Listed as dedicated critical area of Cyber Security in the UK governments “10 Steps to Cyber Security”, Incident Management should be given some attention in your organisation if hasn’t already been.

I mentioned recently that the Ipsos Mori Cyber Security Breaches Survey 2017 reported that overall only 11% of all UK business have any formal Incident Management plan in place.

According the 10 Steps guidance, there are three keys areas that need to be addressed. First: Obtain senior management approval and backing – The board should lead on the delivery of the incident management plans. Second: Establish an incident response and disaster recovery capability – Develop and maintain incident management plans with clear roles and responsibilities, with regular testing of your plans. Third: Provide specialist training – The incident response team should receive specialist training to ensure they have the skills and expertise to address the range of incidents that may occur.

This “step” towards a more mature security posture is less about the technology and more about the processes and people. Incidents this year at Wonga, the NHS, HSBC and now BA all demonstrate that you must have a plan in place. Don’t be Lance Corporal Jack Jones screaming, “Don’t panic!”