Skip to main content

24/7 Cyber Incident Response (CIR)

For immediate support, Deloitte’s cyber specialists are on call.

Our Cyber Incident Response and Digital Forensics service is a 24/7 service for cyber incidents and data breaches. Our cyber security specialists will help to triage the incident, understand what has happened, and the level of support you require. We are bound by confidentiality, and you have no obligation to proceed.

Our practice operates a global network of cyber incident responders and provides access to multiple specialist services when you need them most, including: Incident Management and Technical Response, Digital Forensics and eDiscovery, Privacy and Data Protection, and Customer Breach Support, Crisis Management and Communications, and Technology Recovery.

Whether confronted with the impacts of destructive malware, compromise of your email systems, or cyber extortion through data theft, our team is equipped with the expertise, resources and capacity to manage the varying impacts of an attack and recover your business to a stronger position.

If you are experiencing a cyber incident, please call us on our 24/7 hotline for immediate advice and assistance from our cyber security specialists.

Contact us

24x7 Hotline :

1300 639 875

Email :

(non-urgent only)

Our Cyber Incident Response Retainer

In today’s rapidly changing threat environment, our CIR Retainer services offer you the confidence of knowing your organisation has a team of cyber incident response specialists on speed dial, ready to take swift action when needed.

Our CIR Retainer options allow you to pre-purchase cyber incident response services, providing year-round, 24/7 cyber access to our specialist CIR team. As a retainer client, you’ll have a direct line of communication with our globally-recognised CIR team, allowing you to pick up the phone and mobilise our team to support you in the timely management, triage, investigation and resolution of a cyber incident.

Cyber incident response brochure

Deloitte has been named a leader in Cyber Incident Response Services in Forrester’s recent reports entitled The Forrester Wave™: Cybersecurity Incident Response Services, Q1 2022 (and previously, Q1 2019)

What are we asked for most, and what are we best at?

No two incidents are the same, but there is some commonality in the types of support our clients ask for. The following are the activities we are best practiced at:

 Reducing the impact of an incident through efficient, coordinated, and structured management including activity prioritisation, work stream design, project management, resolver team management, and senior stakeholder liaison and communication.

Investigation of logs from existing sources to detect anomalous activity and identify indicators of compromise

Collection, preservation, and analysis of information or evidence gathered from applications, memory, and files on endpoints

 Analysis of network traffic to identify anomalous activity and indicators of compromise or active adversaries

Analysis of executables, scripts, or known malicious software to understand their purpose and identify malicious activity through dynamic and static reverse engineering

Proactively search to detect and isolate existing threats which may have evaded security defences, in contrast with the traditional reactive threat management approach which typically involves an investigation after potential incidents have set off alarms

What types of incidents can we help with?

Our Cyber Incident Response team can help you investigate, respond to, and recover from a wide range of potential incidents, often varying in size, complexity, and geographic location. Some of the most common incidents we are asked to assist with include:

  • Phishing and Business Email Compromise (BEC) – An incident in which cyber criminals target employees’ email accounts to obtain sensitive information such as credentials and financial information. Business Email Compromise (BEC) is a particular form of phishing in which cyber criminals attempt to defraud an organization e.g. wire / invoice fraud)
  • Ransomware – An incident in which cyber criminals deploy sophisticated malware to encrypt or “lock” IT systems (servers, workstations, mobile devices, etc.), until a ransom is paid. Increasingly, cyber criminals also steal large quantities of data from a target network to increase their leverage against the organization (known as double extortion).
  • Improper Usage - An incident resulting from violation of an organisation’s acceptable usage policies by an authorised user. This could be accidental or on purpose but should be reviewed to ensure suitable action is taken.
  • Web Application Attacks – An incident impacting a web application or service, such as a public-facing company website, e-commerce / digital store website, business-to-business web application, or application programming interface (API).
  • Advanced Attacks - Targeted attacks from an individual or other credible organisation often with the intention to steal corporate data. These attacks can use any form of delivery mechanism but are hard to detect and even harder to effectively remediate.
  • Data Breach – Any incident which results in unauthorised access to or disclosure of sensitive data (including personal, health, financial information, etc.). Depending on the organisation and the incident, organisations may have obligations to notify regulators, governments, and individuals of such data breaches.

What else to consider

We have found clients regularly need a range of specialist services during incidents. Our practice operates a global network of cyber incident responders and provides access to multiple specialist services when you need them most, including:•

  • Digital Forensics – Our digital forensics team acquires, preserves, and analyses all types of digital forensic evidence.
  • Cyber Intelligence Centre (CIC) - Our global network of CICs provide fully customisable, 24/7/365, managed security solutions, tightly integrated with our incident response and other cyber advisory services, so you don’t have to face the challenge on your own.
  • Cyber Threat Intelligence (CTI) – Our CTI service provides a search capability across the internet (surface, deep, and dark web) and social media to look for compromised data or identify malicious activity and indicators of compromise relating to cyber incidents.
  • Customer Breach Support (CBS) – Our CBS service assists organisations by minimising the reputational and financial impact of a data breach.
  • Crisis Management and Communications – Our crisis and communications professionals are trained to support internal teams and board-level executives with all decision making.
  • Business Continuity – Our Business Continuity subject matter professionals assist organisations in returning to ‘business as usual’ as swiftly as possible after an incident.
  • Technology Recovery – Our Technology Recovery subject matter professionals can support you in enacting your contingency plans and returning technical operations and systems to a normal state after a cyber attack, or other disruption.
  • Penetration Testing – Our team of specialist penetration testers offers a broad range of capabilities, including network and web application penetration testing, and red and purple teaming.
  • Cyber Strategy and Transformation – Uplifting your overall cyber security program. Our Cyber Strategy services balance the requirements to be secure, vigilant, and resilient with strategic objectives and the risk appetite of your organisation.

Our Incident Response Proactive Services

Prevention is better than cure, and our Cyber Incident Response Advisory services enable you to prepare your incident response capabilities by aligning your people, processes, and technology strategies to proven methodologies. Led and delivered by our Cyber Incident Responders and incorporating lessons learnt from the most recent live incidents, our services include:•

  • Policies, Procedures, and Playbooks – Designing, developing, and embedding tailored incident response policies, plans, and playbooks.
  • Incident Readiness Assessments – Reviewing your current Cyber Incident Response capabilities (e.g. ransomware readiness assessments)
  • Cyber Wargaming and Exercises – Exercising and rehearsing your end-to-end organisational response to a cyber incident through workshops, desktops, and technical or non-technical simulations.
  • Compromise Assessments and Threat Hunting – Identifying and resolving indicators of existing network compromise or threats, and resolving events before they become incidents.
  • CIR Transformation Program – Uplifting your Cyber Incident Response (CIR) capability (incorporating people, processes, and technology).

"With its reputation as a premier cybersecurity consulting firm, Deloitte approaches incident response and crisis management holistically with brand and reputation preservation in mind”

“Deloitte emphasizes trust restoration throughout the incident response lifecycle”

“Security leaders looking to ensure board and executive buy-in for transformational efforts tied to incident readiness, response, and overall program maturity should consider Deloitte”

“Should an incident arise, [Deloitte] offers key trust restoration services like notification support and hands-on environment recovery and transformation. All of this is in addition to its data-driven, tool-agnostic incident response capabilities.”

“Deloitte enables clients to manage high-impact events with confidence.”

“Deloitte is a global consultancy with cyber intelligence integrated into its end-to-end services to ensure incident readiness for clients.” 

“It has a deep understanding of the requirements for a successful incident response and differentiates in how it articulates these requirements.”