top of page
Search

Response and Recovery or both?

  • Writer: SECRC
    SECRC
  • Jun 25, 2021
  • 2 min read

SME's in the UK can benefit from a 5-point plan of practical guidance and tips to help businesses back on their feet after a cyber incident. With 39% of businesses suffering a cyber attack in the last 12 months, there has never been a better time to get yourselves prepared, should a cyber attack take place.

It’s natural for all organisations to experience bumps in the road. When something unexpected happens, such as a cyber incident, it can be difficult to know how to react. Naturally, you will want to resolve the problem as quickly as possible so you can resume business as normal.

For these reasons, the NCSC has created the Small Business Guide to Response and Recovery. It provides small to medium sized organisations with guidance about how to prepare their response, and plan their recovery to a cyber incident. It's a companion piece to our guidance on how to protect yourself from cyber attacks.


If you're a larger business, or face a greater impact from a cyber incident, then the Incident Management section in 10 Steps to Cyber Security can further help your cyber response. Board members should refer to our guidance on planning your response to cyber incidents.


What is an incident? The NCSC define a cyber incident as unauthorised access (or attempted access) to a organisation's IT systems. These may be malicious attacks (such as denial of service attacks, malware infection, ransomware or phishing attacks), or could be accidental incidents (such as damage from fire/flood/theft).


Reporting incidents If you are experiencing a live incident, call Action Fraud immediately on 0300 123 2040 and press 9 on your keypad. This will allow your call to be dealt with as a priority and your live incident will be triaged over the phone. Next your incident will be passed to the National Fraud Intelligence Bureau (NFIB) who will review your report and conduct a range of enquiries, it may then get passed to the relevant police agency. You will be kept informed of the status of your report.

If your organisation has been the victim of a significant cyber attack, the NCSC recommends that you start by reporting the incident to us.

Comments

NPCC
TVP Logo
Hampshire Police Logo
SEROCU logo
Surrey Police Logo
Sussex Police Logo
Cyber Essentials Logo
Cyber Essentials Plus Logo

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of the South East Cyber Resilience Centre is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect the most recent legislation, practice, or application to your circumstances. The South East Cyber Resilience Centre provides funded services and Cyber Essential Partners if you need specific support. For specific questions please contact us at enquiries@secrc.police.uk.  The South East Cyber Resilience Centre does not accept any responsibility for any loss that may arise from reliance on information or materials published on this website.  It is not responsible for the content of external internet sites that link to this site or which are linked from it.

© 2022 - 2025 The South East Cyber Resilience Centre

Registered in England & Wales, No. 13263448 

TM

  • Facebook for South East Cyber Resilience Centre
  • LinkedIn for South East Cyber Resilience Centre
  • X for the South East Cyber Resilience Centre
  • Youtube for South East Cyber Resilience Centre
  • Instagram for South East Cyber Resilience Centre
  • RSS feed for South East Cyber Resilience Centre
  • Threads
bottom of page