Just about every organization suffers a cybersecurity incident at some point. While they are manageable, requirements for responding to incidents are growing in complexity. The good news is that, despite new and evolving regulations, there are actually many commonalities among cyber incident response and reporting requirements. This co-presentation will distill the common requirements for cyber incident response and reporting in regulations and PCI DSS. We will lay out what organizations must do when incidents occur, highlighting processes under PCI DSS 4.0 and major regulations. The presentation will also provide some tips on how to structure incident response compliance to ensure operations are smooth so defenders can focus on defending!