How to report cyber crime

A single cyber incident can disrupt operations, compromise sensitive data, and damage trust. In the face of such a threat, time is of the essence. Prompt and accurate reporting can help protect your business and support wider efforts to combat cyber crime.  

When dealing with a cyber crime, it can be overwhelming knowing what to do next. Understanding who you can or should report it to can take some uncertainty out of an already stressful situation. 

We’ll be breaking down the different organisations you can report cyber crime to, like official organisations like Action Fraud and the NCSC as well as other parties who may need to be in the loop. 

Why report a cyber incident 

Action Fraud data shows that nearly £1 million was lost to hackers in 2024. They also received 35,434 reports of social media and email account hacking compared to 22,530 reports recorded in 2023. 

Unfortunately, this is only part of the story, with many victims decide not to report cyber crimes through fear of embarrassment. But it’s important to remember that anyone can be a victim. 

Reporting cyber crimes can help catch the criminals and stop other people becoming victims too. So who do you need to tell when you experience or suspect a cyber crime? 

How to report cyber crime 

The circumstances of an incident will determine who you’ll need to report it to. If you’re not a victim but spot suspicious communication you think could be a scam, you can report it to get checked by official channels. If you’ve become a victim of a cyber incident (have lost money, data, services), then you would be reporting it is as a crime. 

A few key organisations you can contact: 

Action Fraud

Through Action Fraud you can report a cyber crime 24/7 through their online reporting tool, or you can call them on 0300 123 2040 Monday – Friday 8am-8pm. 

National Cyber Security Centre (NCSC)

Part of GCHQ, the NCSC works to safeguard the UK’s critical systems and online services. You can report an incident through the NCSC, specifically suspicious emails, messages and websites. 

Information Commissioner’s Office (ICO) 

If an incident involves a breach of personal data, you may need to report it to the ICO. If you’re not sure, you can use the ICO’s Self-Assessment Tool. 

The Advertising Standards Authority (ASA)

Digital ads can also present opportunities for cyber criminals to scam online users. If you think an ad you’ve seen could be a scam (links to a fake page, endorses fake schemes etc), you can report it to the ASA, so they can work to get the ads taken down. 

Not sure who to report to?

If you’re not sure who to report a cyber incident to, you can use the UK government’s cyber incident signposting service to find out who you might need to contact. 

Notifying third parties of cyber incidents 

How to report cyber incidents is a good place to start, but you should also bear in mind other organisations and persons that might need to be notified. 

Affected customers

One of the biggest risks businesses might face is the security of any customers data they handle. And if you’re a business that offers a digital service, the availability of that service is crucial to running your business. 

If you experience a breach that adversely affects the personal data or privacy of your customers, you need to inform those affected as soon as possible. 

Or, if a cyber attack results in your online service or platforms becoming unavailable, you should consider if users should be notified. 

Legal advisor

Cyber crimes can cause a lot of subsequent fallout, from reputational damage to customers taking legal action. If you have a legal advisor, you may want to notify them and seek advice of how to handle the incident and any steps you should take to mitigate damages.   

Third-party platform owner

If a cyber attack involves a platform owned or managed by a third-party, you may want to notify them of the attack. They may also be able to provide advice and support for your situation and stop other users from being targeted. 

Insurance provider

Businesses who hold cyber insurance cover will need to contact their insurance provider as soon as possible. Many providers will require prompt notification as part of their policy terms for any event that could result in a claim. 

What else should you do in the event of cyber crime 

Reporting cyber attacks is one thing you should do if you’re a target of an incident. When your business is impacted, it can be quite distressing and knowing what to do can help you keep a level head. 

A few steps you need to take include understand the type of crime you’re facing, assessing the extent of the impact and preventing further damage. 

We’ve written a simple step-by-step guide on what to do if you’re a cyber attack victim for more info. 

Getting cyber incident support 

Available as an optional add-on with our Contractor Insurance, our Cyber Liability cover includes access to a 24/7 incident response helpline. Whether you’re dealing with a confirmed cyber incident or just suspect something might be wrong, we’ve got experts on hand to help. 

That means you can get your cyber insurance alongside other cover like Public Liability, Professional Indemnity, Personal Accident cover and Employers’ Liability, all under one policy. 

If you’re interested to more about what our policies cover, give our in-house experts a call on 01242 312 604 – we can help make sure you get the cover you’re looking for.