Skip to content
  1. Home
  2. Support
  3. Digital, data protection and cyber security
Part of How to protect your business from cyber threats

Responding to a cyber attack on your business

Problems with access, unusual payment activity or systems not working as you expect can be signs of a cyber incident. Acting quickly can limit damage, reduce disruption and help your business recover.

Spot the signs of a cyber attack

A cyber incident is not always obvious or accompanied by a message from hackers.

Look out for:

  • devices running slowly or behaving strangely
  • being locked out of accounts or systems
  • unexpected password reset or authentication requests
  • unusual transactions or activity in your accounts
  • customers or suppliers reporting unusual messaging from your business

If something seems strange, follow National Cyber Security Centre (NCSC) guidance to identify what exactly is happening and gather vital information to help you respond.

Identify what’s happening on ncsc.gov.uk (opens in new tab)

ncsc.gov.uk

Take immediate action to limit damage

Act quickly and follow NCSC guidance to reduce financial loss and disruption.

If you use an external IT provider, contact them immediately.

NCSC publishes a list of assured cyber professionals you can hire to help if your business is affected by a cyber attack.

How to respond to a cyber attack on ncsc.gov.uk (opens in new tab)

ncsc.gov.uk

Recover hacked accounts on ncsc.gov.uk (opens in new tab)

ncsc.gov.uk

Find an assured cyber incident response professional on ncsc.gov.uk (opens in new tab)

ncsc.gov.uk

Notify people who may be affected

You need to notify people if their personal data has been accessed in a cyber incident and this could cause harm, for example by putting them at risk of fraud, identity theft or financial loss.

You must notify the Information Commissioner’s Office of any data breach that poses a risk to individuals within 72 hours of becoming aware of the breach.

Telling individuals about a data breach on ico.org.uk (opens in new tab)

ico.org.uk

Managing communications during a cyber incident on ncsc.gov.uk (opens in new tab)

ncsc.gov.uk

Report the incident

You may need to report a cyber incident to police, NCSC, the Financial Conduct Authority or the Information Commissioner’s Office.

GOV.UK’s Where to Report a Cyber Incident tool will tell you if you need to report an incident and who you need to tell.

Where to Report a Cyber Incident on signpost-cyber-incident.service.gov.uk (opens in new tab)

signpost-cyber-incident.service.gov.uk

Improve your security after an incident

Once your incident has been resolved, carry out a review to understand what happened, how it could have been avoided and what needs to change to prevent it happening again.

You should:

  • complete Cyber Essentials certification
  • keep up to date with NCSC guidance and information
  • consider taking out cyber insurance to protect your business from the costs of future attacks

Protect your business with Cyber Essentials on ncsc.gov.uk (opens in new tab)

ncsc.gov.uk

How to choose cyber insurance policies on ncsc.gov.uk (opens in new tab)

ncsc.gov.uk

Protect your business with Cyber Essentials

The 2025 cyber security survey found that 1 in 2 UK small businesses identify a cyber attack and 1 in 4 experience a cyber crime.

  • Get peace of mind that your organisation is protected against the most common online threats
  • Satisfy supplier requirements that businesses be cyber certified
  • Build customer trust and show you take cyber security seriously
Visit the NCSC website to get Cyber Essentials certified

Something went wrong. Please try again.

Was this page useful?

Thanks for letting us know

Can you tell us why this page was useful?

Do not share any personal or commercially sensitive information.

Cancel feedback form and refresh page

Thanks for letting us know

Can you tell us more about your feedback?

Do not share any personal or commercially sensitive information.

Cancel feedback form and refresh page

Thanks for your feedback