In today’s world, all organisations face cyber attacks on a regular basis. Statistics show a cyber attack occurs every 11 seconds.1 It only takes one successful attempt to break down an organisation’s defences for disaster to strike, and eventually one will slip through – attackers are more persistent, more determined, and will try again and again until they succeed. It’s for this reason that mature organisations adopt an attitude of not “if it happens”, but “when it happens”, and make plans for how to respond. Being prepared is key to successfully recovering from a cyber incident, especially when you consider the threat landscape we are experiencing in 2025.
Benjamin Franklin once said that “an ounce of prevention is worth a pound of cure”, meaning that it is less costly to be prepared for a problem than to just deal with the consequences after it occurs. By developing Cyber Incident Response plans, organisations can handle situations in a way that reduces damage, improves recovery time, and lowers associated costs; at the same time as keeping your business operational and preserving the trust of your clients and stakeholders in the process. To fail to plan, is to plan to fail.
Preparing for an incident is not only the smart thing to do, for many it is or will soon be a legal requirement. It can make or break businesses. Upcoming or recently enacted legislation in the UK, EU and US all mandate strict incident reporting requirements for organisations within critical sectors. Without incident response plans in place, gathering the information needed to make those reports in a timely manner is a challenge and failure could result in substantial fines and consequences for your organisation and its stakeholders, and could result in chaos should the unthinkable happen.
When developing your own plans there is no need to reinvent the wheel as there is a plethora of material available on the topic, as well as widely accepted best practices to follow. The National Cyber Security Centre’s 10 Steps to Cyber Security includes guidance on incident management and is a great starting point. For a deeper dive you can take a look at their Cyber Assessment Framework. The challenge is applying the best framework that is most relevant or appropriate for your business needs.
It's important to consider if your team have the tools available to succeed. IBM’s Cost of a Data Breach report found that it takes an average of 272 days to identify and contain an active breach, and many attacks go unnoticed or undiscovered for an eye watering period of time before detection takes place. Next Generation security solutions that provide continuous monitoring 24x7x365 and automated human led threat detection will enhance your ability to react at the first sign of danger and not be rushing to close the barn door long after the horse has bolted.
For organisations without the resources and capability to develop this capability internally, this is where Toro and its Security Operations team comes in. Not only can Toro help you create your plans, but also put them to the test by exercising them (see our recent blog on the critical importance of exercising). Going a step further, our specialists are capable of stepping in to manage a live incident for you, giving you structured access to expertise when you need it most, in a way that is affordable and scalable to businesses and organisations, to help your business handle security incidents, limiting the damage caused, and restoring critical business processes in an orderly fashion. Of course, Toro and its NCSC Certified Incident Response aligned Computer Security Incident Response Team (CSIRT) can also help with a ‘lessons learned’ exercise after an incident has been contained and eradicated, by reviewing your technical controls and strengthening your defences, to prevent repeat attacks.
Effective cyber incident response is a critical part of business resilience, and one that regulators across the world are starting to expect companies to have in their toolbox. Being properly prepared can make the difference between a quick recovery and a prolonged crisis, or even business failure, sadly. In an age where cyber attacks are an ever-present risk, a well designed and tested plan is a necessity.
1 https://explodingtopics.com/blog/cybersecurity-stats