Cyber-attack: Why every business needs a recovery plan


An attack on construction firm GRS Roadstone has highlighted just how far-reaching the effect can be. The firm was the target of a “sophisticated cyber-incident” back in March 2022, in which data relating to current and former employees was copied from systems and leaked online.

GRS Roadstone immediately took action, which involved working with cybersecurity experts, reporting the incident to the Information Commissioner’s Office, notifying those affected and providing support. However, the firm revealed that analysing the affected data was a complicated process that took months and multiple specialists.

“The complex process of identifying what information was copied from our systems and published online has taken several months,” said a statement. “We drafted in a large team of specialists to complete the work of analysing the affected data so we could accurately, and as quickly as reasonably possible, assess the potential risk to individuals.”

It certainly sounds as though GRS Roadstone has had a very robust response in the wake of the incident. And the case is a timely reminder that every business is at risk of cyber-criminals. As the threat of cyber-crime continues to surge, it’s more vital than ever to have an incident response plan in place, so your business can spring into action in the event of an attack. Research suggests only 19% of businesses have a formal strategy, yet creating a plan is easier than you might think.

“Having a recovery plan in place could make the difference between a business surviving a cyber-attack or not,” explains IT expert Andrew James. “You need to know your strategy. It’s a bit like doing your fire drill – who are your fire marshals, what role does everyone play, and how does everyone exit the building? If you have a plan mapped out, people know what to do when a fire does break out.”

Andrew, who is head of business development at IT support firm Mintivo,  says drafting a recovery plan includes working out your step-by-step process. He adds, “In a data breach, this might include isolating information and the encrypted systems, then working out how hackers got in. Then you might go to your backups, restore the information, patch and secure the areas.

“Your aim is to be able to restore your information and operate as a business as quickly as possible. Of course, you’ll need to do forensics on affected systems, and report information to the appropriate authorities too. It’s a case of having your response worked out step-by-step, so you’re not caught out.”

For GRS Roadstone, the response to the attack included taking measures to protect the business against the threat of future incidents too.

“As soon as we became aware of the issue, we made the decision to shut down our systems and rebuild them in a safe and secure way,” said the statement. “We have further strengthened our cyber defences by enhancing existing systems and deploying more advanced threat protection measures.

“These include completing the roll-out of specialist threat detection and remediation tools. In addition, we have implemented a programme of IT Security Awareness Training to all IT users within the business. We will continue to take further steps to enhance our security to reduce the likelihood of something like this happening again.”

Would you like advice on how to draft your incident response plan? We’re here to help – book your free 30-minute consultation with the Business Cyber team here.


At the end of November, the UK government introduced their new, updated Product Security and Telecommunications Infrastructure Bill (PTSI).
Cyber Essentials is a government-backed, industry-supported scheme to help organisations protect themselves against common online threats!
A guide to start by taking cybersecurity seriously.
Paddy Bradley MBE talks about his responsibility in ensuring that the Business Cyber Centre (BCC) is a success.