The expertise of GovCertUK and CERT-UK in a single team, helping to reduce the harmful impact of cyber security incidents in the UK.
Incident management team
We identify and respond to cyber security incidents, assist with their mitigation, and build our understanding of cyber security threats. In the event of significant cyber security incidents, we provide direct technical support and cross-government co-ordination of response activities.
What is a cyber security incident?
The NCSC defines a cyber security incident as:
- A breach of a system’s security policy in order to affect its integrity or availability
- The unauthorised access or attempted access to a system
Activities commonly recognised as security policy breaches
attempts to gain unauthorised access to a system and/or to data
the unauthorised use of systems and/or data
modification of a system's firmware, software or hardware without the system-owner's consent
malicious disruption and/or denial of service
The NCSC defines a significant cyber security incident as one which may have:
- impact on UK’s national security or economic wellbeing
- the potential to cause major impact to the continued operation of an organisation
Incident advice and guidance
Cyber security incidents can take many forms: denial of service, malware, ransomware and phishing attacks. Our guidance will help you to plan for and deal with these, and many other types of incident.
Is it an incident?
If you are experiencing unexpected or unusual computer network issues, we recommend that you contact your system administrator or service provider to identify the root cause of the issue.
If a cyber security incident is confirmed, please consult our guidance for detailed advice.
There are a number of crimes which we do not define as cyber security incidents. Cyber bullying, threats via email, text or instant message are all examples.
If you are in the UK, you should report these to the police. You can contact them by telephone on 101, or see the police.uk website for further information.
Action Fraud is the UK's national fraud and cyber crime reporting centre.
If you believe you have been the victim of online fraud, scams or extortion, you should report this through the Action Fraud website.
Managed by the NCSC, CiSP provides a forum for cyber security discussion from beginner through to expert level. It's also a platform where organisations can share intelligence gathered from their own computer networks.
Contacting the NCSC Incident Management team
If you feel you are the victim of a significant cyber security incident you can report this to the NCSC .
CiSP members may wish to consider submitting an incident report on the CiSP platform as a means of sharing timely threat information with other members.
In the event of a cyber security incident, it is important for organisations to check their reporting obligations under data protection legislation and related guidance. Under certain circumstances it will be necessary to notify the Information Commissioner’s Office.
Threat intelligence sharing
The NCSC utilises STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Indicator Information) in order to store and share structured threat intelligence in real time. At present our feed is only available to members of the CiSP by invitation.
If you require third-party assistance in dealing with a cyber security incident, we recommend one of the NCSC-certified CIR companies.
Guidance on how organisations can protect themselves in cyberspace, including the 10 steps to cyber security.
CiSP is a joint industry/government information sharing initiative aimed at increasing awareness of cyber threats and reducing their impact on UK business.