The dramatic emergence of cybersecurity incidents, to unlawfully obtain sensitive and private information from individuals and organisations alike, has become a pressing concern for the broader society. Incident response procedures are thus developed by organisations using a systematic process to deal with cyber security incidents. The Incident Response Team is the first line of defence against cyber threats and works in critical situations where an organisation is on the verge of losing digital assets. Hence, Situational Awareness (SA) allows organisations to understand their capabilities in dealing with incidents and to predict the status of future events based on those capabilities. That means a comprehensive and clear understanding of the technical infrastructure, level of security and expected threats to enhance the ability to make decisions in response to cyber incidents. This research study undertakes an evaluation of situational awareness for cybersecurity incidents response of a finance company in Oman Sultanate using a positivist case study approach. This allows the researcher to narrow his attention within location and time to a specific finance organisation, collecting various data types, including interviews, documents, and observations. Then reflecting on the experience of the Omani financial sector in responding to a cybersecurity incident to enhance its readiness to deal with it. The research findings that situation awareness theory is applicable in Oman financial organisations and measures the IR team's readiness to handle cybersecurity threats. Moreover, the resources and cybersecurity capability cooperatively influence how the organisation can follow situation awareness theory. This research contributes to promoting a grasp of situational awareness theory and describes the implementation of a scenario for cybersecurity incident response. In addition, clarifying how the response team performs the situation awareness by describing the working mechanism and procedures associated with incidents. Furthermore, an empirical case study from the financial sector contributes to an improved understanding of this institution's experiences in dealing with cybersecurity incidents. The practical contribution of this research is to manage and classify the responsibilities of the cybersecurity incident response team with the phases of situational awareness theory. Also, it highlights practical experience in this organisation by examining the theory of situational awareness during the response to cybersecurity incidents.