A licensee must ensure that cyber security breaches detected are escalated to an incidence response team, management and the board, in accordance with the licensee's business continuity plan and crisis management plan, and that an appropriate response is implemented promptly.