In this episode of Small Business Cybersecurity Guy, hosts Mauven MacLeod, Noel Bradford and Graham Faulkner walk you through Module One of their six-part incident response plan series: building your response team. Through the real-world Katie Roberts case study (name changed), they show why independence matters when a breach hits — and how an unbiased incident manager can quickly uncover the truth, coordinate response, and save a business from far worse outcomes.

Topics covered include the four core incident roles (external incident manager, technical lead, business continuity coordinator, communications lead), how to find and contract an external IM (insurance, IT referrals, retainer vs pay-per-incident), what an IM can and cannot do, authority and spending limits, and realistic costs and timelines. The hosts explain a simple, achievable four-week setup plan that takes roughly four hours of actual work, and they share templates for team structure, external contacts, authority scripts, implementation timelines, and validation checklists.

Key points and takeaways: why impartial coordination matters, how to avoid common provider cover-up biases, the practical steps Katie used to stabilise her business, a real case study of an architecture firm saved from a Friday-afternoon ransomware attack, and concrete homework: find your IM, assign three internal roles, document everything on a single page, brief and validate your team. Listeners will leave with a clear, actionable plan, links to downloadable templates, and the promise that preparation reduces cost, stress, and downtime.