Former pro boxer Mike Tyson had a wry sense of humor. “Everyone has a plan until they get punched in the mouth,” he once famously said.
The champ fighter’s wisdom rings true in the physical world as well as the digital one, according to Zulfikar “Zully” Ramzan, chief tech officer at cybersecurity firm RSA. Try as you might to stay cool, calm, and collected during a crisis, all pretenses vanish once you get knocked upside the head. Kapow!
Post-breach bewilderment to be all too common among victims of cyberattacks, so much so that Ramzan has dubbed Tyson’s truism, tongue in cheek, “Tyson’s law of cybersecurity.” Ramzan shared his spin on the quote during a Tuesday morning keynote at the annual RSA security conference in San Francisco, which he previewed exclusively with Fortune.
Ramzan filled the shoes of Amit Yoran, former CEO of RSA, who normally would have had the speaker slot on Tuesday. Yoran left RSA at the beginning of the year to join another cybersecurity firm, Tenable Networks, as CEO.
RSA is subsidiary of EMC, the tech giant that recently underwent a mega-merger with Dell, which you can read more about in this recent Fortune feature.
“A lot of people think they know what they’re going to do when something bad happens,” Ramzan said on an earlier call with Fortune, referring to those who have not lived through a security breach. “But when it does they haven’t formulated a good response plan.”
Get Data Sheet, Fortune’s technology newsletter.
Lack of realistic planning can have real repercussions. In a recent meeting with a chief information security officer, the person charged with protecting a company’s computer network, Ramzan said he was flabbergasted to discover that the security strategy the exec had put in place required resources—people, processes, and technology—that the company did not have.
“The plan was in a completely untenable form,” Ramzan said, likening the preparations to “putting empty fire extinguishers in every hallway.” (Ramzan declined to reveal the identity of the company or details of its security plan.)
In Ramzan’s view, this is exactly why network defenders must heed Tyson’s law. In the event of a breach, there’s no time to waste toward recovery.
The tech chief’s advice? Companies smart enough to prep for a breach should follow what he calls the ABC’s of incident response.
The “A” stands for “availability,” according to Ramzan. Make sure to have available resources—ones that actually exist (unlike the manager’s proposal in the anecdote above).
Next the “B” stands for “budget.” Breaches aren’t cheap: when hackers get inside a firm, costs will spike and leadership teams must plan accordingly.
Finally, the “C” stands for “collaboration.” Every department should have point of contacts who know one another before disaster strikes: IT, legal, finance, communications, etc. Because “when you’re camping out at the office” in the wake of a security incident, Ramzan said, “that’s not a time for making introductions.”
For good measure, Ramzan added a “D” to the list, too. “Dress rehearsal,” said Ramzan, the surest way for a company to know whether it can withstand a beating.
You’ve got to practice getting punched.