What to include
- Roles: who leads, who decides, who communicates.
- Contacts: IT/security support, leadership, insurer, legal, key suppliers.
- First steps: how to isolate a device and reset accounts.
- Reporting: when and how to notify the ICO, clients, or insurers.
- Communications: what you'll say to staff and customers.
- Recovery: where backups are and how to restore them.
Want a plain-English view of where your business stands?
Book a free cyber health checkKeep it findable and current
A plan you can't reach during an incident is useless. Keep a copy offline or somewhere that doesn't depend on the systems that might be affected.
Review it a couple of times a year and whenever your setup changes significantly.
Practise it
Walk through a realistic scenario for 30 minutes with the people named in the plan. A quick tabletop exercise reveals gaps far more cheaply than a real incident.
Start with one page today. You can always add detail later — an imperfect plan beats no plan.
Turn this into an action plan
Book a free cyber health check and get a plain-English view of where your business stands.
Book a free cyber health check