Incident response

How to create a simple cyber incident response plan for an SME

An incident response plan doesn't have to be complicated. For most SMEs, one clear page that everyone can find beats a detailed document nobody reads.

By Crywex6 min read

What to include

  • Roles: who leads, who decides, who communicates.
  • Contacts: IT/security support, leadership, insurer, legal, key suppliers.
  • First steps: how to isolate a device and reset accounts.
  • Reporting: when and how to notify the ICO, clients, or insurers.
  • Communications: what you'll say to staff and customers.
  • Recovery: where backups are and how to restore them.

Want a plain-English view of where your business stands?

Book a free cyber health check

Keep it findable and current

A plan you can't reach during an incident is useless. Keep a copy offline or somewhere that doesn't depend on the systems that might be affected.

Review it a couple of times a year and whenever your setup changes significantly.

Practise it

Walk through a realistic scenario for 30 minutes with the people named in the plan. A quick tabletop exercise reveals gaps far more cheaply than a real incident.

Start with one page today. You can always add detail later — an imperfect plan beats no plan.

Turn this into an action plan

Book a free cyber health check and get a plain-English view of where your business stands.

Book a free cyber health check