Response and Recovery or both?

SME's in the UK can benefit from a 5-point plan of practical guidance and tips to help businesses back on their feet after a cyber incident. With 39% of businesses suffering a cyber attack in the last 12 months, there has never been a better time to get yourselves prepared, should a cyber attack take place.

It’s natural for all organisations to experience bumps in the road. When something unexpected happens, such as a cyber incident, it can be difficult to know how to react. Naturally, you will want to resolve the problem as quickly as possible so you can resume business as normal.

For these reasons, the NCSC has created the Small Business Guide to Response and Recovery. It provides small to medium sized organisations with guidance about how to prepare their response, and plan their recovery to a cyber incident. It's a companion piece to our guidance on how to protect yourself from cyber attacks.


View the Response and Recovery guide

If you're a larger business, or face a greater impact from a cyber incident, then the Incident Management section in 10 Steps to Cyber Security can further help your cyber response. Board members should refer to our guidance on planning your response to cyber incidents.


What is an incident? The NCSC define a cyber incident as unauthorised access (or attempted access) to a organisation's IT systems. These may be malicious attacks (such as denial of service attacks, malware infection, ransomware or phishing attacks), or could be accidental incidents (such as damage from fire/flood/theft).


Reporting incidents If you are experiencing a live incident, call Action Fraud immediately on 0300 123 2040 and press 9 on your keypad. This will allow your call to be dealt with as a priority and your live incident will be triaged over the phone. Next your incident will be passed to the National Fraud Intelligence Bureau (NFIB) who will review your report and conduct a range of enquiries, it may then get passed to the relevant police agency. You will be kept informed of the status of your report.

If your organisation has been the victim of a significant cyber attack, the NCSC recommends that you start by reporting the incident to us.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.