In an ideal world, strong security controls would stop cyber incidents before they ever impact the business. Yet 2025 has already shown that even established organisations can be caught off guard.
You may remember Marks & Spencer experiencing a cyber incident that made national headlines.
But did you know that 43% of UK businesses experienced a cyber security breach or attack in the last 12 months?¹
For smaller organisations, the impact can be just as serious, or even more devastating, because internal resources are often far more limited.
The first signs of trouble
It's 9:15 on a Monday morning.
A member of staff reports unusual login activity. Shared files suddenly become inaccessible. Emails stop working properly.
Teams begin trying to work out what’s happening behind the scenes. At first, it may look like a temporary technical issue.
Then the conversation shifts from “What’s going on?” to “How serious is this?”
While investigations are ongoing, decisions around communication, operations and next steps often need to be made quickly and under pressure.
For many organisations, this is when response plans are properly tested for the first time, or even created on the spot.
What is a Cyber Incident Readiness Exercise?
A Cyber Incident Readiness Exercise a hands-on, scenario-based exercise that assesses cyber incident readiness, response and organisational resilience.
Realistic scenarios help leadership, IT, and operational teams understand how the organisation would respond, communicate and make decisions under pressure.
Why organisations run Cyber Incident Readiness Exercises
Some organisations already have incident response plans in place but have never really put them to the test.
Others have informal processes managed across different teams and documented across multiple systems, without a clear picture of how everything would work during a real incident.
Testing it gives organisations the opportunity to understand how the response would work, where gaps may exist and what may need to be improved.
When everyone has a role
One of the biggest benefits of running an exercise like this is understanding how different parts of the organisation work together during a real incident.
Although cyber incidents often begin as technical problems, they quickly affect the whole business. Leadership, operations, compliance, communications, and customer-facing teams are all in the same boat and may need to make decisions while the situation is still evolving.
Exercises like this often reveal strengths organisations did not realise they already had, from strong communication and quick decision-making to teams working well together under pressure.
At the same time, they help uncover areas that may need more attention before a real incident occurs.
More than just good practice
Although incident response plans are not a legal requirement for all UK businesses, they are becoming increasingly important for compliance, governance and operational resilience.
Guidance from organisations such as the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) emphasises the importance of having clear incident response processes in place.
For some sectors, incident response planning is already closely tied to wider compliance requirements, including UK GDPR, NIS regulations, PCI DSS and public sector or NHS supply chain expectations.
And increasingly, expectations go beyond simply having a document sitting in a folder somewhere.
Plans are expected to be understood, maintained and tested in practice.
It’s not just fingers-crossed
Hopefully, your organisation never needs to deal with a serious cyber incident.
Preparation is key if something unexpected does happen.
Much like business continuity planning or insurance, incident response is one of those safeguards that becomes far more important once it’s suddenly needed.
A Cyber Incident Readiness Exercise allows organisations to test their response in practice, work through realistic scenarios and identify gaps, assumptions or communication issues before a real incident forces those decisions in real time.
Call us: 0131 603 7910
Message us: https://www.grantmcgregor.co.uk/contact-us
¹Department for Science, Innovation and Technology (2026) Cyber security breaches survey 2025/2026. Available at: GOV.UK report
