That spread is wider than just the initial response to a data breach.
The guide recommends including the full array of departments (and, depending on the nature of your business, outside vendors, specialized professional services, etc.) and measuring those against the risks of being tagged by the cycbercrooks.
Have you, for instance, given thought to what a data breach would do to your business insurance premiums? How much would legal fees be if your business is victimized? How much extra will you be paying to manage the public face of the crime -- public and press relations, communications with affected customers and so on?
The point of the guide is to provide you with the tools needed to calculate your risk, the costs accompanying those risks and the proper business response to mitigating them.
It's sobering reading and, coming with the imprimatur of ANSI, invites careful reading and reflection.