A licensee must ensure timely detection of and response to cyber security breaches within a clearly defined escalation and decision-making processes to ensure that any adverse effect of a cyber security incident is properly managed and initiate recovery action quickly.