02380 558200 info@aeins.co.uk

5 Steps to take after a Cyber Attack

Feb 16, 2026 | Industry News

a screen with the text cyber security

Cyber Attacks Are Increasing… According to the UK Government’s Cyber Security Breaches Survey, around 43% of UK businesses reported experiencing a cyber security breach or attack in the past 12 months. Would you know what to do if it happened to you? Having a clear incident response plan for a cyber attack is essential.

Common Cyber Threats

Knowing what to look out for helps you act quickly. Common threats include:

  • Phishing Emails
    Fake emails trick staff into clicking harmful links or giving away information. These are behind 90% of attacks.
  • Ransomware
    Criminals lock or steal your data and demand payment. Some also leak stolen data.
  • Business Email Compromise (BEC)
    Hackers use fake or hacked emails to trick finance teams into sending money.
  • Supply Chain Attacks
    Attackers get in through suppliers or contractors.
  • Insider Threats
    These can be accidental (e.g. clicking a bad link) or intentional.

How to Prevent Cyber Attacks

You can’t stop every attack, but these steps make you a harder target:

  • Limit admin access to only those who need it.
  • Back up data regularly and keep one copy offline.
  • Train staff to spot suspicious emails and behaviour.
  • Keep software updated to fix security gaps.
  • Use multi-factor authentication (MFA) for extra protection.
  • Use strong passphrases made of random words.

5 Key Steps to Handle a Cyber Attack

Based on the NIST Cybersecurity Framework, here’s what to do:

1. Identify

  • Know your key systems, data, and suppliers.
  • Have a response plan and assign roles.
  • Keep a log of actions taken.
  • Contact your insurer for support.

2. Protect

  • Use strong passphrases and MFA.
  • Update software and patch systems.
  • Keep tested backups, including one offline.
  • Train staff to spot threats.

3. Detect

  • Watch for signs like renamed files or locked accounts.
  • Turn on logging in email, firewall, and VPN tools.
  • Encourage staff to report anything unusual.

4. Respond

  • Declare the incident and appoint a lead.
  • Isolate affected devices (unplug from Wi-Fi, don’t power off).
  • Contact IT support or an approved response provider.
  • Report to NCSC, Action Fraud, and the ICO if personal data is involved.
  • Communicate clearly with staff, customers, and suppliers.

5. Recover

  • Rebuild from clean systems and restore verified backups.
  • Reset passwords and enforce MFA.
  • Monitor for reinfection.
  • Review the incident and update your plan.
  • Consider Cyber Essentials certification.

Need Help Protecting Your Business?

The best time to prepare is before an attack happens. Whether it’s ransomware, phishing, or a supply chain breach, planning ahead makes all the difference.

Ae Insurance Brokers can help you:

  • Build a tailored incident response plan
  • Run penetration testing to find hidden risks
  • Perform regular vulnerability scans
  • Find an insurance solution that is tailored to your needs