+44 (0)20 7877 0060 contact@2-sec.com
Select Page

Stage 5: Respond


It is inevitable that most businesses will suffer a breach. Knowing this, any organisation should have plans and procedures in place to effectively respond to an incident and minimise the impact on the business, its employees and clients.

The most important aspects are restoring a business to normal service operation as quickly as possible and minimising the impact on the client base and the overall reputation of the organisation. There are 3 key elements that any business needs to address to best respond to a breach.


Cyber Protection: Respond Stage


When an incident has occurred, it is important to immediately engage a process to identify, respond and manage the impact of the incident. The incident team needs to ensure that a breach is contained, the effects are mitigated, and the incident is efficiently eradicated. It is important that the business operations are returned to normal as soon as possible, any compliance requirements are upheld and then the impact is fully understood.


By preparing for a breach, an organisation will have procedures in place for recovery time objectives and recovery point objectives (identifying the priority of IT systems, how quickly they need to be back up and running and the point of recovery) so that the business has an organised recovery plan in place.

It is important to assess key systems and assets and understand the capacity of protection. By analysing the current incident management process and policies, it is possible to understand how effective an organisation will be in implementing continuity and crisis management procedures. Recovery and communication plans must be tailored to each organisation so that it can restore all capabilities, services, and systems as well as inform internal and external stakeholders.

It is important to review and maintain these on a regular basis to minimise interruption to business operations and fully protect business objectives and reputation.



If an incident does occur, it is important to use post-incident and post-exercise reviews to actively reduce the risks associated with incidents happening in the future. By identifying the origin, the cause of the attack and assessing any shortfalls in response or preventative strategies, the business can prevent the issue from reoccurring. It is important to address the root cause or to identify systemic concerns, rather than to fix a limited issue.


Know the security priorities for your organisation

Understand how you can improve your organisation's cyber readiness.

Cyber Security Risk Management LifeCycle

Respond is stage 5 of 5. A business needs to implement all stages of the life cycle to best manage risk and protect the business. To discover more about the other stages of the life cycle, click on the segments below:
Created with Snap

Cyber & Information Security: Discover More

Here are some quick links to related services and articles that might be of interest

  • Cyber Rescue Plan - The Cyber Rescue Plan has been put together to offer a unique approach to Cyber Security Transformation, covering major Cyber…
  • Stage 1: PrepareStage 1: Prepare- Better protect the business and make sure you have a good recovery plan