That’s why Bill Swanson, who led defense giant Raytheon (RTN) as chief executive and chairman for ten years, said he is joining the board of cybersecurity firm Resilient Systems, which specializes in automating the responses of companies to cyber threats.

“In my business I saw the prevention side and detection side of security issues and the response side has taken on a lot more importance. I firmly believe it’s not if but when something will happen, so you have to have plans,” Swanson told Fortune.

Companies in this era of cyber attacks, whether by criminal organizations or nation states, have to be proactive both on the defense and response side of cybersecurity, he noted.

“You have to assess what your company tries to protect and put in the right safeguards, but companies also have to learn how to respond,” Swanson said. The goal is to have an automated plan in place about what to do from an information technology point of view, of course, but also how different groups react, collaborate, and communicate at all levels.

That is what Cambridge, Mass.-based Resilient Systems, and its incident response platform, does. The five-year-old company, once known as Co3 Systems, now claims about 70 employees including Bruce Schneier, a noted cybersecurity expert, as chief technology officer. Other companies in the threat response management business include DF Labs, Hexadite and Kryptos Logic. Other, bigger, broader security vendors like Proofpoint (PFPT), Symantec (SYMC) will likely get into this arena as well.

Incident response is tricky business because it involves so many constituencies, said IDC research director Robert Westervelt. “It involves people in the whole chain from the Windows admins who deals with laptops to the malware analysts in the security operations center who do triage work,” Westervelt noted. “These manual processes can be improved with automation but it’s an evolution that doesn’t happen over night.”

Overall the security market is huge, Gartner(IT) expects spending on security products to grow 5% to $75.4 billion this year. The response management subset of that market is small but healthy. IDC expects it to grow from $3.2 billion in 2014 to $4.5 billion in 2018.

Resilient’s incident response platform claims to automate much of the work that has been done by over-matched information technology and security teams. It also performs real-time threat analysis, informs various teams how seriously to take a given threat, and instructs them on what they need to do to shore up defenses.

The company said revenue was up 500% and customer count grew 250% over the past year. Customers include 30 Fortune 500 companies, according to Resilient.

Swanson said one of the lessons learned at Raytheon is that smart companies have to use both “sword and shield” to address cyber threats.” In cyber warfare, you don’t sit there as a goalie in a dart game. You have to do unto others so they can’t do unto you.”

That means companies have to understand (as best they can) how attackers work because it’s always easier to play offense than defense.

In a statement Resilient Systems’ chief executive John Bruce said Swanson’s experience as a business leader at Raytheon will be invaluable to the company as it hits this next stage of growth.

For more on cybersecurity, check out this video:

This story was updated at 10:27 a.m. EST with more detail around the incident response market and the IDC forecast.

Subscribe to Data Sheet, Fortune’s daily newsletter on the business of technology.