top of page

Response and Recovery or both?

SME's in the UK can benefit from a 5-point plan of practical guidance and tips to help businesses back on their feet after a cyber incident. With 39% of businesses suffering a cyber attack in the last 12 months, there has never been a better time to get yourselves prepared, should a cyber attack take place.

It’s natural for all organisations to experience bumps in the road. When something unexpected happens, such as a cyber incident, it can be difficult to know how to react. Naturally, you will want to resolve the problem as quickly as possible so you can resume business as normal.

For these reasons, the NCSC has created the Small Business Guide to Response and Recovery. It provides small to medium sized organisations with guidance about how to prepare their response, and plan their recovery to a cyber incident. It's a companion piece to our guidance on how to protect yourself from cyber attacks.

If you're a larger business, or face a greater impact from a cyber incident, then the Incident Management section in 10 Steps to Cyber Security can further help your cyber response. Board members should refer to our guidance on planning your response to cyber incidents.

What is an incident? The NCSC define a cyber incident as unauthorised access (or attempted access) to a organisation's IT systems. These may be malicious attacks (such as denial of service attacks, malware infection, ransomware or phishing attacks), or could be accidental incidents (such as damage from fire/flood/theft).

Reporting incidents If you are experiencing a live incident, call Action Fraud immediately on 0300 123 2040 and press 9 on your keypad. This will allow your call to be dealt with as a priority and your live incident will be triaged over the phone. Next your incident will be passed to the National Fraud Intelligence Bureau (NFIB) who will review your report and conduct a range of enquiries, it may then get passed to the relevant police agency. You will be kept informed of the status of your report.

If your organisation has been the victim of a significant cyber attack, the NCSC recommends that you start by reporting the incident to us.


bottom of page