Security leaders should be able to get people from across the company to help develop the IR plan. A bank handling the impact of a breach may need help from its public relations staff if the organization is legally required to publicly disclose the incident. The banks Web development team may also need to be involved if the adversaries carried out their attack by exploiting a vulnerability in the company’s website, like a WordPress flaw. The IR plan should include input from all of these departments, including human resources and Web development.”]
Source: https://www.csoonline.com/article/3181330/do-you-have-an-incident-response-plan-in-place.html