Incident Response

Dealing with a cyber incident

Have a plan to prevent, detect, respond and recover from a cyber incident.

A fundamental aspect of cyber resilience relates to incident management, response and recovery planning. All organisations need to regard cyber risk as a business risk and put in place incident response plans that are tested regularly through exercising.

Section What is a cyber incident?

What is a cyber incident?

The NCSC defines a cyber incident as unauthorised access (or attempted access) to an organisation’s IT system/s. These may be malicious attacks such as denial of service attacks, malware infection, ransomware or more commonly phishing attacks.

An accidental action by an employee could also cause a security incident for example when a member of staff clicks on a phishing link within an email or downloading a seemingly legitimate piece of software as part of day to day work which contains a virus or malicious software.

Things that might indicate a cyber incident include:

  • computers running slowly
  • users being locked out of their accounts
  • users being unable to access documents
  • messages demanding a ransom for the release of your files
  • people informing you of strange emails coming out of your domain
  • redirected internet searches
  • requests for unauthorised payments
  • unusual account activity
Section Have a plan to prevent, detect, respond and recover

Have a plan to prevent, detect, respond and recover

It is good practice to have a Cyber Incident Response Plan in place that sets out the steps your organisation should take to prevent, detect, respond and recover from cyber attacks. Your plan does not have to be complex but it should be clear on the roles and responsibilities of key individuals who can take action. This should not sit in isolation and should be woven into the wider resilience, business and service continuity / disaster recovery planning.

Incident Management

The NCSC defines a cyber security incident as: A breach of a system’s security policy in order to affect its integrity or availability The unauthorised access or attempted access to a system Cyber incidents can take many forms, such as […]

Read more Incident Management in modal dialog

Cyber Incident Helpline

The free helpline will help organisations confirm they have been the victim of an attack and, if so, provide expert guidance to get them back to secure operations. Businesses can reach the cyber incident helpline by calling 0800 1670 623 […]

Read more Cyber Incident Helpline in modal dialog
Back to top of the page