Crisis management needs to become a regular cybersecurity routine