Cyber attack reporting guidance

Live Cyber attack

  1. If the cyber attack is live and happening now call Action Fraud on 0300 123 2040. If it’s potentially life-threatening (e.g. related to health systems) call 999; see also point 5 below.
  2. If you’re an ISnortheast member and it’s likely to impact other North East Public Sector organisations notify them by email: negwarp@neict.jiglu.org.
  3. If you have access, check the CiSP to see if others have reported the same issues and to see if any mitigation or other advice has been posted. You can sign up to the CiSP here.
  4. Alert any networks you’re connected to, e.g. JANET, PSN, PNN, and also your colleagues and contacts in organisations you work with.
  5. Critical incidents should be reported to the National Cyber Security Centre Incident Management Team (webreportedincidents@ncsc.gov.uk / 0300 0200 973).  In order for the NCSC IM team to understand the potential scale, severity and impact of the incident please provide answers to the following points:
    • Who are you?
    • What organisation are you reporting an incident for?
    • What is your role in this organisation?
    • What are your contact details?
    • A summary of your understanding of the incident, including any impact to services and/or users
    • What investigations and/or mitigations have you or a third party performed or plan to perform.
    • Please provide the output of any technical analysis.
    • Who else has been informed about this incident?
    • What are your planned next steps?

Historic or attempted cyber attack, phishing attempt or invoice fraud

  1. Contact Action Fraud (actionfraud.police.uk/report_fraud).  In order to guarantee a response/detailed assessment of your crime, need to give as much detail/information as possible to Action Fraud (see checklist above).
  2. If you’re an ISnortheast member and it’s likely to impact other North East Public Sector organisations notify them by email: negwarp@neict.jiglu.org.

Action Fraud response times are generally 28 days