Neil Hare-Brown
CEO - STORM Guidance
When experience matters
STORM Guidance are pioneers of digital investigations, beginning our journey in early 1990's supporting cybercrime and other criminal investigations with digital forensics, where our work established cybercrime case law and earned us police and judicial commendations in the UK and the US.
We have been the Cyber Incident Response (CIR) firm of choice for leading cyber insurers for over a decade.
Since then, we have continued to maintain thought leadership in the area of cyber incident response, authoring a seminal book, published by BSi, in 2007 and co-founding the first cyber incident response service for cyber insurance in 2012.
Our current CIR service delivers a comprehensive suite of specialisms. All that is needed for any organisation of any size when faced with a cyber incident. We are proud to be a UK NCSC CIR L2 Assured Service Provider (ASP).
CyberCare service offerings
Our CIR first-responders are highly experienced, offering comprehensive services that cover everything from strategic coordination to in-depth technical investigation and data mining. They provide legal and corporate communications advice, engage with threat actors, ensure rapid systems recovery, and offer trauma counselling.
STORM's CyberCare service is designed to provide flexible response to any type of incident that businesses might experience, including ransomware, business email compromise, data breach, denial-of-service attacks, malware attack and any other type of cyber and fraud incident.
The CyberCare service offerings include:
Service highlights
What your business can expect from CyberCare
Preparedness checks
As part of our onboarding process for new clients, we conduct rigorous annual preparedness checks. These ensure your organisation is ready to tackle cyber threats effectively.
We review your security protocols, incident response plans, and risk management strategies to tailor our insurance coverage precisely. By doing so, we not only mitigate risks but also empower your team to handle any cyber incident confidently, safeguarding your operations and reputation in today's digital landscape.
Speak to our team to find out more
Welcome Pack
A compendium of useful CIR materials including checklists and playbooks for common incidents.
Board-level Briefing
Presenting the current state of cyber risk and explaining the best strategies to manage it effectively.
CIR Assimilation
Rapid learning of technical & organisational controls to assist in optimised incident response.
Cyber Risk Assessment
A comprehensive analysis of your exposures with practical recommendations for remediation.
Active Scanning
Advanced attack surface analysis, scanning of external digital estate (and suppliers on request).
Cyber Incident Exercising
A tailored tabletop drill using a realistic, business-aligned scenario to test your response to an incident.
Delivery process
We use the standard NCSC process to produce and deliver an optimal incident response:
Focus
STORM CyberCare binds all relevant levels and specialisms within your business with our tried-and-tested approach to cyber incident response.
Our experts have extensive working knowledge of every aspect of cyber incident response. To coin a phrase, "There really isn't much we have not seen".
Board-level
Strategic business impact assessment and decision making; reporting to legal and regulatory bodies; threat actor engagement; and external facing communications.
Managerial
Assistance with incident coordination including translation from operational detail to business risks, tracking strategic objectives, tactical decision-making and wider stakeholder engagement.
Operational
A range of vital activities carried out as part of an incident response plan, including initial triage and escalation as well as technical support for the investigation and systems & data recovery.
Focus & delivery process
Trustworthiness above all else
In providing only assessment and investigation services we are not conflicted like many other service providers who 'mark their own homework'.
Innovation, automation and cost reduction
STORM have several proprietary tools:
-
Cyber3: A risk assessment portal, seamlessly connecting clients and third parties.
-
CyberSeven: A board-level assessment to reveal, understand and remediate risk exposures.
-
CyberProfiler: An Attackers Eye View™ of your online business.
-
CyberDiscover: An AI service that reduces the time and cost of data mining activities.
Experience matters
When it comes to cyber incident response, there is a clear difference between specialists with decades of experience and those with just a few years (or less).
Tech-led claims impact reduction
The minimal risk of not attaching legal privilege from the start is far outweighed by the significant risk and potential financial loss from delaying the technical response.
One of the primary benefits of CyberCare is the proactive onboarding that helps prepare organisations for cyber-attack. CyberCare will help identify gaps in existing incident response plans and ensure that all team members know their roles and responsibilities during an incident.
It is simply not possible for even the largest organisations to have specific CIR skills such as malware analysis, ransom negotiation, sanctions checking or trauma counselling. CyberCare will help by providing all the skills and experience necessary to deal with any type of cyber incident.
Our sub-hour hotline and technical assimilation (part of CyberCare onboarding) will mean that businesses can significantly reduce response times to actual cyber incidents. Faster response times can minimise the impact of a breach, including financial losses, reputational damage, and regulatory penalties.
Cyber incidents are increasingly hybrid in nature, causing or being triggered by other events such as physical security events and damage. Complex supply chains mean that third parties are involved inextricably linked most cyber incidents. CyberCare onboarding and regular review allows teams to understand how these additional factors will affect their management of risk during an incident.
Effective communication is crucial during a cyber incident. CyberCare onboarding allows the STORM team to work with businesses to test and refine communication protocols, ensuring that information flows efficiently between technical specialists, management, and external stakeholders (such as law enforcement, insurers and regulatory bodies) when an incident occurs.
CyberCare onboarding and renewal risk assessments often reveal previously unidentified technical vulnerabilities that could be exploited by attackers. Identifying and remedying these vulnerabilities before an actual attack occurs can strengthen businesses security posture. Furthermore, our rapid analysis of indicators of compromise enables us to quickly identify and eradicate vulnerabilities when an incident occurs.
For organisations subject to regulatory requirements regarding cybersecurity, CyberCare specialists will help ensure that businesses are compliant with relevant laws and regulations such as GDPR, DORA, PCI DSS and others. This can prevent legal issues and fines associated with non-compliance in the aftermath of an incident.
What will cyber insurance cover in the event of an incident? How will a policy respond? How will CyberCare work in conjunction with our policy? As the CIR firm of choice on many cyber insurer panels, we have designed CyberCare to work seamlessly with cyber insurance. CyberCare will enable teams to leverage the optimal benefits of cyber insurance coverage.
STORM CyberCare provides highly skilled and experienced incident response specialists to work with and guide businesses during and incident. CyberCare also provides Cyber Incident Exercises that serve as practical training sessions, raising awareness among staff about the importance of cybersecurity and familiarising them with the latest attack techniques.
STORM CIR specialists will respond to cyber incidents reported by businesses and will progress both investigatory and recovery activities. This ensures that you will both respond effectively to incidents and recover from them in a timely and organised manner, minimising downtime and operational disruption.
Our CIR team has long experience of working with external parties such as legal specialists, IT vendors and service providers, insurers, cybersecurity firms, law enforcement, and other stakeholders. This collaboration can improve coordination and communication with these entities when an incident occurs.
Cyber incidents can often reveal gaps in sufficient resourcing and knowledge. Our CyberCare service plugs these gaps with significant expertise, providing all that is needed to respond to cyber incidents effectively. In addition, proactively identifying these issues with our Cyber Incident Exercises, will enable forward planning to ensure such exposures will not cause unnecessary problems just when you need them most.
An assumed understanding of critical business systems and processes is often one that is left unchallenged until a crisis occurs. When an incident occurs, our CyberCare response team will help decision-makers, at all levels, to see the wood for the trees when collaborating on impact reduction. This information can also help to inform any cyber insurance claim.
Common problems solved
CyberCare provides a full-spectrum cyber incident response service.
Here are the key problems that CyberCare can help solve.
By addressing these issues, CyberCare plays a vital role in enhancing business resilience, ensuring that it is better equipped to manage and recover from cyber incidents effectively.
Let's talk
Speak to our CyberCare team today
Contact the CyberCare team
If you would prefer to speak to the team, give us a call:
UK/Europe: +44-203-693-7480
Africa: +230-434-1277
USA: +1-703-232-9015
Your contact details will only be used in connection with this enquiry. Please read our Privacy Policy.