Contain carefully
Disconnect clearly affected systems if needed, but preserve logs, snapshots, email evidence and access records where possible.
Incident Response
Breach support when decisions, evidence and containment matter.
If you are dealing with ransomware, business email compromise, cloud exposure, identity compromise, malware or suspected data loss, call now and preserve evidence before making major changes.
First Response
What to do before and during the first call.
Incident response is a balance between containment and evidence preservation. Do not wipe devices, delete logs or make large uncontrolled changes before the response path is understood.
Capture facts
Record what happened, when it was noticed, affected systems, suspected accounts, screenshots, alerts and known business impact.
Escalate authority
Identify who can approve containment, communications, legal coordination, insurer notification and executive decisions.
Response Flow
A structured path for high-pressure incidents.
01
Triage
Confirm incident type, affected systems, current business impact and immediate containment risk.
02
Stabilise
Preserve evidence, stop obvious spread, secure accounts and define communications and decision authority.
03
Investigate
Review logs, endpoint evidence, identity events, email artefacts, cloud activity and known indicators.
04
Contain and recover
Apply containment, remove persistence, restore operations and validate that affected pathways are controlled.
05
Review and uplift
Document lessons learned, root causes, evidence gaps, control improvements and executive reporting requirements.
Common Incident Types
Where we can help.
Ransomware and malware
Containment, evidence capture, affected system scoping, recovery coordination and post-incident uplift.
Business email compromise
Mailbox investigation, forwarding rules, OAuth app review, access reset and communications support.
Cloud compromise
IAM review, access key rotation, logging review, public exposure investigation and remediation priorities.
Data exposure
Technical scoping, evidence collection, affected data analysis support and governance reporting.
Incident Support
Need immediate support?
Call the incident response line or submit the urgent incident form. The contact form requires the key details needed to respond.