Developing a Cyber Security Incident Response Plan

incident response

More than ever before businesses have more interconnected IT systems which are web facing, we can’t live without the internet right? But with the good comes the bad, you are at a much higher risk of a Cyber Security Incident occurring with different methods of attack ranging from; Phishing emails, hacking or even insider threats.

As a business owner, it is your responsibility to comply with legal responsibilities and to protect your customers or client’s information. There is no way to predict when a cyber attack might be coming your way or the impact it will cause. However, having a Cyber Security Incident response plan will ensure that you have a set process to follow in event of an incident so that you can respond fast and efficiently.

A recent cyber security survey made by the Department for Digital, Culture, Media and Sport found that the vast majority of businesses and charities are dependent on online services for the functioning of their business operations. This means they are more likely to be exposed to cyber security risks.

% of cyber breaches or attacks reported in the last 12 months

Businesses 43%
Charities 19%

43% of businesses and 19% of charities experienced a cyber security breach or attack within the last 12 months.

% where cyber security is a priority for senior managers

Businesses 74%
Charities 53%

74% of businesses and over half of charities (53%) say that say that cyber security is a high priority for directors or senior managers.

% of businesses and charities with a policy that covers cyber security

Businesses 27%
Charities 21%

Only 27% of businesses and 21% of charities have a formal policy covering cyber security risks.

What is an Incident Response Plan?

An incident response plan is your guide to the procedures you will follow in the unfortunate event of a Cyber Security incident within your business, so that you are prepared. Starting with detecting the incident and progressing through to restoration of normal operations.

Why does your firm need an Incident Response Plan?

  • Reputational damage– This is essential when handling valuable client and internal information as a Cyber Security incident could cause reputational damage for your business as it is your responsibility to protect your clients or customers information.


  • Loss of revenue– Having an Incident Response Plan in place for your firm means that you can minimize the loss of revenue to your company in event of an incident. Such as, if your business operates a lot of online payments or web facing services, the business will need to be up and running again as soon as possible.


  • Minimizing impact for others- Having a response plan helps to identify the issue of where the cyber security incident has occurred and what you should do, this means you can deal with that issue without disrupting other employees or aspects of the business. It is important to identify the biggest impact on the business and make that the priority to mitigate loss and disruption.


  • Complying with regulations- Complying with regulations such as GDPR, which came into effect for businesses in May 2018 is important when handling data of any living individuals such as customers or clients, if a data breach occurs you will need to know how to deal with that situation and establish what data if any has been compromised. If your business does not comply with these regulations’ fines can be up to £15.4 million, or 4% annual global turnover – whichever is higher.

Incident Response Plan Checklist

Creating an Incident Response Plan for your business is crucial and it is important that you are prepared in the event of one. We have put together a checklist to ensure you are taking the correct measures in developing your Incident Response plan! Find out more about creating an incident response plan checklist or download your free copy here.

Looking to implement an Incident response plan?