incident response
Products and Services PRODUCTS & SERVICES

Sophos Incident Response achieves NCSC Certified Incident Response (CIR) Level 2 status

I am delighted to announce that the Sophos Incident Response service has been awarded U.K.’s National Cyber Security Centre (NCSC) Cyber Incident Response (CIR) Level 2 status by CREST. This assurance confirms that amid the sophisticated cybersecurity threat landscape, Sophos has the experience and capabilities to deal with incidents caused by financially motivated criminals, such as business email compromise (BEC) attacks and ransomware.

Part of the U.K.’s intelligence and cyber agency, Government Communications Headquarters (GCHQ), the NCSC provides support to the public and private sector to tackle and minimize the impact of security threats. CIR Level 2 accredited organizations must have the capability to support cyber incident response for most private sector organizations, including smaller public sector organizations, charities, local authorities, and organizations that predominantly operate in the UK.

Commenting on the award, Rowland Johnson, President of CREST said:

As a delivery partner for the NCSC’s Cyber Incident Response (Level 2) scheme, we are delighted to congratulate Sophos for gaining Assured Service Provider status. This means Sophos has been assessed as capable of supporting most organizations with common cyberattacks, such as ransomware. It provides valuable assurance to buyers of the high quality of Sophos’ incident response services.

The threat landscape is constantly shifting, and cybercriminals are continually refining their tactics and tools to inflict damage. In our latest 2024 Threat Report, we uncovered that the number of ransomware attacks that involved remote encryption increased by 62% in the last year, making it increasingly challenging for defenders to keep organizations safe. As Peter Mackenzie, Director of Incident Response, Sophos, explains:

This accreditation is a real testament to Sophos’ Incident Response work fighting adversaries who are responsible for ransomware, malware, exploits, phishing and a wide range of other sophisticated cyberthreats to rescue organizations in the heat of active attack recover faster.

Achieving the Level 2 Certified Incident Response (CIR) certification is a major milestone for Sophos, affirming that our expert incident responders are able to deliver vital support to organizations experiencing a major cyber incident. Public and private sector organizations – and the partners and MSPs that support them – can enjoy the peace of mind that the Sophos team is here to assist whenever and wherever they need us.

Available whenever you need us

Sophos Incident Response is available for any organization (including non-Sophos users) that is experiencing an active cyber incident. Optionally, you can prepare in advance with our Incident Response retainer.

To learn more about the service, visit If you require immediate assistance, call your regional number below at any time to speak with one of our Incident Advisors.

  •  Australia: +61 272084454
  • Austria: +43 73265575520
  • Canada: +1 7785897255
  • France: +33 186539880
  • Germany: +49 61171186766
  • Italy: +39 0294752897
  • Netherlands: +31 162708600
  • Spain: +34 913758065
  • Sweden: +46 858400610
  • Switzerland: +41 445152286
  • United Kingdom: +44 1235635329
  • USA: +1 4087461064

Leave a Reply

Your email address will not be published. Required fields are marked *