Help with cyber attacks

Our team of experts provides support in the event of cyber attacks. Remotely or on site. Around the clock.

Help with cyber attacks

Help with cyber attacks

Ad-Hoc Incident Response Team

Cyber attack?

We help. 24/7. With all your questions.

For immediate assistance in the event of a security incident, contact our team of experts directly.

What to do in case of a cyber attack?

In the event of a security incident or cyber attack, a targeted and timely response is essential. Appropriate immediate measures must be taken to prevent financial damage and loss of reputation. The successful investigation of an incident also depends on the rapid and careful securing of the right evidence for a forensic investigation.

The following basic rules of conduct apply in an emergency:

Stop working on the affected system

Document observations

Take action as instructed


Our Incident Response Team supports you in acute security incidents – remotely or on site.

What happens during an incident response?

  • You detect a security incident and contact us at. We record the incident and provide initial advice. We arrange a triage call for further coordination.
  • Our Incident Response Team holds a triage meeting with all relevant parties on your side. Together, we assess and document the situation, clarify detailed questions and discuss the next steps and immediate measures.
  • While handling the incident, our team provides support with tactical and technical challenges such as IT forensics, business continuity, crisis communication, legal advice and recovery.
  • After the incident, we summarise the events, response measures and investigation results in a written report. If necessary, additional follow-up activities are initiated to strengthen your organisation.

Immediate support in an emergency – remotely or on site

Speak to a member of our Incident Response Team now.

Benefits of BDO Cyber Security

Proven incident response process

Our team of experts has many years of experience in the treatment of security incidents and cyber attacks. Our proven incident response process ensures that restoring your business operations is a top priority, while also enabling comprehensive analysis and implementation of improvement measures. You can rely on our expertise.


Fast and comprehensive response – everything from a single source

As one of the largest Incident Response Teams in Germany, we put together an interdisciplinary project team for every emergency that provides you with fast and targeted support, either remotely or on site. Whether you need emergency management, crisis communication, data protection or legal advice, our excellent national and international network enables us to offer you the resources you need.

Comprehensive investigation of the incident

During the forensic investigation, we clarify how the attackers gained access to your network, what changes they made, what measures are now necessary, and discuss any other investigative questions that are important to you.

Our findings are prepared and presented in a manner appropriate to the target audience. We are also very familiar with the requirements of cyber insurance companies and authorities and can therefore respond to them in a targeted manner. We summarise all the opportunities for improvement that we identify during our assignments in a structured and detailed manner. We are then happy to assist you  with the planning and implementation of these measures.

Trusted Advisor

As a trusted cyber advisor, we are at your side before, during and after a security incident. 

We advise and support you in implementing effective security standards and designing sustainable security strategies. With us, you cover all the building blocks of modern cyber security, from high-level organisation to specific technical implementations.

Verified security.


Q&A on the emergency hotline

Our hotline is aimed at companies , public authorities and organisations of all sizes and from all sectors. The hotline puts you in direct contact with our team of experts, who will help you record your incident and take initial measures.

  • Are you a German citizen affected by an IT security incident? Then it is best to contact the free hotline of the Cybersecurity Network (+49 800-274 1000) or a digital first responder. You can find more information here.

In an emergency, every minute counts – so contact us immediately at the first sign of an attack. You can reach our experts directly via our hotline – around the clock, 365 days a year.

Most importantly: stay calm. As soon as you notice suspicious behaviour on a system, you should immediately stop working on that system. It is important not to shut down the system under any circumstances , as this will result in the loss of important information. All anomalies should be documented, preferably by hand or with photographs. You should also inform all relevant parties and follow internal processes.

The call to the hotline is free of charge. The conditions for the subsequent incident processing will be agreed with you individually.

We are here to assist you with the following services:

Technical measures:

  • Immediate measures for incident handling
  • Digital forensics
  • Malware analysis
  • Restoration of your systems
  • Incident handling
  • Threat intelligence

Organisational measures:

  • Emergency management
  • Crisis communication
  • Advice on reporting obligations
  • Business continuity
  • Legal advice*
  • Data protection advice*

* These services are offered in cooperation with partner companies.

Our experts accompany you from the very beginning on the entire path back to normal operations.

  • Contain: The first step is to determine the extent of the incident. This assessment forms the basis for further measures and decisions. During incident response, the assessment of the extent of the damage and the affected systems and areas is regularly updated.
  • Isolate: Together with you, our Incident Response Team will develop initial measures to contain the spread of the incident and isolate affected systems. The aim of these measures is to prevent further damage and, if necessary, to be able to continue operating parts of the business (at least to a limited extent).
  • Emergency operation: In order to minimise financial damage, alternative operating models for resuming or maintaining value creation are designed and implemented at an early stage. These may include manual processes, emergency IT systems or outsourcing to other locations.
  • Eradication & recovery: Once the parallel investigation of the incident has yielded initial findings, a strategy for recovery can be designed. Systems are rebuilt, security and improvement measures are implemented, data backups are imported, and systems are tested and cleaned up.
  • Transition to normal operation: During the reconstruction phase, emergency solutions and systems that have already been restored and cleaned up are operated in parallel. In the transition phase to normal operation, all interim solutions and emergency processes must be dismantled and further security measures implemented for the future.

Your contact persons

Tobias Kasch

Tobias Kasch

Senior Manager, Incident Response
View bio

Emergency? Quick action is required!

Every hour of delay jeopardises the survival of your company. Talk to a member of our Incident Response Team now.

Sprechen Sie jetzt mit einem Mitglied unseres Incident Response Teams.