Do I need to be an existing managed IT customer to get incident response?

No. We provide emergency incident response to non-managed clients, though response times and capacity are prioritised for existing managed services clients.

Will Vertex9 help with ICO and GDPR breach notification?

Yes. Where a breach meets the GDPR threshold for ICO notification (within 72 hours of discovery), Vertex9 can assist with drafting and submitting the notification alongside our containment and recovery work.

🚨24/7 Incident Response

Cyber Incident Response & Ransomware Recovery

Q: How quickly can Vertex9 respond to a cyber incident?

Vertex9 targets a 15-minute initial response for active incidents reported via our emergency line (020 3633 9124), 24/7/365. Response times may vary depending on the nature and scale of the incident.

Q: What information should I have ready when I call?

If possible: when you first noticed the issue, what systems are affected, whether you have active backups, what security tools are in place, and whether any data may have been exfiltrated. If you don't know, call anyway — our engineers will guide you.

When systems go down, data is encrypted or a breach is suspected — every minute counts. Vertex9's incident response capability is designed to contain, recover and harden, fast.

📞 Call Emergency Line Submit Incident Report

15-min

target first response

for active incidents

24/7

365 days a year

no blackout periods

72hrs

GDPR breach window

ICO notification deadline

engineers only

no offshore handoffs

What Counts as a Cyber Incident?

If any of the following are happening (or suspected), contact us immediately — do not wait to be certain:

⚠

Ransomware

Files encrypted, ransom note displayed, systems inaccessible

⚠

Data Breach

Suspected or confirmed unauthorised access to personal or sensitive data

⚠

Account Compromise

Unusual email activity, sent emails you didn’t send, login from unknown locations

⚠

Malware / Intrusion

Antivirus alerts, unusual network traffic, unexplained system behaviour

⚠

Business Email Compromise

Fraudulent invoice requests, CEO impersonation, supplier email spoofing

⚠

DDoS Attack

Website or services suddenly unavailable, unusually high network traffic

Our Response Process

Six phases from first contact to hardened, recovered systems.

Minutes 0–15

Detection & Triage

Engineer picks up, assesses severity and scope. Initial advice given immediately. Remote access established to affected systems where possible.

Hours 0–2

Containment

Isolate affected systems from the network to prevent lateral movement. Preserve evidence for forensic analysis. Identify the attack vector and active threat actors.

Hours 2–24

Eradication

Remove malware, ransomware and attacker persistence mechanisms. Patch or mitigate the exploited vulnerability. Verify clean state before reconnecting systems.

Hours 24–72

Recovery

Restore systems and data from clean backups. Rebuild where necessary. Verify business functionality is restored and monitoring is active.

Days 1–7

GDPR & Regulatory Notification

Assess breach notification obligations. Where required, assist with ICO notification within the 72-hour window and any affected data subject notifications.

Post-Incident

Post-Incident Analysis & Hardening

Root cause analysis report. Remediation roadmap to prevent recurrence. Implementation of missing controls — EDR, MFA, patch management, awareness training.

Incident Response Services

What Vertex9 can do when an incident occurs.

🔒

Ransomware Response

Contain the spread, assess encryption scope, advise on recovery options and restore from backups where available. We do not recommend paying ransoms.

📄

Data Breach Containment

Identify what data was accessed, by whom and how. Preserve forensic evidence and assess GDPR/ICO notification requirements on your behalf.

📧

Business Email Compromise

Secure compromised email accounts, revoke attacker access tokens, review mail flow rules and identify any financial fraud attempts.

🔌

Network Intrusion Response

Identify compromised systems and accounts, isolate the affected network segment and remove attacker persistence before recovery begins.

📊

Forensic Investigation

Preserve logs and system images for forensic analysis. Identify attack timeline, entry point and data exfiltration scope — critical for regulatory reporting.

👴

ICO & GDPR Notification

Assess whether ICO notification is required. Draft and submit notification within the 72-hour window. Advise on affected data subject communications. See IT Compliance.

⚠ GDPR: You Have 72 Hours

Under UK GDPR, organisations must notify the ICO within 72 hours of becoming aware of a personal data breach that poses a risk to individuals' rights and freedoms. The clock starts when you discover the breach — not when the attack began.

Vertex9 can help assess whether a breach meets the notification threshold and assist with the ICO submission. Learn more on our IT Compliance page or read our NIS2 & UK compliance guide.

Retained MSSP vs Emergency-Only

We respond to both — but the difference in outcome is significant.

Factor	Managed Services Client	Emergency-Only
Response priority	Priority	Best effort
Environment familiarity	Full knowledge	Starting blind
Incident prevention	Proactive monitoring	Reactive only
Backup & recovery state	Managed & tested	Unknown
Cost during incident	Included in SLA	Charged separately

Incident response for managed clients is included in the Professional and Enterprise packages. See our pricing page for details.

Incident Response FAQs

How quickly can Vertex9 respond to a cyber incident?

We target a 15-minute initial response for active incidents reported via our emergency line (020 3633 9124), available 24/7/365. Managed services clients receive priority response within their SLA. Emergency-only callers are served on a best-effort basis subject to engineer availability.

Do I need to be a Vertex9 managed IT customer?

No. We provide emergency incident response to non-managed clients. However, response times and capacity are prioritised for existing managed services clients, who also benefit from our existing familiarity with their environment — which significantly speeds up containment and recovery.

What information should I have ready when I call?

If possible: when you first noticed the issue, which systems are affected, whether you have active backups, what security tools are in place, and whether any data may have been taken. If you don't know — call anyway. Our engineers will guide you through the initial assessment on the phone.

Will Vertex9 handle the ICO / GDPR notification?

Yes. Where a breach meets the GDPR threshold for ICO notification, Vertex9 can assist with drafting and submitting the notification alongside our technical containment and recovery work. We will assess the notification obligation as part of the forensic review. Learn more on our IT Compliance page.

How do I prevent future incidents?

Post-incident, Vertex9 provides a hardening plan addressing the specific root cause of your incident. Longer-term, our managed IT and cybersecurity services provide proactive monitoring, EDR, patch management, Cyber Essentials and staff awareness training — reducing incident risk substantially.

Active Incident? Call Now.

Available 24 hours a day, 7 days a week, 365 days a year.

020 3633 9124

Or submit an incident report online if you need non-urgent assistance.

Submit Incident Report