Government advise potential cyber attack plans to be put on paper

Tuesday 14 October 2025 - BSIA COMMS

In an era where digital transformation dominates every corner of business, the UK government has issued a surprising but critical piece of advice: keep your cyber security contingency plans on paper. This guidance, delivered by the National Cyber Security Centre (NCSC), is a direct response to a surge in high-profile cyberattacks affecting major UK organisations, including Marks & Spencer, The Co-op, and Jaguar Land Rover.

But what does this mean for the security industry—and how can organisations prepare? Let’s explore the rationale behind this advice and how the British Security Industry Association (BSIA) and its members are stepping up to help.

Government advice

The NCSC’s latest guidance urges businesses to:

  • Print and store contingency plans offline
  • Include analogue communication methods like printed contact trees and physical meeting points
  • Rehearse recovery scenarios without relying on IT systems
  • Adopt resilience engineering to absorb and adapt to disruption

This shift reflects a broader move from prevention to resilience and recovery. When systems are compromised, digital plans may be inaccessible—making paper-based protocols a vital fallback.

What paper based means

It’s not just about printing a few documents. A robust paper-based plan should include:

  • Emergency contact lists
  • Manual procedures for access control and incident reporting
  • Physical copies of escalation protocols
  • Printed maps or site layouts for emergency response

For the security industry, where digital tools are often embedded in daily operations, this analogue backup could be the difference between chaos and continuity.

Issues for the security industry

There is growing reliance on digital security products and services including:

  • Access control
  • Surveillance
  • Lone worker monitoring
  • Incident reporting

If these systems go down, paper-based protocols ensure continuity. Think: manual visitor logs, printed patrol schedules, and offline emergency contacts.

Moreover, clients increasingly expect providers to demonstrate cyber resilience. A documented, offline contingency plan can be a competitive differentiator and a compliance requirement under evolving standards like the Cyber Security and Resilience Bill.

What the BSIA is doing

The BSIA is not just echoing government concerns—it’s actively leading the charge in helping the industry adapt. Here’s how:

Cyber Security Product Assurance Group (CySPAG)

The BSIA’s Cyber Security Product Assurance Group (CySPAG) has developed a Code of Practice for manufacturers of safety and security systems. It recommends:

  • Implementing robust contingency plans
  • Regularly testing those plans
  • Preparing for cyberattack scenarios that could disrupt operations

This guidance is especially relevant for installers, service providers, and manufacturers.

Education and Awareness

The BSIA runs campaigns and publishes resources to raise awareness, including:

  • Cyber Secure It advice columns
  • The quarterly BSIA Connect magazine
  • Monthly themes like “AI in Security” and “Telecoms & Information Security”

These initiatives help members stay ahead of threats and regulatory changes.

Member-Led Collaboration

The BSIA members are actively shaping the response to cyber threats:

  • In the Lone Workers Section Meeting, members discussed telecom infrastructure risks and BSIA’s engagement with government to address them.
  • The BSIA Comms/Tech Collaboration focuses on cybersecurity regulation and member education on UK and EU developments.
  • Cyber Security special interest group shapes standards through feedback loops, surveys, and working groups.

Practical Tools and Support

BSIA offers:

  • Preferential rates on cyber insurance and compliance tools via its Affinity Benefits Programme
  • Training videos and strategic documents developed with government and law enforcement
  • Templates and checklists to help SMEs build contingency plans

If your organisation hasn’t yet printed its cyber contingency plan, now’s the time. And if you’re unsure where to start, BSIA and its members are here to help with guidance, tools, and a community of experts committed to keeping the industry secure.