top of page

Reporting a cyber attack - Do you know how?

We talk a lot about being vigilant to cyber attacks on your business, what to look out for and how to best protect yourself from being targeted. But would you know what to do if someone did manage to attack your organisation?

As we say, it's not a case of 'IF' but 'WHEN' regarding cyber attacks. As no one is 100% resilient to attacks. So when it happens, it's important you and your employees know exactly how to report it.

Did you know that most businesses take nearly 6 months to detect a data breach. Even the big organisations! For many, that's customers and stakeholder data now vulnerable to cyber criminals.

Whether you are a sole trader, small/medium business or even a large organisation, it's worth ensuring you and your team know what to do before your half a year down the line after an attack.

Picture this... You have just arrived at work, be it an office, your home desk or your retail store, to find your computer system hijacked and a message demanding cash payment for the safe return of your customers’ data. What would you do next?

Do you report it? Yes! You should always contact Action Fraud in the first instance, as they are the National Fraud and Cyber Reporting Centre. They have a 24/7 reporting service to help businesses deal with live cyber attacks, which are attacks that are still ongoing and affecting the company’s computer system, like the example.

In these instances, after contacting Action Fraud, there is a chance to work with law enforcement to stop the attack and secure evidence that might prove helpful in a following investigation.

If you are the victim of a live or a cyber attack that has already happened, here’s what to do and what happens next;

  • Call 0300 123 2040 immediately and press 9 on your keypad.

  • Your call will be dealt with as a priority and your live incident will be triaged over the phone.

  • You will be asked a series of questions to help identify what type of attack you are experiencing and be given advice/support whilst your report is passed immediately to the National Fraud Intelligence Bureau (NFIB).

  • The NFIB will review your report and conduct a range of enquiries, identify any connected reports or links to known criminals, assess opportunities for police action then send it to the relevant police agency. This can be your local police force Cyber Crime Unit or the National Cyber Crime Unit (NCCU), which is part of the National Crime Agency.

  • You will be kept informed of the status of your report.

  • If personal data has been stolen or accessed as part of the cyber-attack, you also need to report it under GDPR the to the Information Commissioner's Office (ICO). You can report a breach via their website: 'Report a Breach'

You’ll find more on incident reporting and how to respond to other forms of cybercrime on the NCSC’s Small Business Guide to Response and Recovery.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page