Cyber Response

Creating a cyber response plan

Business Continuity plans are well understood to plan for the disruptive impact of extreme weather events, fire or technology failure. Cyber attacks are an additional business risk for organisations and they should be planned for like any other risk to the business.

It is essential that organisations have a clearly defined plan to prevent, detect, respond and recover from cyber attacks, particularly the most common attacks. 

Creating a response plan

The Small Business Guide to Response and Recovery provides small to medium sized organisations with guidance on how to prepare their response, and plan their recovery from a cyber incident.

Developing an incident response plan is a critical step towards preparing a robust and effective incident management and technical response capability.

This guide includes:

  • Preparing for incidents
  • Detecting an incident has occurred
  • Steps to resolve the incident
  • Reporting the incident to wider stakeholders
  • Learn from the incident

If you’re a larger business, or face greater impact from a cyber incident, then the Incident Management section of the NCSC 10 Step Guide can further help your cyber response. Board members should refer to the NCSC guidance on planning your response to cyber incidents.

Go to Response Guide

Having an understanding of

  • what’s important to your business
  • why it’s important, and
  • what you are doing to protect them

will help you prioritise where you need the most protection.

Learn how to protect yourself or your small business or charity online with the Cyber Aware Action Plan. Answer a few questions on topics like passwords and two-factor authentication, and get a free personalised list of actions that will help you improve your cyber security.

Testing your response arrangements

It is important to test your organisation’s incident response plan, in the same way you test out your health and safety or fire drills.

The best way to test your staff’s understanding of what’s required during an incident is through exercising.

The NCSC’s Exercise in a Box (EiaB) is an online tool which helps organisations find out how resilient they are to cyber-attacks and to help them practice their response. The service provides exercises, based around the main cyber threats which your organisation can undertake at times suitable for you. It includes everything you need for setting up, planning, delivery and review.

Exercise in a Box tool

Cyber Capability Toolkit

The Cyber Capability Toolkit has been created to support Public Sector organisations to better manage their cyber incident response.

The Toolkit contains;

  • A Model Incident Response Plan template
  • A set of Playbooks covering Denial of Service, Malware, Data loss, Phishing and Ransomware attacks
  • A Cyber Incident Assessment tool designed to provide high level insight into the organisations maturity across a range of related incident management controls
Cyber Capability Toolkit

The Cyber Capability Toolkit will be subject to constant review and it’s contents are to be regarded as live documents, building on good practise, lessons from exercises and incidents and feedback of public sector bodies.