When and how to report a cyber incident

You should consider reporting a cyber security incident, and in some instances you will be required to report a data breach (i.e. if information is stolen or accessed without authorisation).  

 

Not sure

If you’re unsure who you need to report an incident to, you can use the National Cyber Security Centre tool to help you decide where to report a cyber incident.  

 

Email

If you receive an email you’re not sure about you can forward it to the suspicious email reporting service: [email protected] 

 

Text

Suspicious text messages can be forwarded to 7726. This free of charge short code enables your mobile provider to investigate the origin of the text and take action if found to be malicious. 

 

NHS systems

You can report a cyber security incident to the NHS Digital Data Security Centre and you should do so if the incident affects NHS systems. To report an urgent cyber security issue call 0300 303 5222 or for general queries email [email protected]. 

 

Significant incident

If you have experienced a significant cyber incident you can report it to the National Cyber Security Centre’s incident management team who may be able to provide advice and support. They triage incidents and provide direct support to the victim organisation for priority incidents and can facilitate your access to cyber security expertise. Report a cyber incident here.  

 

Criminal cyber-attack

Remember that a cyber-attack is a crime. If you experience a cyber attack, you can report it to Action Fraud or 0300 123 2040 (Mon – Fri: 8am – 8pm). The more individuals report, the more likely it is that perpetrators will be arrested, charged and convicted. If a digital device has been stolen, you should contact the police to obtain a crime reference number.  

 

Data breach

If the cyber incident has led to a data breach, you will need to report it to the Information Commissioner’s Office (ICO) if the breach is likely to result in a risk to the rights and freedoms of individuals. Where feasible, you should report the data breach to the ICO within 72 hours of becoming aware of the breach. You can report the data breach using the ICO website or 0303 123 1113 (Mon – Fri: 9am-5pm). See our detailed guidance on data breaches. 

 

Reporting

You can also report cyber security incidents to the Information Commissioner’s Office, the Department of Health and Social Care and NHS Digital via the Data Security and Protection Toolkit.  

To access this function, log in and find the Report an incident menu link (available to toolkit administrators only). Answer questions about the breach, including what happened, when it happened, and how severe the impact was. 

 

Legal advice

You might want to consider seeking legal advice if the incident has had a significant impact on your business and/or customers. If you have a cyber insurance policy, they will be able to provide you with more help. 

 

Staff and people you support

It’s important to keep your staff and people you support informed of anything that might affect them (for example, if their personal data has been compromised by a data breach). 

 

Partners and suppliers

Identify partners/suppliers and notify them if shared IT systems may be affected. If relevant, prepare communications for external parties or the media.