How To Develop an Incident Response Plan for Your Business

How To Develop an Incident Response Plan for Your Business

Daniel Hall 25/04/2024
How To Develop an Incident Response Plan for Your Business

In the Government’s annual security breach survey, it became apparent that only 21% of businesses and 16% of charities have a formal incident response plan.

This is shockingly low in today's digital era, where businesses need to be prepared to act when a cyber incident occurs. 

What is an Incident Response Plan?


It is a document that sets out the plan for a business when dealing with and rectifying the work of a reported cyber security incident. With cyber attacks on the rise and businesses becoming more aware of the threats, having a plan in place to prepare for a cyber incident, informing employees of what to do if a cyber attack is underway, and how to manage the aftermath is important. 

Creating an incident response (IR) plan is an excellent way to educate all members of your business of the most accurate guidance, information, and details of key IT team members to contact if there is any concern or reports of malicious cyber activity coming from both within and outside the business. No matter the size of your business. 

The Framework of an Incident Response Plan

To develop a comprehensive incident response plan that covers all details your team will need to know, the NCSC recommends that every basic IR plan should include the following: 

Key contacts - this will feature the contact details of all relevant personnel within the organisation that need to be contacted in the event of a cyber security incident. These personnel will usually include the head of IT or the IT team lead, HR, Legal, Senior Management team, PR, and your insurance provider. 

The NCSC makes a good point to include more than one team member from each department to ensure that at least one will be available at all times. This list should of course be regularly reviewed and updated to remain in accordance with the current staff list. 

Escalation criteria - Your escalation criteria refers to the decision-making process. In which you determine the severity of the reported incident. Determining the severity of the incident will allow the relevant teams to prioritise accordingly. Any high or critical level of incident must always go to senior management, ensuring they are aware of the potential impact this could have on the business. 

Core response (the incident response cycle) - Your core response plan could be laid out as a flow chart or diagram to demonstrate to your employees exactly what steps should be taken when responding to an incident. These steps should include how to analyse what is happening, contain or mitigate the incident, remediate or eradicate the cyber security incident, and how to recover. 

If all steps are followed and the incident is correctly resolved, the process can be reviewed and closed down. If the process did not provide enough information or teams felt unsupported it would then be the perfect time to improve and update the IR plan. 

Guidance on legal requirements and regulations - Your IR plan must also feature information regarding legal requirements and regulations. Particularly those concerning data. There will be particular incidents where you will be legally required to contact HR or engage with external legal support and advice in regards to what to do next. Here, the ICO shares when the incident needs to be reported. 

How Cyber Security Experts Help You Plan Ahead


For businesses that have limited knowledge or understanding of cyber security, working with a cyber security service provider may help as they have the knowledge, accreditations and hands on experience in this area. Their teams will be able to offer cyber security consultancy services, taking into account your organisation’s cyber security posture and risk exposure. Whilst, offering their advice and suggesting solutions for a professional incident response plan that is detailed and focused on improving the awareness and know-how of your team towards cyber security. 

Share this article

Leave your comments

Post comment as a guest

terms and condition.
  • No comments found

Share this article

Daniel Hall

Business Expert

Daniel Hall is an experienced digital marketer, author and world traveller. He spends a lot of his free time flipping through books and learning about a plethora of topics.

Cookies user prefences
We use cookies to ensure you to get the best experience on our website. If you decline the use of cookies, this website may not function as expected.
Accept all
Decline all
Read more
Tools used to analyze the data to measure the effectiveness of a website and to understand how it works.
Google Analytics