Home/Products/Incident Response Playbook
Security Last updated: 2026-04-03

When an Attack Hits,
You Need a Playbook

60% of Australian SMBs have no incident response plan. The average ransomware cost for an AU SMB is $46,000. The OAIC gives you 30 days to notify after a data breach. This playbook gives you the exact steps your team needs to take in the first 72 hours -- before panic sets in.

Essential for Every AU SMB
$97 AUD
$5,000--$20,000 consultant rate -- You save 99%
Get the Playbook Now →

30-Day Money-Back Guarantee

Instant download OAIC NDB aligned ASD Essential Eight aligned

The Cost of Having No Plan

A cyber incident is not an IT problem -- it is a business crisis. Without a plan, your team freezes. Evidence gets destroyed. Regulators don't get notified in time. Customers lose trust. Here is what the data says.

60% of AU SMBs Have No Plan

The majority of Australian small businesses are completely unprepared for a cyber incident. When it happens, decisions get made under extreme pressure with no framework to guide them.

$46K Average Ransomware Cost

The average cost of a ransomware attack on an Australian SMB is $46,000 -- and that's before you count reputational damage, lost customers, and regulatory penalties.

30 Days to Notify Under OAIC NDB

The OAIC Notifiable Data Breaches scheme requires you to notify affected individuals and the OAIC within 30 days of becoming aware of an eligible breach. Miss this window and you risk significant penalties.

IR Consultants Cost $5K--$20K Per Engagement

Hiring an incident response firm to walk you through a breach costs between $5,000 and $20,000 per engagement. You need that expertise documented and ready before an incident happens.

What You Get

Every component of this playbook is based on real incident response engagements with Australian SMBs. Nothing theoretical -- this is what actually gets used at 2am when systems go down.

Hour
0--4

Scenario Playbooks: Ransomware, Data Breach, BEC

Three fully written, step-by-step playbooks covering the most common incident types hitting AU SMBs right now.

  • Ransomware: containment, isolation, ransom decision framework
  • Data Breach: scope identification, evidence collection, notification triggers
  • Business Email Compromise: account lockdown, financial impact assessment
  • Each playbook covers the first 72 hours in hourly detail
  • Designed for use by non-technical staff under pressure
Decision
Trees

Decision Trees for Incident Triage

Visual decision frameworks so your team knows exactly which playbook to activate and when to escalate.

  • Is this an incident or a false alarm? Clear triage criteria
  • Which scenario matches what you are seeing?
  • When to involve law enforcement (AFP, state police)
  • When to engage external IR support
  • When to invoke business continuity procedures
Comms
Kit

Stakeholder Communication Templates

Pre-written templates for every communication you will need to send during an incident.

  • Internal staff notification (what to say, what not to say)
  • Customer breach notification letters
  • Board and leadership briefing template
  • Media holding statement (if required)
  • Third-party vendor notification templates
Legal
Guide

OAIC NDB Notification Guide + Evidence Checklist

Stay compliant and protect your legal position with the right documentation from minute one.

  • OAIC NDB eligibility assessment checklist
  • 30-day notification timeline tracker
  • OAIC notification statement template
  • Evidence preservation checklist (forensic best practice)
  • Chain of custody log for collected evidence
Staff
Cards

Staff Role Cards + Post-Incident Review Template

Get everyone doing the right thing and capture lessons learned to improve your posture after every incident.

  • Role cards for: Incident Commander, IT Lead, Legal/Privacy, Communications Lead
  • Print-ready single-page reference cards for each role
  • Post-incident review template (root cause analysis)
  • Lessons learned documentation framework
  • 30-60-90 day remediation planning template

What You Are Getting for $97

Compare the cost of this playbook against what an incident response engagement actually costs. Every component is based on real IR work.

Ransomware Response Playbook $1,200 value

The exact containment, isolation, and decision framework an IR consultant would walk you through during a ransomware event. Based on real AU SMB engagements.

Data Breach Playbook $1,200 value

Step-by-step breach response covering scope assessment, evidence collection, and OAIC NDB notification triggers. Aligned to the Privacy Act 1988.

BEC (Business Email Compromise) Playbook $800 value

Account lockdown procedures, financial impact containment, and fraud reporting steps for the fastest-growing threat hitting AU SMBs.

Decision Trees + Triage Framework $500 value

Visual decision frameworks built from IR engagement experience. Know what you are dealing with and what to do next without waiting for a consultant callback.

Communication Templates (5 templates) $600 value

Pre-approved holding statements and breach notifications save you from expensive legal review under pressure. Each template reviewed for AU regulatory context.

OAIC NDB Notification Guide $800 value

Missing the 30-day NDB window can cost far more than this playbook. This guide walks you through every step of the notification process.

Evidence Preservation Checklist $400 value

Forensic best practice for preserving evidence that may be needed for insurance claims, law enforcement, or legal proceedings.

Staff Role Cards BONUS $300 value

Print-ready cards for each incident role. When the incident commander is stressed, a clear one-pager makes the difference between coordinated response and chaos.

Post-Incident Review Template BONUS $400 value

Turn every incident into an improvement. Root cause analysis template with 30-60-90 day remediation planning built in.

Total Value: $6,200+
$97 AUD
vs. $5,000--$20,000 for a single IR engagement

Built on Real Incident Response Engagements

This playbook was not written by a content marketer. It was built from actual IR work with Australian SMBs -- the decisions made under pressure, the mistakes that cost time and money, and the processes that worked.

Aligned to ASD Essential Eight

Every containment and recovery step references the ASD Essential Eight controls so your response is consistent with the Australian Cyber Security Centre's recommended mitigation strategies.

Aligned to OAIC NDB Scheme

The notification guide and evidence checklist are written specifically for the Australian Privacy Act 1988 and the Notifiable Data Breaches scheme -- not US or UK frameworks retrofitted for AU.

Written for 5--200 Employee Businesses

No assumptions about dedicated security staff, SIEM platforms, or enterprise IR retainers. Every step is written for the reality of an AU SMB: small team, limited resources, high stakes.

Tested Against Real Scenarios

The ransomware, data breach, and BEC playbooks reflect the exact scenarios seen most frequently in Australian SMB incidents. Theoretical scenarios and edge cases have been deliberately excluded to keep this focused and usable.

By the Numbers

72
Hours covered step-by-step
3
Scenario playbooks (ransomware, breach, BEC)
$97
vs. $5K--$20K IR consultant fee

30-Day Money-Back Guarantee

If this playbook is not the clearest, most actionable incident response resource you have seen for an Australian SMB, email us within 30 days for a full refund. No questions, no hassle. We are confident this will be the most useful $97 you spend on security this year.

Frequently Asked Questions

What exactly is in this playbook?
The playbook covers the first 72 hours of a cyber incident in step-by-step detail. It includes three scenario-specific modules (ransomware, data breach, business email compromise), decision trees for triage, stakeholder communication templates, an evidence preservation checklist, the OAIC NDB notification guide, staff role cards, and a post-incident review template. Everything is written in plain language for non-technical business owners and IT managers.
Does this meet the OAIC Notifiable Data Breaches scheme requirements?
Yes. The playbook includes a dedicated OAIC NDB notification guide that walks you through eligibility assessment, the 30-day notification window, statement preparation, and OAIC reporting. It is aligned to the current Privacy Act 1988 requirements. Note: this is a practical guide, not legal advice. For complex breaches, engage a privacy lawyer alongside this playbook.
We already have some security tools. Is this still useful?
Absolutely. Having detection tools is very different from knowing what to do when they fire an alert. The playbook is the human process layer that sits on top of any tooling you have. It tells your people what decisions to make, in what order, who to call, what to preserve, and what to communicate -- within the first 72 hours when every minute counts.
How is this different from the Incident Response Plan Template you also sell?
The Incident Response Plan Template is a governance document -- it defines your organisation's IR programme, roles, scope, and policy. This Playbook is the operational field guide -- the step-by-step actions your team takes during an active incident. They complement each other. The plan says "we have an IR capability"; the playbook is what you actually open at 2am when something breaks.
Is this a one-time purchase?
Yes. One-time payment of $97 AUD. You get immediate download access to all materials. No subscription, no recurring fees, no locked tiers. Future updates to the playbook are included at no extra cost.

Be Ready Before the Incident Happens

Incidents do not give advance notice. Get the playbook now, brief your team, and know exactly what to do when the alert fires.

Essential for Every AU SMB
$97 AUD
$5,000--$20,000 consultant rate -- You save 99%
Get the Playbook Now →

30-Day Money-Back Guarantee

Secure checkout via Polar. Instant download. One-time payment.

Not Ready to Go It Alone?

If you would prefer an expert to walk through incident response planning with you, or if you need help assessing your current security posture, a consultation is the right starting point.

Book a Consultation at consult.lil.business