Incident response for SMEs: Assume cyber security breach | Cyber Security Hub - Cyber Security Hub

Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense Filter Categories Incident response for SMEs: Assume cyber security breach SMEs need to assume they will be breached and prepare accordingly Add bookmark Nick Benson 12/20/2023 Shares Share Post Share Email Share Cyber security is a critical and growing concern for organizations of all shapes and sizes worldwide. Some 43 percent of data breaches happen to small and medium-sized enterprises (SMEs), according to Accenture’s annual Cost of Cybercrime Study. SMEs are also less likely to report or find beaches, so this figure may well be understated. An update from the National Crime Agency to the UK Parliamentary commission on ransomware in June 2023 reported that some ransomware groups “have moved away from CNI and looked to…small and medium-sized enterprises on the basis that they are less likely to have the weight of law enforcement and the intelligence community descend on them.” This issue has been compounded by the evolution of ‘ransomware-as a-service’ which is making it much easier for less technical operators to start carrying out attacks. SMEs face stark cyber security risks Losing money, damaging their reputation, exposing themselves to legal action and losing the trust of their customers are just a few of the impacts that an SME may suffer. Additionally, an SME has a much higher likelihood of going out of business as a result, for example if it leads to a cashflow issue. Some estimates attribute over 80 percent of small business failures to unexpected or unmanaged cash shortages. In a UK government study conducted earlier this year, it was discovered that 26 percent of charities and 39 percent of businesses in the country had experienced cyber security assaults or breaches in the previous 12 months – and these are just the ones that were reported. While taking preventive measures is essential to safeguard against cyber threats, it’s also important to be aware that these steps frequently fall short. How well an organization responds to an attack, specifically how well its incident response plans work, will determine how devastating (or not) the impact will be on the business – and ultimately whether it survives. Nobody can predict if they will be a target. There are too many other factors affecting the risk, including the type and size of your organization, the kind and degree of cyber security measures you have in place and the frequency and level of sophistication of current cyber attacks. The effect they have, though, does depend significantly on the recovery and response plans you have in place. It may be much wiser for all organizations to anticipate that they will have a cyber breach, regardless of what it does or how big it is, and alongside its preventative measures, work on how to identify, contain and recover from one. Getting incident response right The first step is to be aware of risks. To help identify assets, threats, vulnerabilities, impacts and controls, a cyber risk assessment should be conducted. Compiling a successful incident response strategy and putting a plan in writing that will work for your organization can only be done after a cyber risk assessment is completed. In simple terms, an incident response plan defines roles, duties, processes and guidelines for handling a cyber incident. An organization could regret not having one even though it intends to never need one. Complacency is a serious risk, often heightened where cyber defenses and good information security practices have been invested in. The phrase “it couldn’t happen to us” is as much a warning signal as very low cyber security awareness. For many organizations, especially SMEs, a good cyber incident response plan will require input from an external provider. It will also specify the use of an external incident response provider as part of the plans, sometimes dependent on the severity of the incident and often because of a lack of in-house resources in SME businesses. Perhaps unsurprisingly, the UK government’s 2022 Cyber Security Breaches Survey indicated that smaller firms have a harder time creating incident response plans and are therefore less prepared for a breach. This is often down to a lack of internal expertise and capacity, along with an assumption that attacks only happen to bigger organizations. Choosing a provider is also a significant challenge. It is essential to be able to trust them and rely on them to have the knowledge and expertise your organization needs. This is partly why the UK’s NCSC has expanded its Cyber Incident Response (CIR) program, in collaboration with delivery partners like CREST. The program, which gives access to assured incident response specialists, now covers support for all organizations instead of only those of national significance, in recognition that every firm runs the risk of a costly breach. Data breach detection, analyses and recovery When confronted with a cyber attack or data breach, an organization can quickly follow the protocols and principles laid out in its incident response plan. Following the plan helps an organization detect, contain, analyze and recover from an incident. This way, it stands a chance of preventing or lessening the damage and impact of an incident. The right service provider needs to be chosen to help SMEs put a clear plan in place and, if the need occurs, to implement it. Every organization will greatly benefit from this, including faster response times and lower recovery costs, increased stakeholder communication, mitigation of any legal or regulatory repercussions and discovery and correction of the breach’s root causes. It is not just about the advantages if there is a breach; it may also increase customer, employee and investor trust in the company by showing it is ready in the event of a cyber attack. Choosing the right service provider will undoubtedly make a big difference in how quickly and effectively an organization handles a security breach. Some things to look for in a provider are experience and expertise, scope of services, litigation support and response time. External validation of these things is really valuable. Programs like NCSC’s CIR Assured Service Provider and CHECK Scheme, as well as CREST’s corporate accreditation in Incident Response, Penetration Testing and Threat Intelligence, all help SMEs to select providers with confidence so that when the worst happens, they are ready for it. Report: 'Diagnosing Disaster: How To Recover From An Attack' This report on incident response and recovery offers pivoting strategies and identifies top internal and external challenges for security teams. Learn More Tags: Incident Response Cyber Security Cyber-Attacks Comments You must Login or Subscribe to comment. Upcoming Events 16th Automotive Cybersecurity Summit 2026 March 18 - 19, 2026 Sheraton Ann Arbor Hotel, Ann Arbor, Michigan Register Now View Agenda View Event Digital Identity Week 1st - 2nd September 2026 Intercontinental Double Bay, Sydney Register Now View Agenda View Event Follow Us           Subscribe to our Free Newsletter Insights from the world’s foremost thought leaders delivered to your inbox. Latest Webinars From Dependencies to Defences: Navigating Software Supply Chain Security 2025-09-24 11:00 AM - 12:00 PM SGT Learn how to defend your software supply chain from dependency threats and build resilient security... Unpacking global regulatory frameworks to enhance third-party operational resilience 2024-11-14 11:00 AM - 12:00 PM EST Join this webinar to explore the resilience-focused requirements of DORA, NIS2 and other global regu... Preventing financial and reputational risk with process intelligence 2024-05-23 11:00 AM - 12:00 PM EDT Learn how to manage risk stemming from poorly controlled processes in a collaborative way Recommended Online Cyber security implications of DeepSeek’s open-source AI model 2025-02-03 By Michael Hill Online Enhancing cyber security in financial services: Simulated cyber attacks 2024-03-27 By Nick Benson Online Synthetic identity theft and how to stay secure 2024-01-30 By Alex Vakulov Online Generative AI’s role in enhancing cyber security 2024-01-03 By Raef Meeuwisse FIND CONTENT BY TYPE News Case Studies Interviews White Papers Videos Cyber Security Hub COMMUNITY About Us Power10 Contact Us Advertise with us Cookie Policy User Agreement Become a Contributor All Access from CS Hub Become a Member Today Media Partners ADVERTISE WITH US Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market. Advertise Now JOIN THE Cyber Security Hub COMMUNITY Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more. Become a Member Today Cyber Security Hub, a division of IQPC © 2026 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings. Careers With IQPC | Contact Us | About Us | Cookie Policy We use cookies and similar technologies to recognize your visits and preferences, as well as to measure the effectiveness of campaigns and analyze traffic. To learn more about cookies, including how to disable them, view our Cookie Policy OK Privacy Preference Center When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information Allow All Manage Consent Preferences Strictly Necessary Cookies Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. Performance Cookies Always Active These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. Functional Cookies Always Active These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. Targeting Cookies Always Active These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. Cookie List Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label Confirm My Choices