Incident Management

10 Steps to Cyber Security

Incident Management

Incident management is often an aspect of cyber security that isn’t considered until it’s too late. The banner of incident management covers a variety of functions.

Since incident management is pointless if the functions do not work as desired when they are needed, it is essential to conduct annual or bi-annual testing to ensure the plans continue to be fit for purpose.

The content of cyber incident response plans differs from business to business and are largely based upon need, as well as planning the initial response to a cyber incident, there may be other considerations such as pre-planned press releases should a personally identifiable information (PII) data breach occur or notification of law enforcement if criminal acts have been committed.

The NCSC defines a cyber incident as “The NCSC defines a cyber incident as a breach of a system’s security policy in order to affect its integrity or availability and/or the unauthorised access or attempted access to a system or systems; in line with the Computer Misuse Act (1990).” A cyber incident response therefore is a pre-existing methodology of steps to be taken during and after a cyber incident occurs.

Regardless of circumstance, having a robust cyber incident management plan in place is highly recommended to facilitate a rational, measured response to the cyber incident, often the stress and panic of a cyber incident can result in an overreaction that can ultimately cause more harm than it prevents.

An incident response plan should ensure that lines of communication within a business are maintained and that stakeholders are kept informed of the incident as it progresses towards remediation.

Solutions for Incident Management

Disaster Recovery (DR)

Disaster Recovery is a contingency solution that is invoked at such a time as an organisations primary IT infrastructure has been rendered unusable temporarily or permanently and to allow continued operation of the organisation, critical elements of the IT infrastructure are restored and hosted in a different location, usually geographically remote, from the primary datacentre.

Traditionally, Disaster Recovery has been used as a contingency against physical damage or circumstances rendering a datacentre unusable, however increasingly Disaster Recovery solutions are being employed to continue operations in the event of a ransomware or other malware infection making critical IT infrastructure unusable for an extended period.

CyberLab consultants specialise in designing and recommending disaster recovery solutions that work for our customers.

Business Continuity (BC)

Business Continuity is sometimes confused with Disaster Recovery and the terms are often interchanged, whilst they are similar in nature, they are quite separate, Disaster Recovery is the ability to run the IT infrastructure is a separate location, a Business Continuity plan is the plan an organisation has in place that dictates how it will operate in a Disaster Recovery scenario.

Business Continuitywill typically consider such things as maintaining high availability of email functionality during a Disaster Recovery incident, relocating office staff to a second location, or reverting to home working if the primary office becomes unusable and maintaining other business critical services.

CyberLab consultants specialise in designing and recommending harmonious business continuity solutions.



Backups are a key component to any business contingency plan, although this is often not understood or appropriately financed. Having a good backup solution in place can mean major hardware, cyber, or force majeure incidents can be shrugged off with minimal downtime – conversely, not having a good backup solution could mean serious trouble for a business should the worst happen.

CyberLab consultants specialise in implementing modern, robust backup solutions for our customers and there is no one-size-fits-all. General principles may remain the same but individual implementations can vary depending on business needs, available hardware or technology and geographic dispersal of customer sites.

Protect Your Data. Secure Your Organisation.

What is Incident Management in Cyber Security

Jonathon Hope, Senior Technology Evangelist at Sophos, joins the 10 Steps to Cyber Security Series for a deep dive into incident management and how organisations can better prepare for cyber incidents. They cover:
  • What is incident management is and why it is important?
  • Incident management in practice: protecting your data and securing your organisation

Our Vendor Partners

We work alongside the most reputable vendors in cybersecurity to ensure your people can work safely from anywhere.

Sophos logo
Microsoft logo
Logpoint logo
Cisco logo

Speak With an Expert

Enter your details and one of our specialists will be in touch.

Whether you’re looking to implement basic cyber security best practice, improve your existing defences, or introduce a new system or solution, our team of expert consultants, engineers, and ethical hackers are here to help.

Our team specialise in creating bespoke security solutions and testing packages to improve and maintain your security posture.

We are 100% vendor agnostic and will only ever recommend the best products and solutions for your requirements.