas for improvement in both virtual and physical arenas
  • Develop a roadmap for long-term recovery actions, including any Mitigation or Grant Management Options
Team Roles & Responsibilities

IT/OT Team

  • Restoring Services (Systems, Data, Connectivity)
  • Update Controls and Processes

Emergency Management Team

  • Recovery of Physical Assets
  • After-Action Reporting

Prepare Your Business

Learn how Hagerty Consulting engages with our trusted clients and partners.

Partnerships & Integration

Hagerty serves as a trusted advisor helping to strengthen the integration between emergency management and cybersecurity missions and capabilities. We provide support with building, implementing, and improving preparedness programs that connect the cyber community with key partners.


Hagerty's plans are operationally focused, informed by meaningful stakeholder and community engagement, and feature decision support tools, checklists, and templates to support implementation.


Hagerty has developed a range of training courses, from web-based training to seminars/workshops to state-wide training programs. We develop training materials and resources that reinforce previous education efforts, reflect a deep knowledge of adult learning techniques, and ensure clients can sustain training.


Hagerty develops and facilitates exercises that range from small discussion-based exercises to full-scale exercises that include hundreds of participants and deploy resources to test capabilities.

Programmatic Assessments

Hagerty helps clients assess areas for improvement, exercise performance, and real-world response and recovery efforts including the facilitation of after-action meetings and stakeholder interviews. These assessments identify gaps and lessons learned, as well as memorialize best practices.

Continuity of Operations

Hagerty's Prepared Division has more than 15 years of COOP experience and extensive knowledge of planning, training, and exercise programs. To ensure compliance with federal standards, Hagerty professionals base COOP planning on essential elements of continuity as outlined in the Federal Emergency Management Agency's Continuity Guidance Circular 1.

Cyber-Kinetic Event Preparedness

Cyber-Kinetic Event Preparedness: Hagerty develops and facilitates plans, training, and exercises that address the cascading impacts of cyberattacks on physical infrastructure.

Want to Know More?

Complete the form below, and you will be contacted by a member of our Cyber Preparedness Planning Team.


Past Projects & Case Studies

Each client and client assignment is unique, and we incorporate those differences into every project deliverable. Learn how we have helped our clients handle complex situations and build on their experiences.