Cyber Resilience for Business Managers

Considering risks in ‘peacetime’ and planning how you might respond to a Cyber Incident in advance of it happening will help you keep your business going.

The guide was crowdsourced from experts across a variety of fields of experience, including ransomware survivors. It prompts the reader to consider questions they may not have previously thought about; it should also be useful to those familiar with business cyber resilience, acting as a checklist and reminder.

It considers:

  • Being aware of the risk
  • Pre-planning and making decisions in advance
  • Developing a Cyber Incident Response Plan consisting of:
    • A Business Continuity Plan
    • A Communications Plan
    • An IT Disaster Recovery Plan

At least 5 groups should find this new non-technical guide useful in preparing you to keep trading through a cyber incident (at your organisation or one of your suppliers):

  • small business owner/manager
  • school business manager
  • school governor
  • involved with a charity
  • service manager in a large organisation with a separate IT function

Answer the straightforward questions (about 50 in total) and record your answers to create the bulk of a Cyber Incident Response Plan. 

Ideally, you should then test this (as you would a Fire evacuation plan) and make amendments as necessary. The (Police-led) North East Business Resilience Centre can help you test your plan with a business continuity exercise.

Sources of further information and guidance are also included as well as links to template document cover sheets for to other actions you can take to make your business more cyber resilient.

At present, the documents are offered as working drafts. Feel free to Provide feedback.

draft v0.4 MS Word version, pdf version [last update: 15th November 2022]


This guide was in part co-created at the Northumbrian Water Innovation Festival 2022 during a one-day ‘daily dash’ co-ordinated by CyberNorth and UKC3.  Some content is based on a similar initiative for schools in North Tyneside and from the North East Cyber Incident Response Plan developed by Local Resilience Forum emergency planners. It also borrows from Lessons Learned from significant cyber incidents in the last few years. 

Have you used the guide and found it useful? Let us know.

Additional resources from NEROCU: North East Regional Organised Crime Unit (Regional Police Cyber Crime Unit):

If you are experiencing a LIVE cyber attack, see our guidance on reporting a cyber incident.