AKA: What to do if you suffer a cyber attack, a Cyber Security Incident Response Plan provides steps to follow if you or your business gets hit by cyber crime and every organisation should have one!

Discovering and experiencing a cyber attack is a high-pressure situation where speed of response is critical. The faster you react the more likely it is you could limit the damage and show your stakeholders you have some control.

So having a plan in place to follow will help you and your team respond calmly and methodically, do the right things at the right time and involve the right people.

We ran a webinar recently on how to create a Cyber Security Incident Response Plan and you can watch the video recording here.

We have published an Information Sheet on writing a Cyber Security Incident Response Plan too, which is useful to keep handy and you can view it here.

If you need further convincing – or just further information, read on!

Why you really need a Cyber Security Incident Response Plan

The Government and cyber experts have warned how the conflict in Ukraine has escalated the potential risks to your cybersecurity. The National Cyber Security Centre has also updated its guidance recently with an overview of Russian cyber threats to critical infrastructure and mitigation guidance for all organisations.

This comes as cybersecurity threats had already increased exponentially during the coronavirus pandemic.

So, unfortunately, it is no longer a case of ‘if’ you or your business should suffer a cyber security attack – but ‘when’. Lots of firms spend money on cyber security software but they have not necessarily considered how to respond if the worst happens. But being prepared for such an incident, rather than sticking your head in the sand, will ensure that panic is reduced and the right actions taken by the right people to reduce the potential impact.

You should have a documented plan that everyone in your business can get access to – a Cyber Security Incident Response Plan.

  • You need to be able to communicate clearly to your team what to do – having a plan you can all refer to helps this.
  • Speed of response is of the essence during a cyber attack – if you have a plan you can respond faster than without one.
  • Planning your response at a time when you are not under pressure (as you would be during an attack) allows you to thoroughly consider all the actions you will need to take.
  • There is a good chance your cyber insurers will require you to have one and you will certainly need one to pass a security accreditation such as ISO 27001 or IASME Governance.
  • The ICO states as part of GDPR that you should “Have well-defined and tested incident management processes in place in case of personal data breaches.”
  • Ultimately, not having a plan will cost you more money in the long term and could put your firm and income at risk.

What should the plan contain?

1. Scope & initial actions.
2. Recording the incident.
3. Incident management process.
4. Reporting (Contact matrix).

Further resources

Writing a Cyber Security Incident Response planOur Information Sheet: Writing a Cyber Incident Response Plan

Detailed guide: Plan: Your cyber incident response processes – NCSC.GOV.UK

IASME information governance security standard and certification



Please contact us below if you would like further help with your business cyber security or general IT support.