Cyber-Incident-Overview2 (1)

Free and Immediately Usable Cyber Response Template

Optimised Document Structure, Easy to understand guidance on Cyber Incident Planning & Response and a ZERO-FLUFF approach makes this cyber response plan template immediately useful. 

One of the key artefacts you need to produce as part of your planning for responding to a cyber attack is a Cyber Incident Response Plan. A document that guides you on what actions to take and how to take those actions. Our FREE cyber incident response plan template includes:

-- Clear and easy to understand guidance on what should be in an incident response plan (just in case you don't want to use our template.)
--  Visual workflows and guidance that you can use in your plan immediately.
-- A ZERO-Fluff content approach and practical, simple-english content that is fit-for-purpose and relevant for most organisations. 

Download your copy of the Cyber Incident Response Plan template document and start using it immediately. 

** GDPR & Privacy ** We wholeheartedly believe in your and our rights to privacy and in the GDPR. The bottom of the page explains how we use your data.

enter your details below to get your copy:

What is an Incident Response Plan & How to Create One? 

This is one of the most relevant questions one can ask when looking to bolster the cyber defences for their business. The fact of the matter is that today any and every business is a data goldmine and is therefore vulnerable to being attacked by cyber criminals. 

In order to ensure business continuity in the face of cybersecurity incidents and data breaches, it’s no longer enough to just have an incident management team alone. 

A solid plan of action for incident response, that every stakeholder in the organisation is aware of, is indispensable today. Every key decision-maker, IT executive and business executive must be aware of their roles and responsibilities in case of security breaches.    

The only real PROTECTION you can give your organisation is PREPARATION. 

You need to be aware of the potential risks to your business and your critical assets or crown jewels that hackers might try to target. But more than that, you need to have a plan for responding to cyber-attacks or cyber security incidents when they happen. Yes, when and not if. 

This plan should be: 

  • Easy to read
  • Easy to understand by technical and non-technical audiences 
  • Have clearly defined steps and communication channels 
  • Should outline critical actions

The cyber security incident response plan should definitely NOT be: 

  • Too complex 
  • Too technical 
  • Too long 

Why Do You Need a Cyber Incident Response Plan? 

A solid cyber incident response plan is indispensable to your cyber resilience strategy. It tells your IT & security team exactly what to do when a crisis hits. Because let's be honest, the most seasoned security practitioner can crumble under the pressure of a cyber-attack when hackers have locked you out of your own systems and are asking for a massive ransom payout.   

The only sure-shot way to deal with this crisis is to have a plan of action that everyone is aware of, that reminds everybody what to do next and has ideally been rehearsed by the key stakeholders many times before. Overall, the idea is to mitigate chaos and do the right thing even under the pressure of a major data breach or compromise. Our Cyber Incident Response Plan Example can help you achieve that. 

How do you create a good Cyber Incident Response Plan? 

The answer is simple: You download our incident response template, either use it as inspiration to create your own security incident response plan or customise the template with your organisational goals, details etc. 

-- This FREE Cybersecurity Incident Response Plan template has been created to help you achieve this goal. 
-- The editable Word document allows you to personalize the Incident Response Plan template as per your organisational goals and needs. 
-- The idea is that you should have a good place to start from when looking to create your own Cyber Incident Response Plan. 
-- Use our FREE Cyber Incident Response Plan Template to create your own plan and give your organisational cyber resilience capabilities a major boost.

Is it important to Test Your Incident Response Plans?

Would you drive a car that hasn’t been through the many rounds of rigorous automotive testing that vehicles are regularly put through? Obviously, not. 

Then why would you risk trusting the cyber resilience of your organisation on plans that have never been tested or rehearsed? If nobody knows what’s in your cyber incident response plans, what good are they in a crisis? 

While creating a solid cyber incident response plan is of utmost importance, rehearsing it, practising all its recommendations, dissecting it and questioning it are equally important. The plan and the steps it includes should be a part of the muscle memory of all key decision-makers in the business. 

This is because in the midst of the utter chaos that a cyber-attack or a ransomware attack can unleash, it can be hard even for industry veterans to think straight. 

When the steps of the Incident Response Plan are ingrained in your muscle memory, it can often be easier to naturally do the right things and make the right decisions - or at least, not make more mistakes and make things worse.       

This is why, we at Cyber Management Alliance, strongly recommend that our clients not only work with us to create strong Cyber Incident Response Plans but also regularly put these plans through the litmus test of a Tabletop Exercise.

A Cyber Crisis Tabletop Exercise tests the effectiveness of your plans in the simulated environment of an attack. Without disrupting business and with minimal cost, it checks if your plan actually holds water and also if the participants in the workshop are fully aware of the cybersecurity response plan and their individual roles and responsibilities. 

We also offer Ransomware Tabletop Exercises targeted specifically at dealing with ransomware attacks. This workshop addresses the specific concerns or questions that come up at the time of a ransomware attack. These can range from - “Do we negotiate with the hacker?” to “Do we ever agree to pay the ransom?”  

How to ensure Success in Incident Response? 

The only sure shot way to ensure successful Incident Response and real cyber resiliency is to work towards it round the year.

Cyber criminals don’t rest. They’re always working to figure out new tactics and techniques to attack their targets and new inroads into the networks they wish to compromise.

The only way to beat them in their tracks is to concomitantly keep the momentum going for good Cyber Incident Response practices throughout the year. 

Incident Response Plans should not be treated as static documents. They need to be looked at as organic and alive guides that are constantly evolving with the ever-changing global threat landscape.   

This is why our Cyber Incident Response Plan Template is a great reference point. As you go about altering and evolving your own plans, you can always refer back to this Cyber Incident Response Plan example to make sure that all essentials are covered in the updated plans. 

While the organisation-specific steps and roles and responsibilities may need to evolve over time, certain fundamentals of good incident response remain constant and these should definitely reflect in your plans.  

What are the 6 steps in Incident Response?

Speaking of fundamentals of a good Incident Response Plan example brings us to the 6 main steps in Cyber Incident Response Planning. 

These 6 steps must be covered in every good cybersecurity incident response plan. Every business can elaborate upon these basic steps depending on their own size and requirements. 

We delve into the details of what these steps are in our blog on 6 phases of incident response. 

Let’s look at them briefly here: 

  • Preparation: The most important stage that puts incident response in the spotlight and gets the organisation ready for the imminent attack.
  • Identification: This stage is all about identifying the details of the attack. It revolves around figuring out the exact nature of the attack, which assets have been impacted etc. 
  • Containment: In this stage, the focus is on mitigating the damage that the attack can cause. It’s unwise to delete everything in a panic as evidence is important. Thus, this phase deals with containing the attack without losing precious evidence.   
  • Eradication: As the name suggests, this phase deals with eradicating the malware and patching vulnerabilities. 
  • Recovery: This phase of incident response is all about bringing the systems back up and running. 
  • Lessons Learned: Without pondering over how the plan helped you deal with the attack and where the gaps were, there is little headway to be made. The only way to emerge stronger after a cyber incident is to invest adequate time and attention to the lessons learned.  

Who is this Incident Response Plan Template For? 

The FREE, downloadable Incident Response Plan Template UK, created by Cyber Management Alliance, is for any organisation - commercial, non-commercial - that wants to ramp up its cyber defences. 

We have created this free template in line with our commitment to enabling organisations worldwide to build their cyber resilience capabilities. We care deeply about building a cyber safe world and catalyzing good incident response capabilities within businesses and non-business entities is a huge part of that mission. 

Therefore, any organisation, from any industry vertical and regardless of size and scale can use this free cyber incident response plan template to create their own plan. 

The template is meant as guidance and a reference point that any organisation can use and improvise upon.  

Is this the right Incident Response Plan Template for Small Businesses? 

Yes, this Incident Response Plan Template is for small businesses as much as it is for large organisations. 

We have created this cybersecurity response plan template for any organisation that is serious about building its incident response capabilities and combating the scourge of cyber crime that’s causing companies worldwide to lose hundreds of millions of dollars each year. 

Every small business can use this template to create their own cyber incident response plan and this can be a great first step on their journey towards complete cyber resilience.  The Incident Response Plan can be put into action when the small business has been subject to any kind of cyber crime - from a social engineering attack to phishing emails - the types of attacks that very often victimize small enterprises. 

At the end of the day, it is important to remember that not every cyber incident is a crisis or a disaster. But it can quickly turn into one if it’s not managed properly. 

Our endeavour should always be to be prepared for any kind of cyber attack or event. A good cyber incident response plan enlists the right steps you can take in case of an incident, how to contain it, how to communicate it and what to do if things seem to spiral out of control. 

By using our incident response plan template UK, every organisation can refine their responses and jump back into recovery mode faster with least disruption to business.   


NCSC Certified Training B&W 300px

We are industry experienced practitioners when it comes to cyber security training & cyber security consultancy services

Cyber Security Training


We offer a host of courses including our NCSC Assured Training in Cyber Incident Planning and Response and our NCSC Assured Training in Building and Optimising Incident Response Playbooks.


Virtual CISO Services

Hands On, full-support 'Security As a Service', specifically designed for organisations that require access to experienced cybersecurity, governance, risk and compliance professionals.

Cyber Security Events

Virtual Cyber Assistant

A unique, affordable, subscription-based, cybersecurity service for small to medium businesses, offering 280+ services in cybersecurity.

Virtual CISO DPO

Cyber Crisis Tabletop Exercises

Scenario-based, verbally-simulated tabletop attack exercises that test your organisation's ability to effectively respond to a cyber-attack.

GDPR GAP Assessment

Ransomware Tabletop Exercise

Measure your organisation’s Ransomware Readiness with a unique blend of verbal and visual simulations and ransomware scenario walkthroughs.

Cyber Security GAP Assessment

Executive Cyber Awareness Sessions

Specially designed for executive management, CEOs and boards of directors, engaging them in a business context to help explain the threats and risks from cyber-attacks.

How we use your data:

  • Contact you about our services including, but not limited to, training, trusted advisory and consultancy.
  • Keep you posted on free resources and documents.
  • Update you on upcoming webinars and surveys.
  • Update you when we host our ground-breaking Wisdom of Crowds events.
  • Ask you, every now and then, if you want to take part in crowdsourced initiatives.
  • Our partners (we carefully select our partners) may contact you to arrange or demo or share more information with you about their products or services when you watch one of our sponsored webinars. Remember, you can always tell us or our partners, "No, not interested".

Download your Free copy of Cyber Incident Response Plan Template

A free guide on how to work securely while away from office.