Most cyber incidents don’t spiral out of control because of hackers. They spiral because someone panics, guesses, or tries to “fix it” like they’re rebooting a Wi‑Fi router. The first hour is when businesses either contain the damage or accidentally pour petrol on it.
1. Treat It as Real Immediately
If something looks wrong, it is. Don’t waste time debating. Hesitation is how small breaches become headlines.
2. Cut the Cord
Isolate the affected device. Fast. Network cable out. Wi‑Fi off. Account locked. Containment beats curiosity every time.
3. Don’t Play Digital Doctor
No deleting files. No antivirus scans. No rebooting. Well‑meaning tinkering destroys evidence and kills your insurance claim.
4. Identify the Category, Not the Criminal
You don’t need to know who’s behind it. You just need to know what type of incident you’re dealing with so you can escalate correctly.
5. Tell the People Who Matter
Notify the small group who can act. Not the whole company. Not the rumour mill. Controlled communication prevents chaos.
6. Call Your Cyber Partners Before You Break Something
Your MSP, insurer, or incident response team should be your first call, not your last. They can’t help if you’ve already wiped the evidence.
7. Freeze Human Error
During an incident, attackers exploit confusion. Tell staff: no approvals, no password resets, no unusual requests. Lock down behaviour before it becomes the next problem.
8. Keep the Message Simple
A short, factual internal update beats speculation. Clarity protects your team and your reputation.
9. Document Everything
Every action, every timestamp, every observation. It’s your legal, operational, and financial safety net.
The First Hour Decides Everything
Cyber incidents don’t ruin businesses. Poor responses do. The companies that recover quickly are the ones that act decisively, avoid amateur mistakes, and keep their people calm and controlled.
