Most incident response plans only address eradication and recovery in an effort to return the business to normal operations as quickly as possible. In the haste to close investigations and move on to the next issue, it’s easy to ignore the critical phase of post-incident review. Skipping this phase robs security teams of invaluable learning opportunities to identify technical and procedural gaps, improve team operations and communication, and increase visibility for leadership on where additional training and team development is needed to reduce future impact on the business.