NCSC expands incident response scheme to support smaller at-risk organizations

NCSC logo superimposed with a translucent background in front of an office building
(Image credit: Getty Images)

The UK’s National Cyber Security Centre (NCSC) has announced an expansion to its Cyber Incident Response (CIR) scheme in a move that has been welcomed by industry figures. 

In a statement on Wednesday, the authority revealed that it plans to introduce a new level of coverage through the scheme, meaning that more companies will be able to provide incident response services to a “wider range and larger number” of organizations across the country. 

The move is aimed specifically at providing support for charities, local authorities, smaller public sector organizations, and firms operating outside of critical national infrastructure, the NCSC said. 

In its prior setup, the CIR scheme focused on providing incident response services to organizations “running networks of national significance”. This applied to central government departments, critical national infrastructure organizations, and regulated industries. 

While this aimed to offer protection to organizations at high risk of targeted attacks by cyber criminals and nation-state-backed groups, many industry stakeholders were excluded from coverage due to their size. 

Chris Ensor, deputy director of cyber growth at the NCSC, said the expansion of the CIR will give confidence to a wider range of organizations at risk of cyber attacks. 

“Falling victim to a cyber attack is really stressful. Finding someone with the skills and knowledge to help can also be hard, if, like many, you are not familiar with the cyber security world,” he said. “For many years, we have Assured Cyber Incident Response services for organizations targeted by the most sophisticated threat actors.

“I am really pleased that we can now assure a similar service for any organizations affected by criminal threat actors, a service that will be good enough for the majority of incidents that smaller organizations face. The NCSC badge will give confidence that the company they use has the right expertise to help them.”


Dark whitepaper cover with faint data connection lines rising from the bottom

(Image credit: Mimecast)

Learn how to use threat intelligence to fight ransomware attacks and how data is used to give you an advantage.


Joseph Carson, chief security scientist and advisory CISO at Delinea, welcomed the move, noting that the expansion of the scheme is a well-needed “refresh”. 

“The new update is an important and needed refresh that will provide all organizations with a service that will be relevant for most cyber security incidents, rather than a focus on purely organizations running networks of significance, such as central government, critical national infrastructure, and regulated industries,” he said. 

Growing cyber security threats

The move by the NCSC comes against a backdrop of heightened cyber security threats facing businesses across the UK. 

Third-sector organizations in particular have become lucrative targets for threat actors in recent years, representing easier prey than their private-sector counterparts, according to the NCSC’s own analysis. 

Statistics from the UK government’s data breach report, published in late 2022, found that 30% of UK charities were hit with a cyber attack across the year. 

87% of those reported experiencing phishing attempts, while nearly one-quarter (23%) were subjected to ransomware attacks. 

Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at, or on Twitter and LinkedIn.