Cyberattacks are a common problem, even for small businesses in the UK. According to the government’s Cyber Security Breaches Survey for 2025, around 8.58 million cyber crimes of all types, the vast majority of which involve phishing.
More conspicuous attacks affecting larger businesses, like the recent one against Marks and Spencer, might grab headlines. However, smaller businesses can be affected by this problem, too.
As such, it’s worth planning for an attack, and making your business resilient before the threat manifests.
Cyberattack Response Plan
What does an effective response plan look like? Let’s take a look at a few key features.
Detect & Contain
The earlier a cyberattack is detected, the more effectively it can be isolated. If the login credentials of a given user are compromised, then access privileges should be withdrawn. Any affected systems should be quarantined, in order to prevent the threat from affecting the entire system.
Since phishing attacks are the most common threat, it’s vital that training in how to spot them is offered. Even staff members who aren’t tech savvy should be able to distinguish malicious emails from the rest. To test this, it’s often a good idea for IT departments to send out fake emails of this kind, in order to detect weak points, and perhaps provide training where it’s needed.
Assess the Impact
After the attack has been detected, its essential that the organisation know the full extent of the damage. When an impact assessment is not thorough, a portion of the threat might remain undetected. This might even allow attackers to continue the attack, after clean-up efforts have been undertaken. Needless to say, this can be disastrous for the affected business.
Make sure that you understand exactly which systems have been affected, and exactly what data has been lost. Make sure that you have a secure backup somewhere for essential data, and a procedure that updates this backup. The attack should be reviewed, and the findings of the review should be logged. The time, nature, and source of the attack should all be recorded. This information might allow new attacks to be prevented – and it might later be valuable in court.
Notify & Escalate
In the UK, businesses that suffer a cyberattack that has a ‘substantial impact’ on the provision of services are required to notify the Information Commissioner’s Office. They should do this, where feasible, within seventy-two hours of becoming aware of the breach. Other parties outside the business (like customers whose data has been stolen) should also be notified. Having a full-service law firm on your side can ensure that you stay on the right side of the law throughout this process.
Eradicate & Recover
Recovery should be complete and exhaustive. If it isn’t, then there’s a risk that the attack will be repeated. Passwords should be reset, and malware removed, before the data is restored from the backup.
Review & Strengthen
Like any other negative workplace incident, a cyberattack should be followed by an analysis designed to ensure that the problem isn’t repeated. Think about how your policies should be different, and how you could have responded better. Then implement the necessary organisational changes.
