The most effective Incident Response teams are cross-functional and include representatives from senior-level executives to HR, finance, PR, IT and security teams, as well as outside cyber security experts and law firms, so every chain of command understands how to identify and react to an incident that may affect them. For example, depending on the magnitude of an incident, forensics will be conducted by the security team and corrective actions will be taken by network/system administrators. Business functions such as finance or human resources could have protocols to follow, as confidential financial or employee information is often at risk when there is a cyberattack.