National Cyber Security Centre
Printable version

NCSC Cyber Incident Response scheme now available to more organisations

Help investigating and recovering from cyber attack now available from a larger pool of assured providers.

Yesterday the NCSC announced a change to our assured Cyber Incident Response (CIR) scheme, with the introduction of a new level.

From now on, companies assured to offer CIR services will be designated Level 1 or Level 2, meaning that more companies will be able to provide high quality incident response services to a wider range and larger number of victim organisations across the UK.

The NCSC Cyber Incident Response scheme is well established and helps organisations experiencing a cyber attack quickly and easily identify trusted providers of commercial incident response services. These assured companies support organisations to investigate and recover from a cyber attack, and advise on how they can prevent future attacks.

Until now, the CIR scheme has focused on assuring companies that can provide incident response services to organisations running networks of national significance, such as central government, critical national infrastructure (CNI) organisations and regulated industries. These organisations are at particular risk of targeted and complex attacks by nation-state actors.

All Level 1 Assured Service Providers are capable of dealing with all types of cyber incident for all types of organisations. The NCSC strongly encourages organisations running networks of national significance to contact a Level 1 company if they experience a cyber attack. It is especially important that all organisations use a CIR Level 1 provider if they think they have been the victim of a highly sophisticated attack.

Level 2 companies are assessed as capable of supporting most organisations with common cyber attacks, such as ransomware. This includes private sector organisations outside of CNI sectors, charities, local authorities and smaller public sector organisations.

Speaking about the new scheme, Chris Ensor, Deputy Director of Cyber Growth at the NCSC, said:

“Falling victim to a cyber attack is really stressful. Finding someone with the skills and knowledge to help can also be hard, if, like many, you are not familiar with the cyber security world. For many years, we have Assured Cyber Incident Response services for organisations targeted by the most sophisticated threat actors.

I am really pleased that we can now assure a similar service for any organisations affected by criminal threat actors, a service that will be good enough for the majority of incidents that smaller organisations face. The NCSC badge will give confidence that the company they use has the right expertise to help them.”

Reporting a cyber attack or incident

If your organisation has been the victim of a cyber attack, the NCSC recommends that you start by visiting to identify where you should report your incident.

How to find an NCSC Assured Cyber Incident Response provider

You can find a list of NCSC Assured Cyber Incident Response providers via the CIR scheme "Find a provider" page or the main "Verify suppliers" search on the NCSC web site.

Become an Assured Service Provider

If you are an incident response company interested in joining the new Level 2 of the CIR scheme, visit the scheme’s "Information for service providers" page.

Working with industry to extend the reach of the NCSC

As the National Technical Authority for cyber security, the NCSC helps define best-practice standards. With Industry Assurance schemes like the Cyber Incident Response scheme, we assess industry services against the NCSC’s standards.

We currently have over 400 companies offering services on behalf of the NCSC.

Channel website:

Original article link:

Share this article

Latest News from
National Cyber Security Centre