Skip to main content

Containment, Eradication & Recovery › Business Continuity During an Incident

Business Continuity During an Incident

When a major cyber incident strikes, your organisation does not have the luxury of shutting down until the problem is fixed. Customers still need service, employees still need to work, and contractual obligations still apply. Business continuity during an incident requires advance planning that bridges the gap between your IR plan and your business continuity plan.

Key Continuity Considerations

  • Alternative working methods: If your primary systems are down, how do staff continue essential work? This might mean reverting to manual processes, using personal devices, or switching to backup cloud services.
  • Customer communication: Keep customers informed about service disruptions. Silence breeds speculation and erodes trust faster than bad news delivered transparently.
  • Revenue protection: Identify which revenue-generating activities can continue and which are blocked. Prioritise recovery of systems that directly impact revenue.
  • Contractual obligations: Review SLAs and contractual commitments. Notify customers proactively if you will miss agreed service levels.
  • Staff welfare: Incidents are stressful. Ensure IR team members take breaks, rotate shifts, and have access to support. Burned-out responders make costly mistakes.

Diagram

Business Continuity During a Cyber Incident

Parallel tracks showing IR activities (containment, eradication, recovery) running alongside business continuity activities (alternative processes, customer communication, revenue protection).

Action Steps

  • Map your top five critical business processes and identify manual workarounds for each.
  • Pre-draft customer communication templates for service disruptions.
  • Ensure your IR plan and business continuity plan are aligned and reference each other.

Quick Knowledge Check

  1. Why is customer communication critical during an incident?
    Silence breeds speculation and erodes trust faster than transparent communication about the situation and expected resolution.
  2. Why should IR team member welfare be a priority?
    Burned-out responders make costly mistakes. Rotating shifts and ensuring breaks leads to better decision-making during extended incidents.