Security Incident Reporting Guide: Official Channels
When a security incident occurs, knowing exactly who to contact can make all the difference. DarkSub quick contact guide for the United States, United Kingdom, Australia and New Zealand.
When to Report an Incident
If your company experiences any of the following security events, immediate reporting is recommended:
- Unauthorized access to systems or data
- Ransomware or malware infections
- Data breaches or data theft
- Phishing attacks that resulted in credential compromise
- Suspicious network activity or unexpected system behavior
- Lost or stolen devices containing sensitive information
- Insider threats or policy violations with security implications
How to Report an Incident
Step 1: Internal Documentation
Before contacting external authorities, document these essential details:
- Date and time of discovery
- Systems, data or services affected
- Initial assessment of impact
- Actions already taken to contain the incident
- Point of contact information
Step 2: Contact Appropriate Authorities
Select the appropriate agency based on your location and the nature of the incident.
Official Reporting Channels by Country
United States
Cybersecurity & Infrastructure Security Agency (CISA)
- Report incidents email: [email protected]
- 24/7 Hotline: 1-888-282-0870
- CISA Incident Reporting System: https://myservices.cisa.gov/irf
Federal Bureau of Investigation (FBI)
- Internet Crime Complaint Center: https://www.ic3.gov/
- Local FBI Field Office: Find your field office
Australia
Australian Cyber Security Centre (ACSC)
- Telephone: [+61] 1300 CYBER1 ([+61] 1300 292 371)
- Online: https://www.cyber.gov.au/
Office of the Australian Information Commissioner - (for data breaches)
- Phone: [+61] 1300 CYBER1 ([+61] 1300 292 371)
- Online: Notifiable data breaches
United Kingdom
National Cyber Security Centre (NCSC)
- Phone: [+44] (0)300 123 2040
- Online: https://www.ncsc.gov.uk/
Action Fraud (for fraud and cybercrime)
- Phone: [+44] (0)300 123 2040
- Online: https://www.actionfraud.police.uk/
New Zealand
CERT NZ (Computer Emergency Response Team)
- Phone: [+64] 0800 CERT NZ ([+64] 0800 2378 69)
- Online: https://www.cert.govt.nz/
Industry-Specific Reporting Requirements
Financial Services
Report to financial regulators and central banks
- USA: FinCEN
- UK: Financial Conduct Authority
- Australia: APRA
- New Zealand: Financial Markets Authority
Healthcare
Report to financial regulators and central banks
- USA: HIPAA Breaches
- UK: NHS Digital
- Australia: Australian Digital Health Agency
- New Zealand: Ministry Of Health
Key Points for SMBs, Business Owners and IT Managers
Business Impact Considerations
- Regulatory Requirements: Many jurisdictions have mandatory reporting requirements with strict timelines
- Legal Implications: Proper reporting can provide legal protections and demonstrate due diligence
- Insurance Notification: Most cyber insurance policies require prompt notification to maintain coverage
- Reputation Management: Proper handling of incident reporting can aid in reputation damage
Essential Preparation Steps
Report to financial regulators and central banks
- Develop an Incident Response Plan before an incident occurs
- Establish Clear Reporting Chains within your company
- Document All Security Incidents even those that seem minor
- Train Staff on how to identify and report security events
- Have Communication Templates for different types of incidents
- Maintain a Contact List of relevant authorities and stakeholders
“68% of companies that experience a breach subsequently have another breach attempt within the following year ... with 55% facing successful secondary breaches within 18 months.”– Accenture "State of Cybersecurity Resilience" Report
After Reporting