Coordinating, sustaining and supporting your cyber response team.
Crisis response is a team sport. It is people, not computer systems who will be responding to any incident. Those people will be skilled, passionate, motivated but they will also be scared, worried and under enormous stress. It’s important that you make well-being a priority, set boundaries to maintain a sustainable work pace and model this yourself.
Recovering from a cyber incident is not about heroic individuals; it’s about effective teamwork. This means:
- understanding that the response is a collective responsibility
- people need to be able to function under pressure and remain resilient.
You will be learning as you go – some elements of your response you will have prepared for but other elements you will not, so as a team you'll need to be able to continuously reflect on what worked well and what needs improvement.
Designing your response team
You will need a core multidisciplinary team involved in a response, bringing together the skills, behaviours and capacity you need to respond effectively. This team will look different for each local authority and will depend on who is available and who is best placed to respond at the time. We’ve suggested using Emily Webber’s team onion model to think about who is in your core team, who will need to collaborate with you, and who is supporting your response.
Your key strategic actions
(Note: these are a strategic guide, not an exhaustive list of every action you should take.)
To ensure that you have a healthy and sustainable team through your response and recovery you should:
- Prioritise well-being and capacity by having clear conversations about priorities, workloads, confidence, and mental health to ensure everyone can focus.
- Establish a sustainable work pace by finding clear agreements about working patterns. This includes time to rest and recuperate, avoiding the expectation of 24/7 relentless working. Leaders have a responsibility to actively support the team to do this well.
- Ensure a multidisciplinary team by including wider skills like communications, data management, facilitation, and stakeholder management in the core team from the outset.
- Separate technology and command leadership by ensuring the IT lead is not the Gold strategic or Silver tactical command lead. Instead, bring senior leaders from outside the technology team for these roles.
- Deliberately focus on creating a culture of support and empowerment to guide how the team speaks to each other, how decisions are made, and how they cope with setbacks.
Key contacts
- Your resilience, emergency planning and business continuity leads
- Your HR and people teams