Mark Dennis, Evolve North’s Managing Director, shares his perspective on preparing for and surviving cyber incidents with a focus on the people behind the response.
Surviving the Incident
If you work in IT Security or Data Protection, the chances are you’ll face a significant cyber incident at some point in your career. At Evolve North, we’ve been involved in dozens of cases, and we’ve seen first-hand the impact not just on systems, but on people.
Often, that impact isn’t limited to the security team, it extends to colleagues who might have been the initial cause of the breach through phishing or social engineering. It’s important to remember that even the best-resourced departments are not immune. We’ve seen it happen time and again. And when it does, IT and Data Protection teams often find themselves under intense pressure from senior management.
So how do we prepare? And how do we respond in a way that protects both the business and the people involved?
Preparation
Every organisation needs to accept that, no matter the investment, there is always residual risk. Zero-day exploits, third-party failures, or simple human error mean incidents can and will happen. The key is to prepare in a way that shares responsibility across the whole organisation, not just the IT function.
- Run cyber incident exercises. Involve senior management so they understand not all problems can be fixed by IT alone. A whole-business response makes a stronger response.
- Encourage fast reporting. Time is your enemy during an incident. Staff must know it’s always better to report something quickly, even if it turns out to be a false alarm.
- Create an IT response plan. Split resources: one team keeps the business running, the other tackles the incident. Give the incident team breathing space.
- “Go big, go early.” Empower IT to isolate systems, withdraw services, and break links when needed. Acting fast can limit damage.
Response
An incident should never be treated as an “IT problem.” It’s a business issue that requires a structured, joined-up approach. A clear framework makes a huge difference for the team under pressure.
- Analyse: Understand what’s happened and how far it has spread.
- Contain: Stop it going further, update the response team with impact.
- Remediate: Remove the threat, communicate actions and timescales.
- Recover: Return to business as usual, manage legacy issues.
- Review: Learn lessons and improve for next time.
The Human Factor
Cyber incidents are as much about people as technology. Too often, that’s forgotten.
Staff at the Centre
If someone triggered the incident, through phishing, MFA hijack, or credential sharing – they need reassurance, not blame. Prompt reporting should be praised. Without support, individuals can take it personally, even to the point of resignation.
Data Protection Officers
They carry the weight of regulatory reporting decisions. The wider response team must share responsibility and support them in this role.
IT Staff
They shoulder the technical workload and constant questions. A structured response protects them from overload and helps them focus.
Leaders (IT Directors, CISOs, DPOs)
They face the most pressure. With strong preparation and communication, that load becomes manageable – and a well-handled response can even enhance internal reputation and professional standing.
Good communication, clear decisions, and shared responsibility not only help resolve the incident but can build trust and confidence across the business.
Incidents are difficult, but they’re also inevitable. As Mark puts it: prepare to fail. If preparation is strong, failure is managed – and the outcome is resilience, not collapse.
Handled well, a cyber incident can demonstrate professionalism, strengthen internal reputation, and even provide positive PR externally. The key is preparation, structure, and remembering that behind every incident are people who need support as much as systems need recovery.
We’re here to help and offer our advice, reach out on info@evolvenorth.com or call 01748 905 002
