Support 110 years of independent journalism.

  1. Spotlight on Policy
  2. Tech and Regulation
  3. Cybersecurity
11 April 2018updated 24 Jun 2021 12:23pm

NCSC and UK law enforcement launch new cyber attack guidelines

UK cyber breaches are being sorted into six detailed types of incident.

By Rohan Banerjee

The National Cyber Security Centre (NCSC) and UK law enforcement have drawn up a new categorisation brief for cyber attacks that will help them to coordinate and streamline their responses depending on the nature of the incident.

The previous NCSC guidelines around cyber breaches – split into just three types of incident – have now been broadened to cover six detailed classifications instead.

A Category One attack on the new brief, for example, constitutes a “national cyber emergency”. This would necessitate strategic leadership from the Cabinet Office, tactical cross-government coordination by NCSC, working closely with the police.

A Category Three attack, meanwhile, is now considered a “significant incident” and relates to a large organisation or local government, or the delivery of essential UK services. The response to this sort of attack would be typically led by the NCSC itself.  

A more moderate Category Six breach or “localised incident”, however, relates to a cyber attack on an individual or preliminary indications of an attack against a small or medium-sized business. Category Six breaches may be handled by an online Automated Protect advice or a localised response by the police.

Select and enter your email address Your weekly guide to the best writing on ideas, politics, books and culture every Saturday. The best way to sign up for The Saturday Read is via The New Statesman's quick and essential guide to the news and politics of the day. The best way to sign up for Morning Call is via
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.

According to the NCSC, the move to the new framework, which is effective immediately, will improve consistency and speed in incident responses, making better use of resources and ultimately leading to more victims of cyber crime receiving support.

The NCSC, a dedicated arm of GCHQ, has dealt with more than 800 significant cyber attacks since October 2016, and the organisation’s director of operations Paul Chichester is confident that the more in-depth framework will only improve already elite security protocol.

Chichester said: “This new joint approach, developed in partnership with UK law enforcement, will strengthen the UK’s ability to respond to the significant, growing and diverse cyber threats we face.”

National Police Chiefs’ Council Lead for Cyber Crime, Chief Constable Peter Goodman, added: “Sharing a common lexicon enables a collaborative understanding of risk and severity that will ensure that we provide an effective, joined-up response. This is good news for the safety of our communities, business and individuals.”

The NCSC’s new framework covers cyber incidents in all aspects of the economy, including central and local government, industry, charities, universities, schools, small businesses and individuals.

Any cyber attack which may have a national-level impact, for instance, should be reported to the NCSC immediately. This includes cyber attacks which are likely to harm UK national security, the economy, public confidence, or public health and safety, such as the WannaCry ransomware attack on the NHS.

Depending on the incident, the NCSC may be able to provide direct technical support. The NCSC also provides comprehensive guidance and advice on its website for companies or individuals in need.

People or businesses suffering from a cyber attack below the national impact threshold should contact Action Fraud, UK’s national fraud and cyber crime reporting centre, who will respond in accordance with the new incident categorisation.

Content from our partners
What you need to know about private markets
Work isn't working: how to boost the nation's health and happiness
The dementia crisis: a call for action