Skip to main content

Report a Cyber Incident

Cyber Incident Signposting Service (CISS)

You may be required to notify multiple organisations as different organisations have different remits. If you are unsure who to report to, please use this Cyber Incident Signposting Service (CISS) for guidance.

All submissions are useful and will aid the NCSC. Please complete the form if you are alerting the NCSC for information only or require technical assistance. A report should be made if the incident affects:

  • Data on employees, customers or clients of the organisation
  • The organisation's computer firmware, software or hardware
  • Personal data of the UK, Channel Islands or Isle of Man

Submitting a report using this service

Reporting a cyber incident consists of six sections and takes approximately 15 minutes.

  1. Report Details
  2. Organisation Details
  3. Incident Basics
  4. Incident Impact
  5. Attack Identifiers
  6. Attack Specific Questions

How we handle your information

  • Information provided to the NCSC is protected in the same way we protect our own confidential information: held securely, with strictly limited access
  • We may share details with our Law Enforcement partners, such as the National Crime Agency, to help identify investigation and mitigation opportunities
  • We may share reports made by UK Government organisations (see https://www.gov.uk/government/organisations) with the Government Cyber Coordination Centre (GC3) for the purposes of cross-governmental response and risk mitigation.
  • The information we hold is exempt from Freedom of Information requests
  • We won’t share details with regulators, such as the Information Commissioner's Office, without first seeking your consent. However, we may share aggregate statistics and anonymised details with them

You should be aware that:

  • Reporting using this service does not fulfil any legal or regulatory reporting requirements that you might be subject to
  • You should always consider whether you are under an obligation to make additional reports of the cyber incident elsewhere

Before you start

To report a cyber incident online, you will need to provide:

  • Contact information for you
  • Contact information for your organisation or the organisation you are reporting on behalf of
  • Any details of how the cyber incident started and how the organisation was affected

Cyber security incidents reported using this form are monitored 24/7 by a NCSC Defence Watch Officer, who will endeavour to reply at the earliest opportunity.

Please do not fill this form in on any network you believe has been compromised. Use a separate system to fill this in.


Help us to help others

Submitting reports that share information is vital to the NCSC understanding of the threat landscape and cyber intelligence growth. This subsequently improves our ability to help protect other UK organisations.