NCSC Launches Response and Recovery Guide


This guide is the latest in a range of products and services to help small businesses build their cyber security resilience produced by the National Cyber Security Centre (NCSC). We would encourage all small businesses to familiarise themselves with this guidance so that any impact on their time, finances and reputation can be kept to a minimum.

Currently there is around a one in three chance that UK businesses will experience a cyber breach.

The ‘Response and Recovery Small Business Guide’ sets out a 5-point plan of practical advice from the point of preparing for an incident through to the stage of learning lessons from it. It follows the publication in 2017 of the NCSC Small Business Guide, which provided help for business to protect themselves from cybercrime. The guidance was produced in response to a range of questions from small businesses following the publication of the Small Business Guide, such as how they should react to an incident and how they get back to business as usual.

 NCSC Small business Response Recovery Front

The latest guidance looks at continuity planning in the event that a business does fall victim to cybercrime, and follows feedback from businesses keen to ensure they are up and running as soon as possible after an attack.  

Clare Gardiner, NCSC Director of Engagement, said:

“While it is vital that small businesses protect themselves from cybercrime, it is equally important that they know the steps to take if they do fall victim to an attack.

"We understand however that it can be difficult for businesses to know where to start in the event of an attack, and the NCSC’s Response and Recovery Guide is designed to help them through the process from those crucial early preparation stages onwards.

The Response and Recovery guidance maps out a response to an attack over the following stages:

1 prepare

1 prepare

1 prepare

1 prepare

1 prepare

A range of practical advice is included under these headings, including: identifying critical systems and assets, making an incident plan, analysing antivirus/audit logs to help identify the cause of the incident, and reviewing incident plans to reflect lessons learned.

It will form part of the Small Business Guide portfolio of products, alongside the original guide and the recently published actions list

Quick reference guide

Quick Reference Infographic1.05 MB