Our Thinking | Intercity Technology

UK Gov urges CEOs to get disaster plans on paper

Written by Intercity | Oct 28, 2025 8:24:09 AM

In the wake of this year's cyber attack spree, the government has issued a stark warning to UK businesses... 

With increased attacks leaving significant marks on key UK businesses, the NCSC is now urging CEOs to 'have plans on paper in case of attacks' - So what exactly does this mean, and what should you put on paper?

“For too long, cyber security has been regarded as an issue predominantly for technical staff. This must change. All business leaders need to take responsibility for their organisation’s cyber resilience.” - Richard Horne CEO, NCSC

The BBC and Telegraph have both recently echoed the NCSC's message of pen and paper as a crucial play as attacks surge. It's all part of a strategy referred to as 'resilience engineering', the idea of looking at systems and processes that can anticipate, absorb, recover, and adapt, in the event of an attack.

Every business will have its own unique take on what the pen and paper aspect of disaster planning should look like, and it really should be bespoke to your organisation. But if you are yet to start a physical copy of your disaster plans, here's a helpful starting checklist:

Best practice guidance for physical recovery & disaster planning

  1. Keep them protected and secure: Store your pack in a locked, fire- and water-resistant safe or sealed folder. For sensitive pages, use clear labelling and tamper-evident seals to track access.
  2. Spread the risk: Back up your backup in different locations. One copy could stay on-site, another at a secondary location, or with a trusted senior leader.
  3. Treat sensitive data with care: Never print credentials or passwords. Instead, record where encrypted passwords are stored and share that information only with authorised colleagues.
  4. Assign clear ownership: These documents need oversight and regular updates. Appoint one owner to maintain control, ensure accuracy, and prevent unnecessary copies floating across teams.
  5. Make it quick to reach: Alongside your full pack, create a concise version with only the essentials your activation checklist, key contacts, and first-hour actions. When time is critical, clarity beats detail.

A well-prepared physical disaster pack keeps your team moving when systems stall. Start simple with an A4 folder or plastic wallet and make sure it’s stored securely but easy to grab in a crisis. It should hold the essentials: key contacts and roles, critical systems and suppliers, and a clear one-page activation checklist for the first hour of response.

On top of this, you should include the following: Recovery steps, communication templates & runbooks, holding statements, insurance and regulatory details, and a record of where your backups live. Add practical touches like site maps, access information, and a basic change log so it stays up to date. The goal is to ensure the right people have the right information, at the right time, when every minute counts.

The only way is to find out if it works is to test it. Ensure your team knows where to find the information, how to follow the steps, and which processes need the most attention. Testing uncovers gaps and reinforces what works.

It comes down to four essentials:
  • Create it - Build your plan around realistic threats.
  • Protect it - Store and secure it properly.
  • Test it - Run through scenarios to see how your people and processes respond.
  • Review it - Update and refine after every exercise.

These steps are a living process, a blueprint for resilience that can keep your business running smoothly when unexpected issues arise.

Does your business have these steps in place? If not, now’s the time to review and we can help ensure everything is structured and secure.

 

Proactive vs reactive security

A physical copy of your business operations is only ever a contingency. What you really need is to stop breaches before they happen a proactive defence rather than a reactive response. That requires:

  • Constant system monitoring
  • Real time detection 
  • Precise threat analysis
  • Rapid response to threats

A  good Security Operations Centre (SOC) can provide all of this, 24/7 protection, all year round. It's not just the big businesses that need one, and that's why we've made it more accessible, with a MISA (Microsoft Intelligent Security Association) backed service that gives your business the confidence to operate without compromise.

 

Contingency plans are essential whether that’s a physical backup, pen and paper, or another method. But the real win is not needing them at all, because your business is already protected against threats before they can cause disruption.

Discover the key takeaways from the NCSC’s 2025 Annual Threat Review here

 

 

 
View full post