Login to profile

First NCSC Cyber Incident Response Level 2 Assured Service Providers announced

15 August 2023

We are delighted to announce the first six Assured Service Providers for the NCSC Cyber Incident Response Level 2 scheme – CREST members Bridewell Consulting, CYSIAM, LRQA Nettitude, NCC Group, Quorum Cyber, and WithSecure.

The NCSC recently announced a change to their assured Cyber Incident Response (CIR) scheme, introducing a new level. From now on, companies assured to offer CIR services will be designated Level 1 or Level 2, meaning that more companies will be able to provide high-quality incident response services to a wider range and larger number of victim organisations across the UK.

CIR companies are assured to support organisations to investigate and recover from a cyber-attack, as well as make recommendations on how to prevent attacks in the future.

Until now, the CIR scheme has focused on assuring companies that can provide incident response services to organisations running networks of national significance, such as central government, critical national infrastructure (CNI) organisations and regulated industries. These organisations are at particular risk of targeted and complex attacks by nation-state actors.

All Level 1 Assured Service Providers are capable of dealing with all types of cyber incident for all types of organisations. Level 2 companies are assessed as capable of supporting most organisations with common cyber attacks, such as ransomware. This includes private sector organisations outside of CNI sectors, charities, local authorities and smaller public sector organisations. 

Speaking about the new scheme, Chris Ensor, Deputy Director of Cyber Growth at the NCSC, said: “Falling victim to a cyber attack is really stressful. Finding someone with the skills and knowledge to help can also be hard, if, like many, you are not familiar with the cyber security world. For many years, we have Assured Cyber Incident Response services for organisations targeted by the most sophisticated threat actors. 

I am really pleased that we can now assure a similar service for any organisations affected by criminal threat actors, a service that will be good enough for the majority of incidents that smaller organisations face. The NCSC badge will give confidence that the company they use has the right expertise to help them.” 

“The NCSC’s Cyber Incident Response (CIR) scheme is designed to help cyber-attack victims find reliable providers of incident response services. Aimed initially at those organisations targeted by the most sophisticated threat actors, the scheme’s Level 2 expansion now includes organisations of all sizes. We are proud to be the first delivery partner for the scheme.” Said Nick Benson, CEO of CREST. “We congratulate our members for becoming the first Level 2 NCSC CIR Assured Service Providers. This reflects their ability to help private sector organisations, charities, local governments, and smaller public sector organisations recover from cyber-attack. And gives buyers the confidence that they have the necessary capabilities to help them.”

Find a CREST CIR L2 Assured Service Provider

Read more about the scheme and how to apply


CREST is a not-for-profit accreditation and certification body representing the technical information security industry. CREST provides internationally recognised accreditations for organisations providing technical security services and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence and security operations centre (SOC) services. CREST Member companies undergo regular and stringent assessment, whilst CREST certified individuals undertake rigorous examinations to demonstrate the highest levels of knowledge, skill and competence. To ensure currency of knowledge in fast changing technical security environments the certification process is repeated every three years.

For more information on CREST: www.crest-approved.org

For media enquiries contact: Allie Andrews, [email protected]