020 7193 4905

Incident Response Plan


Recent months have shown us all how cybersecurity breaches can wreak havoc; not only crippling an organisation’s IT systems and day-to-day operations, but also destroying its business reputation. Recent ransomware attacks for example, where vital data is encrypted with an unbreakable encryption algorithm, which can only be decrypted on payment of a ransom, brings home the vulnerability of our economy’s IT infrastructure.

Many, if not most organisations have little or no experience of dealing with a serious cybersecurity breach or data loss event. These incidents will continue to occur as long as there are weak targets open for attack. The importance of having a Cyber Incident Response Plan in place has never been greater. Without such a plan, all too often we observe an immediate reaction of mild panic and confusion, resulting from the lack of understanding of the threat itself. This is compounded by the consequences of failing to respond appropriately.

Valuable time is lost as staff attempt to pick up the pieces. This loss of critical time results in risks on a number of fronts: data (and associated financial) loss; reputational damage; loss of customer confidence; and even regulatory penalties. A well-formulated plan ensures staff are able to respond to cyber incidents in a calm, measured and effective manner following a clear plan formulated by calm heads beforehand.

To prevent what starts as a minor inconvenience from developing into a corporate crisis, both a response plan, and immediate access to an incident response specialist able to provide expert advice and guidance are necessary.

First Response are incident response specialists, providing a scaled response strategy to assist your organisation in preparing for and responding to cybersecurity incidents, balancing internal and external expertise and resources.



Our plan provides you with two of our Incident Response Specialists, who visit your premises for one day. They meet your key management and IT staff to discuss your business processes, your data workflows, and the nature of your IT infrastructure and the role it plays in your day-to-day operations.

This review includes an examination of your existing information security policies and procedures, together with your business continuity and disaster recovery plans. The review helps us (and you) to develop a clear, up-to-date, and complete understanding of your network topology and defences. In the event of a cybersecurity breach or other cyber incident, we are all able to hit the ground running, and start the process of remediation smoothly and efficiently.

Once this on-site review has taken place, First Response will prepare a Cyber Incident Response Plan, tailored to your organisation, which provides you with:

  • Detailed information highlighting areas of concern, with our recommendations on how to address these
  • The roles and responsibilities of relevant members of the organisation in the event of a Cyber Incident
  • Trained internal First Responders who will have the skills needed to react appropriately to the initial impact of an attack
  • The organisation’s management will know what decisions should be made, and understand the significance of these as they relate to the incident timeline
  • A direct 24/7 line of contact with your First Response IR Specialist, who can provide advice and guidance in the event your Incident Response process is invoked, we can make arrangements for members of our IR Team to attend on-site if necessary.




Incident Response Framework & IR Plans

Initial set up and health check £9,800 and £500 monthly retainer

  • Establishment of an Incident Response Framework, including detailed plans for common incident types following the initial setup and health check
  • Guaranteed telephone response within two hours
  • Guaranteed onsite attendance within 24 hours by up to two Incident Response specialists
  • Incident First Responder training (half-day for up to 10 delegates)
  • Preferential incident response rate of £160 per hour (per specialist – per hour)
  • Basic Cyber Essentials accreditation

Also available at additional cost

  • Cyber Essentials Plus
  • Endpoint 24/7 monitoring by our IR Team, including real-time malware remediation
    and threat protection
  • Quarterly threat Intelligence briefings on the current threat landscape
  • Access to our extensive catalogue of security & forensic training courses at a CIRP preferential rate



Mission Impossible

Mission Impossible

"Your mission, Jim, should you decide to accept it, is to come up with a response to these demands within twelve hours." What would you do if all...

Incident Response 101

Incident Response 101

It'll be all right on the night – NOT When a disaster such as a ransomware attack strikes your organisation, how well are you prepared? A cyber...