22 October 2025

Back to Pen and Paper: Do you have a plan for a cyber attack

By Jess Pembroke, Director of Information Law Services

“People should plan for potential cyber-attacks by going back to pen and paper, according to the latest advice. The UK government has written to chief executives across the country, strongly recommending that organisations keep physical copies of their cyber incident response plans as a precaution”. [1]

This follows the latest published National Cyber Security Centre Annual Review 2025 , the report includes an open letter from Shirine Khoury-Haq, CEO of The Co-op Group, sharing lessons from a recent cyber-attack and urging leaders to take proactive steps to strengthen resilience.[2]

Why? Because as we have seen across this year, our businesses and organisations are heavily reliant on our IT systems to run our day-to-day operations, and when these are unavailable your ability to plan, act and adapt is what will keep your organisation open for business.

What Should Be in Your Offline Plan?

These are a few of the things we recommend organisations consider:

  • How will you protect physical safety in your premises and venues if systems go down?
  • Who steps in if your CEO is abroad or your IT lead is unavailable?
  • How will you determine whether personal data is involved in the breach?
  • If your usual communication channels are compromised, how will you reach your board, staff, clients, and the public?
  • What messaging will you prepare for the media, including social media?
  • How will you respond to employee concerns about job security, pay?
  • What will you do if you need to pay suppliers or respond to a ransom demand? (For more on ransom payments, see our blog on.)
  • Do you know how to initiate an insurance claim?

Why is this necessary?

Cyber-attack contingency planning isn’t new, but it’s the UK’s National Cyber Security Centre (NCSC) is now placing this advice front and centre. This year there has been a marked increase in high-impact breaches. You can watch this BBC documentary to hear more on why criminals target companies in this way: Inside the High Street Cyber-Attacks – BBC iPlayer

What Else Should We Be Doing?

Training. Cyber security training has either been deprioritised or narrowly focused on phishing awareness, but phishing is just one threat among many. Staff across all levels should receive regular, practical training that covers the full spectrum of cyber security and data protection risks.

Would your board benefit from a deeper understanding of these risks and responsibilities? See our CPD accredited session Data Protection & Cyber Security for Execs and Senior Leaders.

Or why not invite us to deliver an in-house session tailored to your organisation’s needs.

We can facilitate a hands-on workshop to help your leadership team build or refine your cyber incident response plan, on paper, as recommended.

[1] https://www.bbc.co.uk/news/articles/ced61xv967lo

[2]  [ncsc.gov.uk]

Recent News

(c) Mihail Dishev Photo from left: Dr Smita Kheria, University of Edinburgh, School of Law; Professor Ryan Whalen, University of Hong Kong, Faculty of Law; Dr Tommy Rousso, University of Illinois, College of Law; Naomi Korn, University of Edinburgh.
4 June 2026

Law and Society Association Annual Conference 2026

read story
Crimean War: ambulancemen carrying the wounded in the Valley of the Shadow of Death. Coloured lithograph by J. Needham, 1855, after W. Simpson. Wellcome Collection.
2 June 2026

The Origins of Official War Artists

read story
28 May 2026

Cyber Essentials 2026

read story
26 May 2026

Welcome to Clare Chatfield

read story

Back to News

Discover more from Naomi Korn Associates

Subscribe now to keep reading and get access to the full archive.

Continue reading