Banking CIO Outlook
show-menu

Incident Response - Preparation to Prevent Panic

Ste Watts, Group Head of Cyber Security Operations (SecOps), Aldermore Bank PLC

Ste Watts, Group Head of Cyber Security Operations (SecOps), Aldermore Bank PLC

“In this world nothing can be said to be certain, except death, taxes and cyber incidents” – a wise Incident Responder.

For small and medium-sized businesses (SMEs) in the UK, this reality is hitting hard. A recent Vodafone Business report revealed that these companies are losing around £3.4 billion each year because of weak cybersecurity. The problem? Too many businesses assume they’re either too small to be attacked or so well-protected that nothing could possibly go wrong. But when chaos strikes, that’s the worst time to realise that you don’t have a plan.

That’s where incident preparedness comes in. Having a solid plan doesn’t just help you deal with the incident —it lets you protect your team, your customers, and your reputation whilst remaining calm.

Why Having a Cybersecurity Plan Matters

• Damage Control: When an incident occurs, every second counts. A clear Cyber Security Incident Response Plan (CSIRP) can help you act fast, keep the situation from escalating, and limit the impact.

• Protecting Your People: Large cyber incidents can be mentally and physically exhausting for the people responding to them. Sleepless nights and the stress of protecting your company can take a toll. A well-rehearsed plan gives your team confidence to handle incidents without them burning out.

• Operational Resilience: Losing access to key systems can grind your business to a halt, costing time and money. A good plan ensures you recover the most important systems quickly and get back on track as quickly as possible.

• Earning Trust: Whether it’s financial info, personal data, or national infrastructure, people trust businesses to keep things safe. A solid CSIRP shows that you’re serious about cybersecurity, and it helps build confidence with customers, partners, and employees.

• Following the Rules: Governments and industry bodies are cracking down on cybersecurity standards. If you don’t comply—whether it’s with GDPR, PCI-DSS, DORA or the multitude of other requirements —you risk fines and other penalties. A CSIRP can help you meet these expectations and remain compliant.

“Taking the time to write and practice your CSIRP and prioritise your team can take you from uncertainty and chaos to preparedness and resilience”

How to Get Prepared

After years of responding to hundreds of incidents, from phishing and data theft to enterprise-wide malware infections and insider threats, here are some of my top incident response tips.

1. Write It Down: It sounds obvious, but according to research from JumpCloud, only 55% of companies actually have a documented incident response plan. If you don’t know where to start, bring in an expert to help.

2. Create Scenario Based Playbooks: What’s most likely to hit your business—ransomware, DDoS, data leaks? Create step-by-step guides (playbooks) for handling these scenarios. Again, bring in third-party experts if needed.

3. Know Your Assets: You can’t protect what you don’t know. Identify your key assets, figure out who’s responsible for them, and prioritise alerts for your most critical systems.

4. Assign Roles: Make sure everyone knows their job in a cyber incident. Who’s running the meeting? Who’s calling the regulators or external partners? Who’s making tough calls, like shutting down systems? Ensure the roles are agreed and documented.

5. Look Out for Your Team: Assign a welfare lead to check on the well-being of the response team—making sure they take breaks, rotate tasks, and avoid burnout. Caring for your people should always be a top priority.

6. Practice Makes Perfect: A plan is only effective if people know it exists. Regularly run tabletop exercises to test your plan and get everyone comfortable with their roles. The more you practice, the better you will perform.

7. Communicate Clearly: Chaos is the enemy of effective communication. Set up clear communication channels ahead of time and prep some “boilerplate” responses that can be adapted as needed.

8. Review and Improve: Once the dust settles, don’t forget to look back at what worked—and what didn’t. Post-incident reviews (PIRs) also known as After-Action Reports (AARs) are crucial for improving your plan and developing your team.

In summary, incidents are inevitable even for the most well protected organisations, but their impact is something that you can help control. Taking the time to write and practice your CSIRP and prioritise your team can take you from uncertainty and chaos to preparedness and resilience.

tag

Financial

review

Test

Weekly Brief

Read Also

Shaping the Future of Banking with ITMs

Shaping the Future of Banking with ITMs
Michael Noftsger, Chief Administrative Officer (CAO), Forcht Bank
Human-Centered Banking for Stronger Local Economic Resilience

Human-Centered Banking for Stronger Local Economic Resilience
Stephanie McClendon, Chief of Community Banking, First Federal Bank
Why Your AI Models Need to Talk to Each Other (And Maybe Take Yoga Together)

Why Your AI Models Need to Talk to Each Other (And Maybe Take Yoga Together)
Jerry Duan, SVP, Director, Credit Risk Models, United Community Bank
Banking Tailored to Client Needs

Banking Tailored to Client Needs
Aylon Spinner, Head of Technology Strategy and Architecture, CIB, Standard Bank Group
The European Cyber Crucible

The European Cyber Crucible
Roberto Baratta Martinez, Director of Loss Prevention, Business Continuity and Security, ABANCA
Future of Cyber Security: Responding to Threats with Confidence

Future of Cyber Security: Responding to Threats with Confidence
Bernard Gavgani, Senior Advisor to the Group's General Management, BNP Paribas