top of page

Do you know how to report a cyber attack on your business?

You arrive at your business premise as normal, it could be an office, it could be a high street business like a hairdresser, or it could be a services company like a plumber. Everything seems fine and then you turn on your computer and try to access your customers personal data and it’s all gone.

Instead, you are confronted with a message from an unknown source demanding payment for the safe return of your customers personal information. If this happened to you would you know how or where to report it or what to do next?

Your initial reaction might be to call the police, but they will simply refer you to Action Fraud, who are the National Fraud and Cyber Reporting Centre. They provide a 24/7 reporting service for businesses suffering a live cyber-attack. Action Fraud explain what a live cyber-attack is and what to do next:

What is a live cyber attack?

A live attack is one that is ongoing, that is still affecting your system and your ability to work and there is an opportunity for law enforcement to stop the attack and/or secure evidence that will assist an investigation.

For example:

  • Cyber criminals have accessed your network and stolen personal information about your customers and are demanding payment for its safe return. This is also known as hacking extortion.


  • Your website is being flooded with traffic – customers are not able to access it as a result. This is called a distributed denial of service (DDOS) attack.

What you need to do next:

  • Call 0300 123 2040 immediately and press 9 on your keypad.

  • Your call will be dealt with as a priority and your live incident will be triaged over the phone.

  • You will be asked a series of questions to help identify what type of attack you are experiencing and be given advice/support whilst your report is passed immediately to the National Fraud Intelligence Bureau (NFIB).

  • The NFIB will review your report and conduct a range of enquiries, identify any connected reports or links to known criminals, assess opportunities for police action then send it to the relevant police agency. This can be your local police force Cyber Crime Unit or the National Cyber Crime Unit (NCCU), which is part of the National Crime Agency.

  • You will be kept informed of the status of your report.

  • If personal data has been stolen or accessed as part of the cyber-attack, you also need to report it under GDPR the to the Information Commissioner's Office (ICO). You can report a breach via their website: 'Report a Breach'

The above steps on how to report a live incident can be found in the National Cyber Security Centre (NCSC) Small Business Guide to Response and Recovery, which also provides small to medium sized organisations with guidance about how to prepare their response, and plan their recovery to a cyber incident.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page