Why your business needs a cyber incident response plan
A cyber incident response plan helps Australian small businesses act fast in an attack: who to call, how to contain damage, and what you must report.
A cyber attack is bad enough. What makes it worse is having no plan.
Most businesses have not really worked through what they would do in the event of a cyber attack, until they’re faced with one.
Lots can go wrong. People panic, they pay the ransom, or wipe the one machine that held the evidence.
And then comes the part nobody wants… If customer or staff data has been exposed, you may have to tell those people, and report it to the regulator.
How you handle any serious incident (cyber, safety, financial) and how fast you respond to it, says a lot about your business and shapes its future and legacy. Especially when it comes to handling privacy and data, customers have long memories.
An incident response plan is just a written answer to a simple question: if we got hit today, what would we do? Who do we call, who can lock the accounts, where's the backup, who tells the clients, and what do we have to report. When you've got those answers ready, you can act in minutes and hours instead of days.
What a plan covers
It doesn't need to be long. A few pages will can set out:
Who's in charge of the response, and their backup
The numbers you'll need fast: your IT provider, your bank's fraud line, your insurer
The first steps to contain the damage and stop it spreading
Who you have to notify, and when
How you get back up: where the backups are, who restores them, and what comes back first
If you need help developing a plan, speak to our team. We have tried and tested templates to speed up the process.
Once you’ve developed your incident response plan, keep it stored in a secure place, along with a physical copy at each office incase your systems are down or your files are locked.
Directors need to be aware
If a breach exposes personal information about your customers or staff and could cause them serious harm, you have a legal duty to report it to the Office of the Australian Information Commissioner and to the people affected, usually within 30 days. The OAIC has clear guidance on what a data breach response plan should cover, and it's worth reading before you need it.
Create your plan and test it
For our cyber and managed IT clients, we build this plan with you, and even conduct cyber incident testing with your team to give them a chance to practice what to do in the event of an attack.
A Cyber Incident Response plan is also a requirement for obtaining cyber certifications such as SMB1001. It’s also. prerequisite for most cyber risk insurance. So don’t put it off any longer.
Get in touch and we'll walk through it with you.
Sources: Australian Signals Directorate, Annual Cyber Threat Report 2024–25; ACSC Cyber Incident Response Plan guidance; OAIC, Preparing a data breach response plan.
