24/7 Cyber Incident Response  

Our NCSC accredited Cyber Incident Response and Forensics service is a 24/7 standby service for cyber incidents or data breaches. Our call handlers will connect you to a cyber specialist first responder by telephone to assess the support required. We are bound by confidentiality and you have no obligation to proceed.

We’ll deploy specialists as quickly as we can from our global network; normally within hours of your initial call. The speed of response is often crucial to limiting brand damage. Our specialists are skilled and practiced at scoping and sizing an incident for technical analysis, containment, and immediate remediation.

We work alongside other Deloitte specialist services including Crisis Management and Communications, Technology Recovery, and Customer Breach Support. Where the initial evaluation identifies these services are needed, they can be deployed within hours to support the recovery.

If you are experiencing a cyber incident, please call us on our 24/7 hotline for immediate advice and assistance from our cyber specialists.

Who are we?

Our experienced Cyber Incident Response team are full time Deloitte employees from our UK and global network. Our retained clients have response Service Level Agreements in place and we work with them regularly to understand their business and risks. We also regularly help non-retained organisations on a ‘walk-in’ basis. Our responders bring their practical hands-on experience to response situations, to help our clients better prepare themselves for cyber security incidents; reducing internal response times and building capability.

What are we asked for most in CIR and what are we best at?

No two incidents are the same, but there is some commonality in the types of support asked for by our clients. The following are the activities we are best practiced at:

• Cyber Incident Management – Reducing the impact of an incident through efficient, coordinated, and structured management including activity prioritisation, work stream design, resolver team management, and senior stakeholder liaison and communication. 
• Network Forensics – Analysis of network traffic to detect, understand, and analyse anomalous activity for indicators of compromise and active adversaries. 
• Endpoint Forensics – Examination of endpoints to collect, preserve, and analyse information or evidence gathered from applications, memory, and files.
• Malware Analysis – Analysis of executables, scripts, or known malicious software to understand their purpose and identify malicious activity through dynamic and static reverse engineering.
• Log File Analysis – Investigation of logs from existing sources to detect anomalous activity and identify indicators of compromise.
  

What else to consider

We have found clients regularly need a range of specialist services during incidents. The CIR team works with all of our other cyber specialist teams to ensure you are fully protected;

• Forensics – Our computer forensics team acquire, preserve, and analyse all types of digital forensic evidence. Follow this link for more information.
• Cyber Threat Intelligence (CTI) – Our CTI service provides a search capability across the internet or social media to look for compromised data or identify malicious activity and indicators of compromise relating to cyber incidents. Follow this link for more information.
• Customer Breach Support (CBS) – Our CBS service assists organisations by minimising the reputational and financial impact of a data breach. Follow this link for more information.
• Crisis Management and Communications – Our crisis and communications professionals are trained to support internal teams and board-level executives with all decision making. Follow this link for more information.
• Business Continuity – Our Business Continuity subject matter professionals assist organisations in returning to ‘business as usual’ as swiftly as possible after an incident. Follow this link for more information.
• Technology Recovery – Our Technology Recovery subject matter professionals can support you in enacting your contingency plans and returning technical operations and systems to a normal state after a cyber attack, or other disruption.
• Penetration Testing – Our team of specialist penetration testers offer a broad range of capabilities, including Red Teaming and CBEST services. Follow this link for more information.

Our Advisory Services

Prevention is better than cure, and our Cyber Incident Response Advisory services enable you to prepare your incident response capabilities by aligning your people, processes, and technology strategies to proven methodologies. Led and delivered by our Cyber Incident Responders and incorporating lessons learnt from the most recent live incidents, our services include:

• Procedure and Playbook Development – Designing, developing, and embedding bespoke incident response procedures and playbooks.
• Readiness Assessments – Reviewing your current Cyber Incident Response capabilities. 
• Cyber Wargaming – Exercising and rehearsing your end-to-end organisational response to a cyber incident through workshops, desktops, or simulations.
• Threat Hunting – Identifying and resolving existing and potential threats, and resolving events before they become incidents. 
• CSIRT Transformation Programme – Uplifting your overall Cyber Incident Response capability.

Notable quotes

Deloitte enables clients to manage high-impact events with confidence.
 

Deloitte is a global consultancy with cyber intelligence integrated into its end-to-end services to ensure incident readiness for clients.
 

It has a deep understanding of the requirements for a successful incident response and differentiates in how it articulates these requirements.