Critical Hour Framework

A rapid response framework tailored specifically for your organisation, allowing for a comprehensive, actionable response to Cyber Security incidents and breaches when your defensive countermeasures fail.

Prepare for

the Worst

When the fire alarm goes off, everyone knows their role. The Fire Alarm Process (FAP) is initiated. The fire marshals don their fluorescent vests and usher people to safety. Those hearing the fire alarm exit the building in a safe and prompt manner, the fire brigade is sent for, and all people meet at a designated area, where fire marshals ensure all people have left the building and are safe and accounted for. This works like clockwork most of the time, because it has people who are accountable, it has a process, everyone knows their role, and the process is tested to ensure in times of real danger, injury and business impact is minimalised or ideally circumvented.

But what happens when a Cyber Security incident, or worse case, a Cyber Security breach takes place? Who is doing what? Who is accountable for the technology, the people and the process? What is the process? Who is accountable for ensuring damage, injury and business impact are minimised, or ideally, circumvented? The Critical Hour Framework is the contemporary business equivalent to the Fire Alarm Process, only in truth, far more likely to be called upon in haste, yet most likely to be missing from the armoury of business process to ensure business operation is maintained.

Technical defences, even constructed across a range of technologies and vendors, are no longer a strong enough failsafe. The best defence against Cyber threats is therefore preparation for the reality that a Cyber Security attack will be successful.

Experienced Cyber defence teams know that the hour immediately after the detection of a successful Cyber attack is absolutely critical. Rapid containment gives organisations a huge advantage in limiting the impact and damage. A well-considered and rehearsed second line of defence, carried out swiftly by people accountable for executing against a robust framework of processes, will maximise response speed and effectiveness when technical defences are breached and is therefore business critical.

Littlefish employ an established Cyber response process known as the Critical Hour Framework. This acts as the operational plan for attack response, clearly establishing roles and responsibilities, actions, processes and a chain of command created to ensure the most comprehensive response possible is given. The Littlefish Critical Hour Framework is tailored to your organisation’s security technologies and controls, providing a crucial second line of defence. It enables your organisation to be completely prepared should your technical countermeasures be breached, so you can respond rapidly, in an effective and controlled manner – improving your containment timescale and reducing the impact and damage caused by a successful attack.

A Critical Hour Framework will provide your organisation with:

Second Line of Defence

Robust framework of well-defined and rehearsed processes to maximise response speed and effectiveness when technical defences are breached.

Tailor-made Framework

The framework is tailored to your organisation’s blend of security technologies and controls, allowing you to achieve optimal response from the tools and functionality that you have in place.

Reduce Imapct

A coherent and well-executed critical response plan will reduce the potential operational, financial and reputational impact of a successful Cyber-attack.

“The Critical Hour Framework acts as the operational plan for Cyber attack response, clearly establishing roles and responsibilities, actions, processes and a chain of command created to ensure the most comprehensive response possible is given.”

Katy Hinchcliffe – Littlefish Head of Cyber Security
Learn more about Katy >

Tangible Outcomes of Critical Hour Framework

The primary aim of the Critical Hour Framework is to provide a clearly defined, rapidly responsive and decisive action plan to be taken against an attacker to stop and prevent or minimise their activities and associated business impact. The actions are designed to be undertaken within the first hour of an attack being detected, or any qualifying alert being received. The Critical Hour Framework approach has proven to be successful in containing and minimising the impact of being targeted by skilled, persistent, motivated and well-resourced attackers from across the globe.

Key stakeholder accountability

Clearly defined playbook of roles and responsibilities

Defined ownership and actions – People, Process and Technology

Rapidly responsive decision matrix – A One Team approach

Cyber incident containment process definition

Reduction in Cyber Security incident business impact

Dramatically improved organisational preparedness

ITIL aligned Cyber Security incident management

When Technical Countermeasures Fail: The Crucial Second Line of Defence

The best defence against cyber threats is preparation for when an attack inevitably strikes.

Download the ‘When Technical Countermeasures Fail’ Whitepaper to learn more

Our Cyber Security Services

Cyber Assessment

Our comprehensive Cyber assessments are designed to identify areas of weakness within your organisation, from technology, process and control to policy, standards and people.

Learn more >

Cyber Security Operations Centre (CSOC)

Protect your organisation against the potential cost and reputational impact of future Cyber threats with advanced threat monitoring and remediation.

Learn more >

User Education & Awareness

Improve your organisation’s Cyber Security awareness and strengthen and educate your most important potential security control: your people.

Learn more >


Our CISO-as-a-Service delivers Chief Information Security Officer expertise and leadership, without the associated fixed overheads, recruitment costs and retainment challenges.

Learn more >

Critical Hour Framework

An actionable framework tailored to your organisation’s security controls that provides a rapid response to contain a threat when defensive countermeasures fail.

Learn more >

Vulnerability Management

Achieve a complete and continuous view of the ever-shifting cyber threat landscape affecting your estate, and clarify the data into actionable insight.

Learn more >

Learn more >

Learn more >

Learn more >

Learn more >

Learn more >

Learn more >

By partnering with Littlefish for Cyber Security, we will enable you to:

Identify & Understand Your Cyber Risks

to tailor a service to organise and prioritise your Cyber investment.

Deploy Market-Leading Tools and Expertise

for enterprise level protection, but at a fraction of the cost.

Enhance Operational BAU (yet Business Critical) Tasks

to avoid the obvious yet frequent Cyber errors.

Protect Your Assets and Data 24/7/365

to reduce incidents and minimise business disruption. 

Deliver Real-Time Threat Intelligence

to always be current and never behind.

Respond Rapidly to Cyber Attacks

providing your business with containment, remediation and recovery excellence.

Get In Touch

Whatever your query or requirements, we’d love to hear from you.

Send us a message
  • At Littlefish we take your privacy seriously and want to be transparent about how we will use your data. We will process your personal information to provide you with services and information you request from us and to deal with your enquiry.

    By completing this form and providing us with your information, we believe you’re expressing an interest in our services: therefore we’d like to contact you in the future with other information, and about other services we offer, that we believe will be relevant and of interest to you and your organisation in a legitimate capacity.

    Read our full Data Protection & Privacy Statement here.

  • This field is for validation purposes and should be left unchanged.