Professional service scheme

Cyber Incidents

Created:  03 Sep 2015
Updated:  01 August 2016

There are two schemes; one aimed at sophisticated attacks against networks of national significance and the other aimed at all sectors of industry, the wider public sector and academia.

Cyber attacks can vary in terms of persistence, sophistication and impact. When attackers successfully breach the corporate networks of an organisation this may be because the basic defences are not being maintained adequately, or it could be due to the targeting and sophisticated techniques employed by determined, well resourced cyber attackers. An important part of business continuity and disaster recovery planning is to be prepared by identifying a supplier of Cyber Incident Response services in advance of any serious attack.


There are two routes to dealing with a cyber incident – Cyber Incident Response (CIR) or the Cyber Security Incident Response Scheme (CSIR). In broad terms, service providers in both schemes are likely to:

  • Determine the extent of the incident
  • Work to ensure the immediate impact is managed
  • Provide recommendations to remediate the compromise and increase security across the network
  • Produce an incident report to describe the scope of the problem, the technical impact, mitigation activities and an assessment of business impact
  • Give an Impact Assessment – where the incident affects partners or customers

The two schemes

Networks of national significance

The Government-run Cyber Incident Response (CIR) is certified by NCSC and CPNI (Centre for the Protection of National Infrastructure). NCSC/CPNI certified CIR providers deliver this focused scheme which deals with sophisticated, targeted attacks against networks of national significance. Information on how to become a provider can be found here.

Industry, academia and private or public sector

The Cyber Security Incident Response scheme (CSIR) is approved by CREST (Council of Registered Ethical Security Testers) – - and focuses on appropriate standards for incident response suited to industry, the wide public sector and academia. The scheme is administered by CREST and endorsed by NCSC and CPNI.

Was this information helpful?

We need your feedback to improve this content.

Yes No