Cyber Resilience for Business Managers

If you’re a small business owner/manager, school business manager, school governor, involved with a charity or a service manager in a large organisation with a separate IT function you should find this new non-technical aid useful in preparing you to keep trading through a cyber incident (at your organisation or one of your suppliers).

Considering risks in ‘peacetime’ and planning how you might respond to a Cyber Incident in advance of it happening will help you keep your business going.

There are a number of key areas that can help.

  • Being aware of the risk
  • Pre-planning and making decisions in advance
  • Developing a Cyber Incident Response Plan consisting of:
    • A Business Continuity Plan
    • A Communications Plan
    • An IT Disaster Recovery Plan

Answer the questions and record your answers to create the bulk of your Cyber Incident Response Plan.  Ideally, you should then test this (as you would a Fire evacuation plan) and make amendments as necessary.

Sources of further information and guidance are also included as well as links to template document cover sheets for to other actions you can take to make your business more cyber resilient.

At present, the documents are offered as working drafts.

draft v0.4 MS Word version, pdf version [last update: 15th November 2022]


*NEW* October 2022 – Work Book for your answers draft v0.1 (includes Template covers for your Plan draft v0.1)

This document was in part co-created at the Northumbrian Water Innovation Festival 2022 during a one-day ‘daily dash’ co-ordinated by CyberNorth and UKC3.  Some content is based on a similar initiative for schools in North Tyneside and from the North East Cyber Incident Response Plan developed by Local Resilience Forum emergency planners. It also borrows from Lessons Learned from significant cyber incidents in the last few years. 

The document prompts the reader to consider questions they may not have previously thought about; it should also be useful to those familiar with business cyber resilience, acting as a checklist and reminder of things to consider.

Have you used the document and found it useful? Let us know.

Feel free to Provide feedback on the draft documents.

Additional resources from NEROCU: North East Regional Organised Crime Unit:

If you are experiencing a LIVE cyber attack, see our guidance on reporting a cyber incident.