• Security
  • April 01, 2022

How to coordinate a cyber incident response plan


If you own a business the question of whether you will suffer a cyber incident is not one of ‘if’ but ‘when’. In the 12 months from March 2020/21 four in ten businesses (39%) and a quarter of charities (26%) reported experiencing cyber security breaches or attacks. 

The National Cyber Security Centre (NCSC) defines a cyber incident as:

“unauthorised access (or attempted access) to an organisation's IT systems. These may be malicious attacks (such as denial of service attacks, malware infection, ransomware, or phishing attacks), or could be accidental incidents (such as damage from fire/flood/theft)”.

What is a cyber incident response plan?

A cyber incident response plan is an internal document that outlines how to respond to a serious cybersecurity event that impacts a business's operations.

The key to resolving a cyber incident quickly is to have a clear cyber incident response plan in place which is accessible to relevant people in your organisation. Below are three key steps when implementing a response and recovery plan.

1. Identify risks

The first step in your response and recovery program is to undertake a cyber risk assessment. This exercise should involve data mapping, so you understand where personal data (often the target of a cyberattack) is held within your business. 

It is important to identify the systems that are critical to ensuring your business can operate in the event of a cyber incident. All essential information such as email addresses and customer order information should be backed up on a daily or weekly basis.

2. Create the incident response plan

Once you have identified the risks to the data you hold and the systems required to operate your business, you need to create a plan that sets out the steps that must be followed if a cyber incident occurs.

Qualified/trained employees should be assigned certain roles and responsibilities as a part of an incident response team. Similar to having regular fire drills, mock cyber incidents should be staged regularly so everyone can practice their recovery roles. 

During these drills, each of the phases of the incident response plan should be carried out to ensure that the team fully understand the process of incident management.

3. Know how to report an incident

Reporting a cyber incident to the right people is a crucial part of the incident handling process. A cyber attack is a criminal offence and therefore should be reported to Action Fraud and the police. If you have suffered a data breach, you are required under the UK GDPR to report the incident to the Information Commissioner’s Office (ICO) within 72 hours.

Get legal assistance for LawBite

Cyber incidents must be taken seriously, and you will likely need to seek the advice and representation of an experienced solicitor to help you answer questions from enforcement bodies. Our team can assist you with reporting a cyber incident and help you navigate interactions with regulators.

For a free 15 minute cyber protection consultation, just click ‘Get started’ below.


Get started


Additional resources

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By LawBite Team
  • April 01, 2022
3 ways to protect your business from cyber security threats

Cyber security threats, including cyberattacks, phishing attacks, and ransomware attacks have increased markedly since 2020. As the workforce began...

blog image
  • By LawBite Team
  • March 31, 2022
How to protect your business from phishing emails

The average office worker receives 121 emails per day. This, along with the fact that criminals are getting smarter, means phishing emails are beco...

  • By LawBite Team
  • June 17, 2020
Guarantee or Indemnity – Which is best for your Business?

If there is one thing business loathes, it is uncertainty.  And for the last three years, British businesses have had to deal with so many politica...


LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Talk to a Lawyer

Book a Call
defend a claim

Essentials Plan

Join for Free