The moment a potentially notifiable cyber incident is detected, a large Australian organisation could have three regulators knocking at its doorsteps. With the stakes being so high, the clock really starts ticking when it comes to notification obligations. Depending on the severity of the incident, an organisation may choose to activate multiple sub-processes of response as a part of the larger cyber incident response framework. Each of these sub-processes may be catering to differing imperatives like data breach, crisis management or IT restoration. The teams leading these sub-processes may also choose to re-arrange the sequence of steps for response, deviating from the well-defined models which cyber responders are trained to follow (e.g., NIST SP 800-61r2). In a nutshell, cyber incident response is now multi-stakeholder, decentralised and non-linear. Critical incidents may necessitate whole-of-organisation and even whole-of-sector or whole-of-nation frameworks for response. How can organisations remain adaptive to cyber crises, while also retaining the centre of gravity of technical response in the Information Security function? This is the challenge which the speakers dealt with as they instituted a decentralised and multi-stakeholder cyber incident response framework leveraging the Incident Command System and Bronze-Silver-Gold Command Structure. It allowed tactical, operational and strategic tiers of response to be sufficiently autonomous, while also ensuring the unity of command. The speakers will share their experience of plugging cyber incident response with world-class sub-processes of privacy and crisis management in an organisation of national importance. Methodologies will also be shared on effectively testing such frameworks with tabletop exercises.