Report a Cyber Attack

Live Cyber attack

  1. If the cyber attack is potentially life-threatening (e.g. related to health systems) call 999;
  2. If you are experiencing a live incident, call Action Fraud immediately on 0300 123 2040 and press 9 on your keypad.  This will allow your call to be dealt with a s a priority and your live incident will be triaged over the phone.  Next your incident will be passed to the National Fraud Intelligence Bureau (NFIB) who will review your report and conduct a range of enquiries, it may be passed to the relevant police agency.  You will be kept informed of the status of your report.
  3. If your organisation has been the victim of a significant cyber attack, the NCSC recommends you start by reporting the incident to them.
  4. To help  Action Fraud / NCSC understand the potential scale, severity and impact of the incident please provide answers to the following points:
    1. Who are you?
    2. What organisation are you reporting an incident for?
    3. What is your role in this organisation?
    4. What are your contact details?
    5. A summary of your understanding of the incident, including any impact to services and/or users
    6. What investigations and/or mitigations have you or a third party performed or plan to perform.
    7. Please provide the output of any technical analysis.
    8. Who else has been informed about this incident?
    9. What are your planned next steps?
  5. Notify other North East Public Sector organisations (ISNorthEast members) by email:
  6. If you have access, check the CiSP to see if others have reported the same issues and to see if any mitigation or other advice has been posted. You can sign up to the CiSP here.
  7. Alert any networks you’re connected to, e.g. JANET, PSN, PNN, HSCN / N3 (CareCERT etc.) and also your colleagues and contacts in organisations you work with.

Historic or attempted cyber attack, phishing attempt or invoice fraud

  1. Contact Action Fraud (  In order to guarantee a response / detailed assessment of your crime, need to give as much detail / information as possible to Action Fraud (see checklist above).  Action Fraud provides information on what to expect once you’ve reported an incident.
  2. If you’re an ISnortheast member and it’s likely to have impacted other North East Public Sector organisations then notify them by email:


The National Cyber Security Centre (NCSC) has created the Small Business Guide to Response and Recovery. It provides small to medium sized organisations with guidance about how to prepare their response, and plan their recovery to a cyber incident.