Cyber Security Incident Response Plan

By 10 May 2017Blog

Secure your Defence

Cyber-attacks are so frequently reported there is a danger business leaders become accustomed to the risk without implementing sufficient controls. It is vital that as a minimum, corporations put in place a cyber security incident response plan to ensure they are on the front foot should disaster strike. There is a plethora of threats that vary in size and risk and corporations should consider this an important factor to mitigate their own risks. If an adequate cyber risk mitigation policy is not put into action, the consequences of cyber-attack can be significantly enhanced. A cyber security incident response plan is something that acts as a contingency in event of a cyber-attack. It highlights the steps that need to be taken for a corporation to restore normal business functionality.

Cyber Security Incident Response

Many SME’s believe that they won’t be prone to a cyber-attack and therefore this stance is proven to increase their risk of not recovering from an attack. 66% of companies are not confident in their business’s ability to effectively recover from a cyber-attack. Cyber-attacks on SME’s have been increasing over the recent years. Although they do not have as much revenue compared to larger corporations they are normally easier to be hacked by cyber-criminals. Statistics in 2016 show that 75% of businesses do not have a satisfactory cyber security incident response plan.

The CREST Cyber Security Incident Response Guide indicates 5 main areas of consideration when a corporation is managing its Incident Response Plan:

1. Identifying the Incident:

Your business must assess a possible cyber security incident and determine what if any impact there has been to the networks, systems and database. In addition, you must understand what the type of incident is e.g. malware, DDoS, code exploit etc. Some cyber incidents are harder to detect then others and often they impact customers before the organisation it-self.

2. Investigating the Situation:

After a cyber incident has been identified, it must be investigated to understand how the attack occurred, who perpetrated the attack, when the attack happened and what was impacted.

3. Acting:

A major priority should be making sure that the cyber incident has been contained. This helps your business reduce the impact of the incident. This can be done by blocking unauthorised access and stopping it from spreading to other networks. It is always best to get advice from an expert before disconnecting everything from the internet and power as this can be potentially even more damaging!

4. Recovery:

After acting against the threat, your business should restore all systems back to normal operation and mitigate any vulnerabilities to try to prevent the same type of attack reoccurring. The recovery plan must be updated and tested so that it works in the future. Furthermore, important data should be backed up in case of another cyber-attack.

5. Training:

There should be nominated ‘champions’ in your business that will have knowledge about everything cyber for the general good of the business. They should be able to identify the risks that may occur and maintain good security standards. Individuals within the business should be able to handle incidents and make decisions to handle any incidents that occur. It’s important that the contact details of personnel are available to use in the event of an incident.


Cyber security incident response plans are essential for businesses as the world continues to grow into a larger digital landscape. Cyber-Attacks on SME’s are likely to increase in 2017 and therefore it is vital that UK businesses and SME’s have a good cyber security incident response plan to be prepared to mitigate the risk of being attacked.

en_GBEnglish (UK)