Back to Insights Back to Insights

If you own a business the question of whether you will suffer a cyber incident is not one of ‘if’ but ‘when’. In the 12 months from March 2020/21 four in ten businesses (39%) and a quarter of charities (26%) reported experiencing cyber security breaches or attacks. 

The National Cyber Security Centre (NCSC) defines a cyber incident as:

“unauthorised access (or attempted access) to an organisation's IT systems. These may be malicious attacks (such as denial of service attacks, malware infection, ransomware, or phishing attacks), or could be accidental incidents (such as damage from fire/flood/theft)”.

What is a cyber incident response plan?

A cyber incident response plan is an internal document that outlines how to respond to a serious cybersecurity event that impacts a business's operations.

The key to resolving a cyber incident quickly is to have a clear cyber incident response plan in place which is accessible to relevant people in your organisation. Below are three key steps when implementing a response and recovery plan.

1. Identify risks

The first step in your response and recovery program is to undertake a cyber risk assessment. This exercise should involve data mapping, so you understand where personal data (often the target of a cyberattack) is held within your business. 

It is important to identify the systems that are critical to ensuring your business can operate in the event of a cyber incident. All essential information such as email addresses and customer order information should be backed up on a daily or weekly basis.

2. Create the incident response plan

Once you have identified the risks to the data you hold and the systems required to operate your business, you need to create a plan that sets out the steps that must be followed if a cyber incident occurs.

Qualified/trained employees should be assigned certain roles and responsibilities as a part of an incident response team. Similar to having regular fire drills, mock cyber incidents should be staged regularly so everyone can practice their recovery roles. 

During these drills, each of the phases of the incident response plan should be carried out to ensure that the team fully understand the process of incident management.

3. Know how to report an incident

Reporting a cyber incident to the right people is a crucial part of the incident handling process. A cyber attack is a criminal offence and therefore should be reported to Action Fraud and the police. If you have suffered a data breach, you are required under the UK GDPR to report the incident to the Information Commissioner’s Office (ICO) within 72 hours.

Get legal assistance for LawBite

Cyber incidents must be taken seriously, and you will likely need to seek the advice and representation of an experienced solicitor to help you answer questions from enforcement bodies. Our team can assist you with reporting a cyber incident and help you navigate interactions with regulators.

For a free 15 minute cyber protection consultation, just click ‘Get started’ below.


Get started


Additional resources

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Free legal support for businesses

The LawBite Free Essentials Plan acts as your very own legal assistant, ready to provide expertise and guidance on the common legal issues that SMEs and businesses face.

Free Templates
  • X 3 legal document templates
  • Drafted by our expert lawyers
  • New documents added every month
Legal Healthcheck Tools
  • Business-specific surveys
  • Understand how compliant you are
  • Checks in, GDPR, IP, Brexit and more
Resources, Webinars and Articles
  • Access to the latest LawBite events
  • Legal guides for businesses
  • Smarter business law videos