Boost your cyber resilience with our cyber incident response plan

In the last 12 months, the Department for Digital Media, Culture and Sport's Cyber Security Breaches Survey revealed that, 39% of businesses and 26% of charities reported having a cyber breach or attack. Among the 39 per cent of businesses and 26 per cent of charities that identify breaches or attacks, one in five (21% and 18% respectively) end up losing money, data or other assets.

One-third of businesses (35%) and four in ten charities (40%) report being negatively impacted regardless, for example because they require new post-breach measures, have staff time diverted or suffer wider business disruption.


The survey also revealed that whilst 66% of businesses and 59% of charities do report having some sort of formalised incident response process, approaches to incident response are often not very comprehensive.


To help you minimise the impact of a cyber attack we have created a Cyber Incident Response Plan for you to use.


Why is important to have a Cyber Incident Response Plan? A cyber security incident response plan provides a process that will help your business, charity or third sector organisation to respond effectively in the event of a cyber-attack.


How to use this template?

  • You are free to use, share, adapt and build upon this material, but you may not use this material for commercial purposes.

  • We suggest reviewing the pack and editing names and numbers where necessary, before you distribute to your organisation.

  • Consider printing appendix H to help staff with a clear reporting procedure in the beginning of any incident.

  • Use the checklist to provide a prompt response that will limit the damage of any attack, whilst communicating effectively through your channels to keep suppliers, customers, and staff onside. The checklist will help to calmly guide a response through a time of heightened stress and confusion.

How can the Cyber Resilience Centre for the South East support my business?

The SECRC offers a range a membership options depending on what level of support businesses in Hampshire, Surrey, Sussex, Oxfordshire, Berkshire and Buckinghamshire need.


The Core Membership is free and provides businesses with 50 or fewer employees, access to a range of resources and tools to help them identify their risks and vulnerabilities, as well as providing guidance on the steps they can take to increase their levels of protection.


Working in conjunction with local universities and the regions local forces, the SECRC is able to provide a range of affordable cyber resilience services with the very current knowledge and technical expertise from the UK's top cyber talent. These services help SMEs and therefore their supply chain to prepare and improve cyber resilience.


From staff training to reviewing a company’s network and systems, these services will help boost a cyber security strategy.


Follow us on Facebook, LinkedIn and Twitter to receive the latest SECRC news.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.