How to handle a cyber incident – a practical guide for Scottish firms 

A practical manual on how to handle a cyber-related incident has been created for Scottish businesses.

The ‘Incident Response Guide’, produced by the CyberScotland Partnership, features checklists and guidance on emergency contacts that organisations may need in the face of a security breach.

The launch follows data from the department for digital, culture, media and sport which found that only 38 per cent of businesses and 42 per cent of charities have a formal policy in place covering cybersecurity risks.

The CyberScotland Partnership is a collaborative leadership approach chaired by the Scottish Business Resilience Centre (SBRC) to focus efforts on improving cyber security across the country. It is comprised of 10 strategic organisations in Scotland including the Scottish Government and Police Scotland.

The new guide is “best suited” for small businesses or charities that don’t have in-house incident response teams, and includes longer length advisory pieces on reputation management and legal considerations.

The pack also provides companies that have never developed an incident response plan with tools to ready their business for a cyber related incident.

The checklists included in the guide will ensure those businesses that do have an incident response plan have considered the full spectrum of possibilities – from noting energy supplier contact details to clarity around the business’s most valuable assets.  

Jude McCorry, chairwoman of the CyberScotland Partnership and chief executive of SBRC, said: “Since we launched the CyberScotland Partnership six months ago, we have focused on providing Scottish businesses with practical advice on how to become more cyber resilient. The Incident Response Guide is an extension of this; we designed it so that business owners and leaders can pick it up and use it straight away.

“It’s no longer an option to create an incident response plan and then leave it to gather dust; with the threat of a cyber attack higher than ever, businesses must be proactive when it comes to protecting themselves. This new guide will ensure they not only understand the benefit of being proactive when it comes to IT security but also ensure that their teams are aware of the role they play too – particularly when welcoming new team members.

The pack also features contributions from international law firm CMS, and Scotland’s first tech PR boutique, Clark.tech.

The SBRC is a non-profit organisation which exists to support and help protect Scottish businesses. 

Businesses can download the pack on the CyberScotland Portal here.