Yes. As mentioned, a cyber-incident is usually a moment of crisis for an organization. As a result, our job is to be there as a support. Sometimes we're the ones contacting an organization to say to them that we are seeing something that is of concern. Sometimes they have identified the cyber-incident, and we call them and ask if there is anything we can do to help. Sometimes we do have that regular, ongoing, two-way communication.
However, sometimes a company might choose to have an external service provider provide them the support, so then we're just more in monitoring and wait and see....
It's not automatic that an organization will come to us or continue to want to engage with us. It's not because they're not wanting to. Sometimes, especially when dealing with cybercrime, we're dealing with ransomware. We don't encourage the payment of ransomware, and sometimes that's another reason a company might not want to deal with us, as a government entity. They're afraid that it could mean something.
Although we are not all law enforcement—we're not a regulator—we work hard to build trusting relationships, and I feel that we do that on a daily basis. However, I don't want to mislead anybody to think that means that we know all the elements of cyber-incidents that happen in the private sector, for example, or with critical infrastructure.