Cybercraft
← Back to In a Box services In a Box Β· One-Time

Ransomware hits on a Friday afternoon. You have 72 hours to report. What do you do?

The Cyber Security Act 2024 requires mandatory reporting of ransomware payments to the ASD within 72 hours. Most SMEs have no plan. This service builds yours β€” and tests it β€” before something goes wrong.

What's in the box

A complete incident response capability: the plans, procedures, roles, and communication templates your organisation needs to respond to a cyber incident without improvising under pressure.

Most SMEs either have no incident response plan, or have one that was written generically and never tested. This package produces plans that reflect your actual environment β€” your team structure, your MSP's role, and your regulatory reporting obligations under the Cyber Security Act 2024 β€” then tests them with a tabletop exercise so everyone knows what to do before something goes wrong.

The plans cover the full lifecycle: detection, containment, eradication, recovery, and post-incident review. They include decision trees for the 72-hour reporting clock, escalation paths, and communication templates for staff, clients, regulators, and media.

Deliverables

  • Incident response plan tailored to your organisation and MSP arrangement
  • 72-hour ransomware reporting decision tree (Cyber Security Act 2024)
  • Incident classification and escalation matrix
  • Communication templates (internal, client, regulator, media)
  • Roles and responsibilities document with contact details
  • Facilitated tabletop exercise scenario
  • Post-exercise report with findings and recommendations

Business benefits

  • Faster, more coordinated response β€” minutes matter when you're on the clock
  • Compliance with Cyber Security Act 2024 mandatory reporting obligations
  • Clear escalation paths β€” no confusion or delay during a crisis
  • Compliance evidence for insurers, ISO 27001, and client due diligence
  • Tested plans that your team has actually rehearsed, not just read

Engagement process

DiscoveryWe map your environment, team structure, MSP responsibilities, and regulatory obligations β€” including your specific reporting requirements under the Cyber Security Act 2024.
Plan developmentIncident response plan, reporting decision tree, classification matrix, escalation paths, and communication templates β€” written for your specific context.
Review and refinementCollaborative review with your leadership and MSP to ensure plans are practical and responsibilities are agreed before the exercise.
Tabletop exerciseFacilitated scenario-based exercise with your key stakeholders β€” including a ransomware scenario with the 72-hour reporting clock running.
Final deliveryUpdated plans incorporating lessons from the tabletop, plus a post-exercise report with improvement recommendations.
Build your IR plan

If ransomware hit tomorrow, does your team know what to do in the first hour?

Most don't. A tabletop exercise finds the gaps before an attacker does.

Build your IR plan

Kaurna Acknowledgement

We acknowledge and pay our respects to the Kaurna people, the traditional custodians of the ancestral lands on which we work. We acknowledge the deep feelings of attachment and relationship of the Kaurna people to country and we respect and value their past, present and ongoing connection to the land and cultural beliefs.

Kaurna Acknowledgement

We acknowledge and pay our respects to the Kaurna people, the traditional custodians of the ancestral lands on which we work. We acknowledge the deep feelings of attachment and relationship of the Kaurna people to country and we respect and value their past, present and ongoing connection to the land and cultural beliefs.