You Can't Improvise a Cyber Response Under Fire — Plan It Now

The NCSC has published a pointed piece of guidance aimed at leaders: prepare for a severe cyber attack now, because the measures you'll need can't be improvised once one is underway. It's framed around critical national infrastructure, but the underlying lesson applies to businesses of every size.

What the NCSC is saying

The NCSC's director of national resilience makes the case that resilience — not prevention alone — is now the defining requirement. Attacks won't always be stopped at the perimeter, so organisations must be able to keep operating through disruption and recover afterwards, often under intense pressure. It points to highly capable, often state-aligned attackers with growing intent to cause real-world disruption, and to frontier AI making attacks faster and easier.

The key warning: many of the actions needed during a serious incident — isolating networks, rebuilding systems, switching to manual processes — are complex and can't be stood up on the day. Unless they've been planned and rehearsed in advance, they simply won't be available when you need them. As the NCSC puts it, preparing for this is a leadership responsibility.

Why this matters for you

You don't have to run a power station for this to apply. Every business now depends on its IT, and the question is the same: if your systems were down or compromised tomorrow, do you actually know how you'd keep serving customers and how you'd recover — or would you be working it out for the first time, in a crisis?

What to do

1. Write an incident response plan — who decides what, who you call, and in what order.
2. Know your critical systems and data — what absolutely has to keep running, and what you'd restore first.
3. Rehearse it. Walk through a realistic scenario with your team so the plan isn't just a document.
4. Test your backups and recovery — confirm you can actually restore, and how long it takes.
5. Keep a manual fallback for your most essential processes.

This kind of practical continuity and incident-response planning is something we build with our clients across Greater Manchester — proportionate to the business, and actually rehearsed. Get in touch to start the conversation.

Source: Preparing for severe cyber threat: why leaders must act now — National Cyber Security Centre