View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 16, 2023

NCSC extends Cyber Incident Response scheme to more UK businesses

The 'trusted trader' scheme offers a list of approved security vendors to help businesses deal with the aftermath of cyberattacks.

By Claudia Glover

The UK’s National Cyber Security Centre (NCSC) is making its Cyber Incident Response (CIR) scheme, which provides a group of trusted security vendors to help victims deal with the aftermath of cyberattacks, open to more organisations across the country.

NCSC provides new level to protection scheme (Photo by T. Schneider/Shutterstock)

The CIR has previously offered help to providers of UK critical national infrastructure and essential resources, such as managed service providers and telecommunications companies. It is now being extended, with a new list of “level two” vendors that will cover charities, local authorities and smaller public sector organisations, as well as more private sector businesses.

NCSC Cyber Incident Response programme expanded

The CIR was launched in April to provide support for organisations typically at risk of “sophisticated and bespoke cyberattacks,” the NCSC said.

As of today, it has been extended to cover other types of organisation. It puts companies in the UK at risk from cyberattacks in touch with trusted providers of commercial incident response services. “These assured companies support organisations to investigate and recover from a cyberattack and advise on how they can prevent future attacks,” an NCSC spokesperson said. 

Chris Ensor, deputy director of cyber growth at the NCSC said that falling victim to a cyberattack can be “really stressful” for businesses. “Finding someone with the skills and knowledge to help can also be hard, if, like many, you are not familiar with the cybersecurity world,” he said.

The CIR vetting process should assure that the companies supported under the scheme can provide reliable help to most organisations in the event of a cyberattack. “The NCSC badge will give confidence that the company they use has the right expertise to help them,” Ensor said.

CIR levels one and two explained

Approved vendors that are part of CIR are given level one or level two status. The level one-assured service providers are capable of dealing with all types of cyber incident for all types of organisations. The NCSC encourages critical infrastructure providers to contact a level one company if they experience a cyberattack.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Level two security companies have been assessed as capable of supporting organisations with common types of cyberattacks, such as ransomware, phishing attacks or business email compromise scams.

The NCSC says the scheme also provides an incentive for cybersecurity companies to improve, as once they have achieved level two status, they can progress towards becoming a level one supplier.

Security vendor Bridewell is one of the first companies to be given the new level two status. “It continues to demonstrate our strength and capability within incident response and supports our journey to becoming level one. We look forward to supporting more organisations as we help them recover from incidents and provide guidance so they can defend against future threats,” said Martin Riley, director of managed security services at Bridewell.

Companies that would like to become assured service providers can find the technical standards for both levels here.

Read More: NCSC publishes ‘vague’ security principles for machine learning models

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.