top of page

A singular partner for Strategic, Tactical & Operational Risk Management.
STORM - it's what we do.

CyberCare by STORM Guidance

The global cyber incident response service

NCSC Incident Response Assured provider
NCSC CIE Assured provider
CCS_WHITE_Supplier_AW_72dpi.png
Neil Haire-Brown, CEO STORM Guidance

Neil Hare-Brown

CEO - STORM Guidance

When experience matters

STORM Guidance are pioneers of digital investigations, beginning our journey in early 1990's supporting cybercrime and other criminal investigations with digital forensics, where our work established cybercrime case law and earned us police and judicial commendations in the UK and the US.

We have been the Cyber Incident Response (CIR) firm of choice for leading cyber insurers for over a decade.

Since then, we have continued to maintain thought leadership in the area of cyber incident response, authoring a seminal book, published by BSi, in 2007 and co-founding the first cyber incident response service for cyber insurance in 2012.

 

Our current CIR service delivers a comprehensive suite of specialisms. All that is needed for any organisation of any size when faced with a cyber incident. We are proud to be a UK NCSC CIR L2 Assured Service Provider (ASP).​

CyberCare service offerings

Our CIR first-responders are highly experienced, offering comprehensive services that cover everything from strategic coordination to in-depth technical investigation and data mining. They provide legal and corporate communications advice, engage with threat actors, ensure rapid systems recovery, and offer trauma counselling.

STORM's CyberCare service is designed to provide flexible response to any type of incident that businesses might experience, including ransomware, business email compromise, data breach, denial-of-service attacks, malware attack and any other type of cyber and fraud incident.

The CyberCare service offerings include:

Retainer

A comprehensive CIR retainer hotline and supporting services.

Insurer

Full-spectrum CIR for insurers and policyholders.

We respond to any cyber or fraud incident, globally

The team at STORM have considerable experience across the field.

Learn more about some of the more common incident types we respond to.

Business employees discuss cyber retainer service

Service highlights

What your business can expect from CyberCare

Preparedness checks

As part of our onboarding process for new clients, we conduct rigorous annual preparedness checks. These ensure your organisation is ready to tackle cyber threats effectively.

We review your security protocols, incident response plans, and risk management strategies to tailor our insurance coverage precisely. By doing so, we not only mitigate risks but also empower your team to handle any cyber incident confidently, safeguarding your operations and reputation in today's digital landscape.

Speak to our team to find out more

welcome-pack-blue.png

Welcome Pack

A compendium of useful CIR materials including checklists and playbooks for common incidents.

briefing-blue.png

Board-level Briefing

Presenting the current state of cyber risk and explaining the best strategies to manage it effectively.

assimilation-blue.png

CIR Assimilation

Rapid learning of technical & organisational controls to assist in optimised incident response.

accessment-blue.png

Cyber Risk Assessment

A comprehensive analysis of your exposures with practical recommendations for remediation.

active-scanning-blue.png

Active Scanning

Advanced attack surface analysis, scanning of external digital estate (and suppliers on request).

exercise-blue.png

Cyber Incident Exercising

A tailored tabletop drill using a realistic, business-aligned scenario to test your response to an incident.

Delivery process

We use the standard NCSC process to produce and deliver an optimal incident response:

Focus

STORM CyberCare binds all relevant levels and specialisms within your business with our tried-and-tested approach to cyber incident response.

Our experts have extensive working knowledge of every aspect of cyber incident response. To coin a phrase, "There really isn't much we have not seen".

strategic.png

Board-level

Strategic business impact assessment and decision making; reporting to legal and regulatory bodies; threat actor engagement; and external facing communications.

tactical.png

Managerial

Assistance with incident coordination including translation from operational detail to business risks, tracking strategic objectives, tactical decision-making and wider stakeholder engagement.

operational.png

Operational

A range of vital activities carried out as part of an incident response plan, including initial triage and escalation as well as technical support for the investigation and systems & data recovery.

Focus & delivery process

Trustworthiness above all else

In providing only assessment and investigation services we are not conflicted like many other service providers who 'mark their own homework'.

Innovation, automation and cost reduction

STORM have several proprietary tools:

  • Cyber3: A risk assessment portal, seamlessly connecting clients and third parties.

  • CyberSeven: A board-level assessment to reveal, understand and remediate risk exposures.

  • CyberProfiler: An Attackers Eye View™ of your online business.

  • CyberDiscover: An AI service that reduces the time and cost of data mining activities.

Experience matters

When it comes to cyber incident response, there is a clear difference between specialists with decades of experience and those with just a few years (or less).

Tech-led claims impact reduction

The minimal risk of not attaching legal privilege from the start is far outweighed by the significant risk and potential financial loss from delaying the technical response.

Why choose us?

The CyberCare difference - We're what 'good' looks like

Here are just some of the key reasons why CyberCare outshines other cyber incident response retainer offerings and helps our clients to respond optimally.

  • One of the primary benefits of CyberCare is the proactive onboarding that helps prepare organisations for cyber-attack. CyberCare will help identify gaps in existing incident response plans and ensure that all team members know their roles and responsibilities during an incident.

  • It is simply not possible for even the largest organisations to have specific CIR skills such as malware analysis,  ransom negotiation, sanctions checking or trauma counselling. CyberCare will help by providing all the skills and experience necessary to deal with any type of cyber incident.

  • Our sub-hour hotline and technical assimilation (part of CyberCare onboarding) will mean that businesses can significantly reduce response times to actual cyber incidents. Faster response times can minimise the impact of a breach, including financial losses, reputational damage, and regulatory penalties.

  • Cyber incidents are increasingly hybrid in nature, causing or being triggered by other events such as physical security events and damage. Complex supply chains mean that third parties are involved inextricably linked most cyber incidents. CyberCare onboarding and regular review allows teams to understand how these additional factors will affect their management of risk during an incident.

  • Effective communication is crucial during a cyber incident. CyberCare onboarding allows the STORM team to work with businesses to test and refine communication protocols, ensuring that information flows efficiently between technical specialists, management, and external stakeholders (such as law enforcement, insurers and regulatory bodies) when an incident occurs.

  • CyberCare onboarding and renewal risk assessments often reveal previously unidentified technical vulnerabilities that could be exploited by attackers. Identifying and remedying these vulnerabilities before an actual attack occurs can strengthen businesses security posture. Furthermore, our rapid analysis of indicators of compromise enables us to quickly identify and eradicate vulnerabilities when an incident occurs.

  • For organisations subject to regulatory requirements regarding cybersecurity, CyberCare specialists will help ensure that businesses are compliant with relevant laws and regulations such as GDPR, DORA, PCI DSS and others. This can prevent legal issues and fines associated with non-compliance in the aftermath of an incident.

  • What will cyber insurance cover in the event of an incident? How will a policy respond? How will CyberCare work in conjunction with our policy? As the CIR firm of choice on many cyber insurer panels, we have designed CyberCare to work seamlessly with cyber insurance. CyberCare will enable teams to leverage the optimal benefits of cyber insurance coverage.

  • STORM CyberCare provides highly skilled and experienced incident response specialists to work with and guide businesses during and incident. CyberCare also provides Cyber Incident Exercises that serve as practical training sessions, raising awareness among staff about the importance of cybersecurity and familiarising them with the latest attack techniques.

  • STORM CIR specialists will respond to cyber incidents reported by businesses and will progress both investigatory and recovery activities. This ensures that you will both respond effectively to incidents and recover from them in a timely and organised manner, minimising downtime and operational disruption.

  • Our CIR team has long experience of working with external parties such as legal specialists, IT vendors and service providers, insurers, cybersecurity firms, law enforcement, and other stakeholders. This collaboration can improve coordination and communication with these entities when an incident occurs.

  • Cyber incidents can often reveal gaps in sufficient resourcing and knowledge. Our CyberCare service plugs these gaps with significant expertise, providing all that is needed to respond to cyber incidents effectively. In addition, proactively identifying these issues with our Cyber Incident Exercises, will enable forward planning to ensure such exposures will not cause unnecessary problems just when you need them most.

  • An assumed understanding of critical business systems and processes is often one that is left unchallenged until a crisis occurs. When an incident occurs, our CyberCare response team will help decision-makers, at all levels, to see the wood for the trees when collaborating on impact reduction. This information can also help to inform any cyber insurance claim.

Common problems solved

CyberCare provides a full-spectrum cyber incident response service.

Here are the key problems that CyberCare can help solve.

By addressing these issues, CyberCare plays a vital role in enhancing business resilience, ensuring that it is better equipped to manage and recover from cyber incidents effectively.

Let's talk

Speak to our CyberCare team today

Contact the CyberCare team

If you would prefer to speak to the team, give us a call:

UK/Europe: +44-203-693-7480

Africa: +230-434-1277

USA: +1-703-232-9015

Your contact details will only be used in connection with this enquiry. Please read our Privacy Policy.

bottom of page