Print this on a business card or a folded A4. Put it in your wallet, your car, your home. Give one to every director and to the head of operations. Update annually.
How to use this: The bracketed items like [Company Name] are placeholders — replace them with your own details. Edit the wording to suit your business. This is a starter, not legal advice.
Key numbers
| IT supplier (out-of-hours) | [number] |
| Cyber insurer claims | [number, policy] |
| Incident response provider | [number] |
| Bank fraud line | [number] |
| ICO breach line | 0303 123 1113 |
| Action Fraud | 0300 123 2040 |
| NCSC (serious incidents) | ncsc.gov.uk |
| Phishing reporting | report@phishing.gov.uk |
Directors and key people
- [Director #1, personal mobile]
- [Director #2, personal mobile]
- [Lawyer, number]
- [PR / comms, number]
First steps (when you can't see other plans)
- Don't power off compromised devices.
- Disconnect them from the network.
- Call IT supplier (out-of-hours). Then cyber insurer.
- Document what you see (photos OK, on a clean device).
- If personal data involved — start the 72-hour ICO clock.
Tips for adoption
- Laminate it.
- Update when phone numbers change — especially after a supplier swap.
- One copy at home, one in the car, one with a director who isn't the MD.