Would you know what to do if your customer says, “Help I’ve been hacked”?

Small businesses depend on their IT and communications and when something goes wrong, they are usually the first place a customer will try to get it all fixed, but is there more you could be doing before that conversation?

Image of male with headset looking engaged

The Cyber Breaches Survey 2022 reported that

boards tend to trust and defer the finer details of a cyber security approach to their IT teams (in the case of larger organisations) or third parties and external providers (in the case of smaller organisations). This is because there was a low level of knowledge of the technical details of cyber risks and how to manage them at senior management and board level.”

which shows the importance of IT and Comms to small businesses.


Incident response needs to start before an incident ever occurs, with a plan.

Screenshot of front page of the incident response template

Like businesses create fire escape plans, they also need to start developing incident response plans, and IT and Comms companies can be essential in this planning.


The ECRC has a free incident response plan template for businesses to use which explains why they need it but also the key considerations they should be thinking about. Why don’t you adapt it with your information and share it?



Add value to your customers by starting these conversations

Conversation between two people in an office setting

A lot of businesses don’t know where to start with cyber resilience so why don’t you assist them by starting the conversation?

  • How should they contact you in an emergency? What response can they expect? Will you work over a weekend?

  • Are their phone lines going to work in a successful ransomware attack – if they are on VOIP maybe not, but do they know that?

  • Will you ned to do any security verification with them? How do you do that if their system is encrypted by ransomware?

  • Will you need to call in a third-party security company to assist? If so, have you already identified a company you can use? The ECRC has several Trusted Partners who are cyber security firms in the East of England able to accredit cyber essentials, who might be able to assist in this area.

And if the worst happens…

The police want to know about it. Every police force has a dedicated cyber team who are ready to investigate cybercrime.


Any business, charity or other organisation which is currently suffering a live cyber-attack (in progress), can call Action Fraud on 0300 123 2040 to report it. This service is available 24 hours a day, 7 days a week. The report will get triaged and allocated the most appropriate authority.

And if your customer just doesn’t get the importance of cyber security why not refer them to the ECRC?

The Eastern Cyber Resilience Centre is a not-for-profit membership organisation, run by policing, with the intention of increasing cyber resilience of SMEs within the East of England.


You can contact the Cyber Resilience Centre for guidance and support through our e-mail enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.


We provide free guidance on our website and free core membership. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.