report an incident

Security incident reporting - official channels.

When a security incident occurs, knowing exactly who to contact can make all the difference. A quick-contact guide for the United States, Canada, United Kingdom, Australia and New Zealand, plus the first steps to take before you call.

When to report an incident

If your business experiences any of the following, immediate reporting is recommended:

  • Unauthorised access to systems or data
  • Ransomware or malware infections
  • Data breaches or data theft
  • Phishing attacks that compromised credentials
  • Suspicious network activity or unexpected system behaviour
  • Lost or stolen devices containing sensitive information
  • Insider threats or policy violations with security implications

Step 1 - document it internally

Before contacting external authorities, capture these essentials:

  • Date and time of discovery
  • Systems, data or services affected
  • An initial assessment of impact
  • Actions already taken to contain the incident
  • A point-of-contact for the response

Step 2 - contact the right authority

Select the agency based on your location and the nature of the incident. The official channels are below.

DarkSub - general support and account enquiries

For help with your account or your monitoring, reach our team any time.

official channels by country

Who to contact, where you are.

These are the national cyber and cybercrime reporting bodies. In an active emergency that threatens life, always call your local emergency number first.

United States

Cybersecurity and Infrastructure Security Agency (CISA)
Federal Bureau of Investigation (FBI)

Canada

Canadian Centre for Cyber Security
Canadian Anti-Fraud Centre

United Kingdom

National Cyber Security Centre (NCSC)
Action Fraud - fraud and cybercrime

Australia

Australian Cyber Security Centre (ACSC)
OAIC - notifiable data breaches

New Zealand

CERT NZ - Computer Emergency Response Team
industry-specific requirements

Regulated? You may have to report there too.

On top of the national channels, some sectors have their own mandatory reporting, often with strict timelines.

Financial services

Report to your financial regulator

Healthcare

Report to your health regulator
for SMBs and IT managers

Handle it well and it costs you less.

Business impact

  • Regulatory requirements: many jurisdictions have mandatory reporting with strict timelines.
  • Legal implications: proper reporting can provide legal protection and demonstrate due diligence.
  • Insurance: most cyber policies require prompt notification to keep coverage valid.
  • Reputation: handling reporting well limits the reputational damage of a breach.

Prepare before it happens

  1. Develop an incident response plan before an incident occurs.
  2. Establish clear reporting chains within your business.
  3. Document all security incidents, even the ones that seem minor.
  4. Train staff to identify and report security events.
  5. Keep communication templates for different incident types.
  6. Maintain a contact list of the relevant authorities and stakeholders.
"68% of companies that experience a breach have another breach attempt within the following year, with 55% facing successful secondary breaches within 18 months."
- Accenture, State of Cybersecurity Resilience

After you have reported

  • Continue to document all activities and findings.
  • Preserve evidence following proper forensic procedures.
  • Communicate with your teams following your response plan.
  • Run a post-incident review to identify improvements.
  • Make sure you have continuous monitoring so the next one reaches you first.