National Cyber Security Centre
NCSC Cyber Incident Response scheme now available to more organisations
Help investigating and recovering from cyber attack now available from a larger pool of assured providers.
Yesterday the NCSC announced a change to our assured Cyber Incident Response (CIR) scheme, with the introduction of a new level.
From now on, companies assured to offer CIR services will be designated Level 1 or Level 2, meaning that more companies will be able to provide high quality incident response services to a wider range and larger number of victim organisations across the UK.
The NCSC Cyber Incident Response scheme is well established and helps organisations experiencing a cyber attack quickly and easily identify trusted providers of commercial incident response services. These assured companies support organisations to investigate and recover from a cyber attack, and advise on how they can prevent future attacks.
Until now, the CIR scheme has focused on assuring companies that can provide incident response services to organisations running networks of national significance, such as central government, critical national infrastructure (CNI) organisations and regulated industries. These organisations are at particular risk of targeted and complex attacks by nation-state actors.
All Level 1 Assured Service Providers are capable of dealing with all types of cyber incident for all types of organisations. The NCSC strongly encourages organisations running networks of national significance to contact a Level 1 company if they experience a cyber attack. It is especially important that all organisations use a CIR Level 1 provider if they think they have been the victim of a highly sophisticated attack.
Level 2 companies are assessed as capable of supporting most organisations with common cyber attacks, such as ransomware. This includes private sector organisations outside of CNI sectors, charities, local authorities and smaller public sector organisations.
Speaking about the new scheme, Chris Ensor, Deputy Director of Cyber Growth at the NCSC, said:
“Falling victim to a cyber attack is really stressful. Finding someone with the skills and knowledge to help can also be hard, if, like many, you are not familiar with the cyber security world. For many years, we have Assured Cyber Incident Response services for organisations targeted by the most sophisticated threat actors.
I am really pleased that we can now assure a similar service for any organisations affected by criminal threat actors, a service that will be good enough for the majority of incidents that smaller organisations face. The NCSC badge will give confidence that the company they use has the right expertise to help them.”
Reporting a cyber attack or incident
If your organisation has been the victim of a cyber attack, the NCSC recommends that you start by visiting https://www.gov.uk/report-cyber to identify where you should report your incident.
How to find an NCSC Assured Cyber Incident Response provider
Become an Assured Service Provider
If you are an incident response company interested in joining the new Level 2 of the CIR scheme, visit the scheme’s "Information for service providers" page.
Working with industry to extend the reach of the NCSC
As the National Technical Authority for cyber security, the NCSC helps define best-practice standards. With Industry Assurance schemes like the Cyber Incident Response scheme, we assess industry services against the NCSC’s standards.
We currently have over 400 companies offering services on behalf of the NCSC.
Latest News from
National Cyber Security Centre
UK exposes attempted Russian cyber interference in politics and democratic processes08/12/2023 10:29:00
The UK condemns Russia’s sustained attempts at political interference in the UK and globally.
UK and allies expose Russian intelligence services for cyber campaign of attempted political interference07/12/2023 14:25:00
The UK and allies call out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes
NCSC launches Cyber Incident Exercising scheme06/12/2023 15:25:00
New CIE assured providers give organisations support to create structured table-top or live-play cyber incident exercises.
UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains23/11/2023 16:05:00
Joint advisory observes cyber actors leveraging zero-day vulnerabilities and exploits in third-party software.
NCSC warns of enduring and significant threat to UK's critical infrastructure16/11/2023 10:05:00
The NCSC's seventh Annual Review raises awareness of the increasingly unpredictable threat landscape.
UK and Singapore secure agreement against ransomware payments03/11/2023 10:22:00
Members of the CRI have signed a joint statement pledging that central government funds should not be used to pay ransoms to cyber criminals.
UK and allies support Ukraine calling out Russia's GRU for new malware campaign31/08/2023 16:15:00
Malware, dubbed Infamous Chisel, enables unauthorised access to compromised Android devices.
Categorising UK cyber incidents23/08/2023 16:20:00
Explaining the NCSC and UK law enforcement categorisation model for cyber incidents.