This artefact captures sector-wide insights and recommendations following the Log4Shell vulnerability (CVE-2021-44228), a critical zero-day flaw in the widely used Apache Log4j library. Developed by the CMORG Cyber Coordination Group, the report outlines firm-level and industry-level lessons across seven key areas: perimeter defence, incident response, supply chain, inventory and vulnerability management tools, and patching of legacy systems. It highlights challenges such as incomplete asset inventories, ineffective scanning tools, and supplier communication gaps. The report provides detailed recommendations to improve preparedness, response coordination, and resilience against future vulnerabilities of similar scale and urgency.