Most businesses think having a cybersecurity plan means having a document. But when a real crisis hits, that piece of paper often doesn’t help much. Generic templates or AI-generated plans usually fall short when things get messy. The real trick is to have a plan that’s practical and tested.

Typical plans fail because they are too generic and untested. A roundtable exercise exposes gaps, clarifies roles, and gives your team muscle memory for when pressure is high.

Supplier breaches are common and complex. Planning your legal, technical, and communications steps in advance reduces risk, preserves trust, and speeds recovery.

• Practical planning: do not just write the plan, practise it through a roundtable.
• Supplier breaches: prepare a safe process to manage third-party incidents.
• Clear communications: pre-draft staff, customer, and public updates.
• Simple first steps: power down affected devices to contain spread.
• Preparedness pays: saves time, protects reputation, and reduces legal risk.

Run a one-hour roundtable to walk through a likely incident, then print a clean copy of the plan including your cyber insurance contact and policy number, plus the response team’s mobile numbers.