ICO and NCSC outline six reasons to report a cyber attack

Agencies warn of the impact of unreported incidents, and dispel common myths that can discourage organisations from reporting attacks

In a joint blog post, the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO) have expressed concerns about cyber incidents, such as ransomware attacks, going unreported.

Every case unshared or not investigated makes other attacks more likely. It also denies organisations the opportunity to learn from such experiences and prevent future attacks.

In their post, the agencies have shared best practice advice to help you understand your responsibilities and the risk to your data and reputation.

They have also exposed some common misconceptions, including the mistaken beliefs that:

1. If you cover up the attack, everything will be ok.
2. Reporting to the authorities makes it more likely your incident will go public.
3. Paying a ransom makes the incident go away.
4. If you've got good offline backups, you won't need to pay a ransom.
5. If there is no evidence of data theft, you don't need to report to the ICO.
6. You'll only get a fine if your data is leaked.

There is a regulatory requirement to report certain cyber incidents to the ICO, but transparency is more than simply complying with the law. Those that are proactive with reporting can benefit from expert NCSC advice and following this can positively impact the ICO's response.

Businesses are urged to be open about their experiences, report incidents and seek support to help effectively deal with the fallout. This will, in turn, help them to mitigate the risk to their operations and reputation.

Read the joint NCSC and ICO blog post on the importance of transparency around cyber attacks.

First published 12 May 2023