Command-and-control is very important in incident response. Ownership of incident response needs to be at a level appropriate to the importance of incident response within the organization, and the kind of actions that will be required. It would be very difficult for an IT engineer to tell board members that they cannot use their computers that day. Some organizations are beset by cultural differences between the IT department and other staff, as the chain of command has not been adequately established and/or communicated. This is a problem on both sides, as staff may ignore security critical instructions, or IT staff could overstep and impact upon business-critical activity.

The NIST guidelines recommend that a plan receives senior management approval. This enables an incident response team to have the right amount of authority and agency, in line with business aims. The senior manager is responsible for implementing and reviewing the plan, as well as empowering the team.

Command-and-control is also required to manage the handover from incident response to a normal routine. It is very difficult to sustain a war footing in the medium and long term; it is resource intensive and has significant impacts on staff morale. It is important for the incident response team to communicate effectively, and plans should include how the incident response team will communicate with the rest of the organization and with other organizations. This allows feedback to be provided, but also a consistency of messaging. The 2015 attack on TalkTalk in the UK attracted the then largest fine from the information commissioner's office, but the company's media relations limited the effect on consumer confidence. The attack was estimated as having cost $77 million. An attack on Ashley Madison (also in 2015), but which took much longer to reveal, may cost up to $498 million once lawsuits are settled.