Cyber Incident Response (CIR) Management

Becoming a victim of a cyber attack is an imminent reality for all companies

With punitive measures introduced by the GDPR (General Data Protection Regulation) and the NIS (Network and Information Systems) Regulations, how an organisation responds to a cyber incident can often spell the difference between failure and success.

The speed at which you identify and mitigate such incidents makes a significant difference in controlling your risks, cost and exposure. Effective cyber incident management can reduce the risk of future incidents occurring, help you detect incidents at an earlier stage and develop a robust defence against attacks to potentially save your organisation millions.

Emergency support Gap assessment Ongoing support Staff exercises

Free PDF download: Cyber Incident Response Management – A beginner’s guide

Free PDF download: Cyber Incident Response Management – A beginner’s guide

Download this paper to:

  • Understand what constitutes a cyber incident;
  • Learn about the potential consequences of suffering an incident;
  • Find out what to include in your incident response plans; and
  • Discover a step-by-step incident response process.

Download now

Why do organisations need incident response planning?

Cyber attacks and data breaches are inevitable, so incident response in cyber security is critical. Cyber criminals only need to find one weakness to infiltrate your systems, so it is essential to be prepared when a breach occurs.

The current incident response climate in organisations demonstrates why CIR is not something you can afford to ignore:

 175 days

The average number of time that a threat has undetected access in a network. (FireEye M-Trends)


The percentage of organisations that don't have a cyber incident response plan in place and are unprepared to respond to a cyber attack. (PwC Global Economic Crime and Fraud Survey)​​


The time period for organisations to report data breaches/incidents under the GDPR and the NIS Regulations. The breach must be reported within 72 hours, or face heavy fines.


The average cost for an organisation that has suffered a data breach. (Ponemon Institute’s Cost of a Data Breach Study: Global Overview)​

Incident reporting requirements under the GDPR and NIS Directive

Under Article 32 of the GDPR, organisations are obligated to restore the availability of and access to personal data in the event of a physical or technical breach. 

Organisations in critical infrastructure also face these obligations under the NIS Directive (EU Directive on security of network and information systems), whereby OES (operators of essential services) and DSPs (digital service providers) are required to adopt incident response measures to ensure recovery following a disruptive incident.


1. Reconnaissance

  • Identify target
  • Look for vulnerabilities


  • Monitoring and logging
  • Situational awareness
  • Collaboration

2. Attack target

  • Exploit vulnerabilities
  • Defeat remaining controls
  • Architectural system design
  • Standard controls (e.g. ISO 27001)
  • Penetration testing

3. Achieve objectives

  • Disruption of systems
  • Extraction of data
  • Manipulation of information
  • Cyber security incident response planning
  • Business continuity and disaster recovery plans
  • Cyber security insurance

Frameworks that outline and require incident response measures

Incident response planning is mandated as part of all major cyber security regimes, either directly or indirectly. The following standards require incident response measures: 

  • ISO 27001, the international standard for an ISMS (information security management system)
  • ISO 22301, the international standard for a BCMS (business continuity management system)
  • PCI DSS (Payment Card Industry Data Security Standard)

UK government departments also have a responsibility to report cyber incidents under the terms laid out in the security policy framework issued by the Cabinet Office, effectively mandating a CIR for such organisations as well.

Be prepared for any cyber security incident

Cyber incident response management (CIRM) service

Emergency support

Our Emergency Cyber Incident Response Service will enable you to respond to any cyber incident quickly and with confidence, with backing from our expert responders so that you can limit the impact of an incident.

Find out more

Cyber incident response management (CIRM) training course

Gap Assessment

How prepared is your organisation to identify and respond to a cyber incident? Find out in our detailed Cyber Incident Response - Readiness Assessment, which will enable you to receive expert advice on remediation tactics to address any weaknesses, instilling confidence in your organisation that you have a solid plan in place, should an incident occur.

Find out more

Ongoing support

Cyber Incident Response Annual Retainer – Silver
Cyber Incident Response Annual Retainer – Gold
Cyber Incident Response Annual Retainer - Platinum
Cyber Incident Response Investigation

Continued support from our specialist incident responders with our comprehensive range of Cyber Incident Response Annual Retainer Services and our bespoke Cyber Incident Response Investigation Service will ensure your organisation can identify, contain, eradicate, and recover from a cyber security incident.

Find out more

Cyber incident response management (CIRM) training course

Staff exercises

Rehearse your cyber incident response with your staff and our specialist incident responders to ensure your plans are robust enough to cover every eventuality with our Cyber Incident Response – Tabletop Exercises.

Find out more

Cyber incident response management (CIRM) training course

Train your staff

Find out how to effectively manage and respond to a disruptive incident, such as a data breach or cyber attack, and take appropriate steps to limit the damage to your business, reputation and brand.

Book now

Why choose IT Governance for cyber security incident management? 

  • We draw from proven incident response standards to help you define, implement and effectively apply an incident response management programme.
  • We offer the full range of incident response services, from identification and containment (including forensic investigation) to recovery and reporting and advising on internal and external communications.
  • Our management service is tailored to your needs, business requirements and budget, making it a cost-effective solution.
  • We have over 15 years of experience helping organisations achieve local and international compliance with management system standards such as ISO 27001.
  • We draw on a wide range of GRC International Group’s relevant services, including penetration testing, payment card expertise and legal advice. We have multi-disciplinary teams with project managers to roll out compliance implementation projects and executive expertise to brief your board and develop suitable strategies.
  • We offer on-site or remote assistance.
  • We hold the following certifications and accreditations: Cyber Essentials, Cyber Essentials Plus, ISO 27001, ISO 27701, ISO 9001, BS 10012 and CREST.
  • We are a Crown Commercial Service Supplier.
This website uses cookies. View our cookie policy
SAVE 10%