Tip 6: A plan for when it all goes wrong

4th July 2025

Sometimes, things go wrong - be that a flat tyre when you have an important meeting to get to or a cyber security incident. Having an incident response plan for your business, along with business continuity and disaster recovery plans, will help your organisation recover as quickly as possible.

Your plan doesn't need to be complicated. In fact, the simpler your plan is the more easily you'll be able to follow it in times of stress (like when your business is mid-incident). Your incident response plan should cover details of how you will identify the problem, contain the incident, and how you'll communicate with affected staff and customers. If your organisation needs it, your plan should describe incident severities and what levels of seniority will be involved (e.g. for the most severe incident you may include the CEO early, whereas for a stolen laptop you'd possibly stop at the head of IT).

Complementing your incident response plan should be a business continuity plan (BCP) that explains how the business will continue to operate during the incident. A disaster recovery plan (DRP) is a document that defines the actions the organisation will take to get back to normal working.

Across these three documents, you should consider:

⚠️ How colleagues can report incidents (or suspected incidents) to the relevant team.

🏢 What to do if access to your offices is cut off.

🙋‍♀️🙋 Where and how your teams will work during the incident.

🔊 How you'll communicate with everyone.

🕰️ How often updates will be made (to your own people, your customers, investors, the press).

🚔 When and how law enforcement and any regulatory bodies will be informed.

📦 How you would contain the incident, to stop things getting worse.

📝 How you will record decisions, timelines, and how evidence will be preserved.

Testing your plans

Once you've got your plans it is worth testing them with a mocked up scenario. Your goal is to identify any problems during this testing, and then fix them, so in the event of a major problem your teams know what to do. For a small organisation, this might be a simple case of working from somewhere else and hot-spotting / tethering to a mobile phone. Larger organisations may have more in-depth scenarios with multiple people doing different roles.

Remember to test your plans regularly. At least once a year, but preferably more often to ensure everyone is confident they can react well should the need arise.

Incident response workshops

We offer incident response testing workshops to help you develop your incident response plan. Get in touch to find out more.