Prepare a cyber security incident response management plan

You have legal responsibilities as a business owner to protect your business and ensure that your business and customer information is safe. Think about the information that you store online, and what it would mean if the information is lost or stolen?

Unfortunately, you cannot predict when a cyber-attack will occur and what it might involve. If a cyber security incident occurs, you should minimise the impact and get back to business as soon as possible.

A cyber security incident response plan will help you and your business prepare for and respond to an incident fast and effectively.

What is an incident response?

An incident response is how you protect and restore the operation of your business when a cyber incident occurs. If you don’t deal with an incident quickly you could expose your business to major disruption and legal issues.

It’s critical that you and your employees understand the basics of detecting and responding to a cyber security incident. A cyber security incident response management plan can help you do this.

What is a cyber security incident response management plan?

A cyber security incident response management plan is a guide that outlines the steps to manage a cyber security incident. The plan should help you and your employees detect incidents quickly, lessen the impact, and return your business to normal as soon as possible. The plan should set out the process of:

  • preparing for a cyber incident
  • detecting the threat
  • assessing the level of threat and impact
  • responding to the level of threat
  • reviewing the process and improving the incident plan if needed.

Tips on how to prepare and respond to cyber security incidents

Prepare and prevent

Prepare your business and employees to be ready to handle potential cyber incidents that may arise.

  • Develop policies and procedures to help employees understand how to prevent an attack and to identify potential security incidents.
  • Identify the financial and information assets that are important to your business and technology that you rely on.
  • Consider the risks to these systems and the steps you and your employees need to take to lessen the effects or damage to your business.
  • Create roles and responsibilities so that everyone understands who to report to if an incident occurs and the recovery procedures that follow.

Check and detect

Check and identify any unusual activity events that may damage your business’ information assets and systems. Unusual activity may include:

  • accounts and your network cannot be accessed
  • passwords no longer work
  • data is missing or altered
  • your hard drive runs out of memory
  • your computer keeps crashing
  • your customers receive spam from your business account
  • you receive numerous pop-up ads.

If you see a security incident, document any evidence and report it to your IT section, a team member or a government body such as the Australian Cybercrime Online Reporting Network.

Identify and assess

  • Find the initial cause of the incident and assess the impact so that you can contain it quickly.
  • Determine the impact the cyber incident has had on your business and the effects to your business and assets if not immediately contained.


  • Limit further damage of the cyber incident by isolating the affected systems. If necessary, disconnect from the network and turn off your computer to stop the threat from spreading.
  • Eliminate the problem with the removal of the threat.
  • Recover from the incident by repairing and restoring your systems to business as usual.


  • Identify if any systems and / or processes need improving and make those changes.
  • Evaluate how the incident before and after, and any lessons learnt.
  • Update your cyber security incident response plan based on the lessons learnt so you can improve your business response.

Remember, the online security measures you take will help protect your business and your customers from existing threats, and also future threats.

Find out more:

Thanks for your feedback. If you have any ideas on how we can improve, we'd love to hear them.

Please provide your comments in the feedback form.

You might also be interested in