In an ideal world, strong security controls would stop cyber incidents before they ever impact the business. Yet 2025 has already shown that even established organisations can be caught off guard.
You may remember Marks & Spencer experiencing a cyber incident that made national headlines.
But did you know that 43% of UK businesses experienced a cyber security breach or attack in the last 12 months?¹
For smaller organisations, the impact can be just as serious, or even more devastating, because internal resources are often far more limited.
A member of staff reports unusual login activity. Shared files suddenly become inaccessible. Emails stop working properly.
Teams begin trying to work out what’s happening behind the scenes. At first, it may look like a temporary technical issue.
Then the conversation shifts from “What’s going on?” to “How serious is this?”
While investigations are ongoing, decisions around communication, operations and next steps often need to be made quickly and under pressure.
For many organisations, this is when response plans are properly tested for the first time, or even created on the spot.
Realistic scenarios help leadership, IT, and operational teams understand how the organisation would respond, communicate and make decisions under pressure.
Some organisations already have incident response plans in place but have never really put them to the test.
Others have informal processes managed across different teams and documented across multiple systems, without a clear picture of how everything would work during a real incident.
Testing it gives organisations the opportunity to understand how the response would work, where gaps may exist and what may need to be improved.
Although cyber incidents often begin as technical problems, they quickly affect the whole business. Leadership, operations, compliance, communications, and customer-facing teams are all in the same boat and may need to make decisions while the situation is still evolving.
Exercises like this often reveal strengths organisations did not realise they already had, from strong communication and quick decision-making to teams working well together under pressure.
At the same time, they help uncover areas that may need more attention before a real incident occurs.
Guidance from organisations such as the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) emphasises the importance of having clear incident response processes in place.
For some sectors, incident response planning is already closely tied to wider compliance requirements, including UK GDPR, NIS regulations, PCI DSS and public sector or NHS supply chain expectations.
And increasingly, expectations go beyond simply having a document sitting in a folder somewhere.
Plans are expected to be understood, maintained and tested in practice.
Preparation is key if something unexpected does happen.
Much like business continuity planning or insurance, incident response is one of those safeguards that becomes far more important once it’s suddenly needed.
A Cyber Incident Readiness Exercise allows organisations to test their response in practice, work through realistic scenarios and identify gaps, assumptions or communication issues before a real incident forces those decisions in real time.
Call us: 0131 603 7910
Message us: https://www.grantmcgregor.co.uk/contact-us
¹Department for Science, Innovation and Technology (2026) Cyber security breaches survey 2025/2026. Available at: GOV.UK report