The number of cyber incidents only seems to continue to increase, and NFIR’s incident response team routinely jumps out as digital firefighters to map and resolve the incident. In an interview with the FD, Arwi van der Sluijs, NFIR’s general manager, discusses the course of a cyber incident. It explains the stages an organization goes through when hit by a ransomware incident and what their common mistakes are that cybersecurity companies encounter in practice. Pulling the plug in a blind panic seems like a logical step, but is an example of one of the mistakes that can only further increase the impact of an incident. Should an organization pay a ransom or not? Is negotiating with criminals advisable? Shut down all networks immediately or in phases?