Cyber response

Creating a cyber response plan

Cyber attacks are an additional business risk for organisations and they should be planned for like any other risk to the business. Unlike a technical fault, a cyber attack can have immediate impact and far reaching consequences which may risk the integrity of the organisation. Naturally, you will want to identify and resolve the problem as quickly as possible so you can resume to a ‘business as usual’ state. 

For these reasons, it is essential that organisations have a clearly defined plan to prevent, detect, respond and recover from cyber attacks, particularly the most common attacks. 

The NCSC has created the Small Business Guide to Response and Recovery. It provides small to medium sized organisations with guidance on how to prepare their response, and plan their recovery to a cyber incident. It's a companion piece to the Small Business: Cyber Security and Small Charity Guide.

If you're a larger business, or face greater impact from a cyber incident, then the Incident Management section of the NCSC 10 Step Guide can further help your cyber response. Board members should refer to our guidance on planning your response to cyber incidents.

Testing your response arrangements

It is important to test your organisation's incident response plan, in the same way you test out your health and safety or fire drills.

How cyber resilient is your organisation?

Exercise in a Box (EiaB) is an NCSC online tool which helps organisations find out how resilient they are to cyber-attacks and to help them practice their response. The service provides exercises, based around the main cyber threats which your organisation can undertake at times suitable for you. It includes everything you need for setting up, planning, delivery and review.