The NCSC and the ICO may work on a cyber attack together if an incident brings down a business, severely impacts national services and infrastructure or massively disrupts people's data-to-day lives, however they consider that a large number of attacks may go unreported. The article talks about a number of myths:
Myth 1 - If I cover up an attack everything will be OK - of course it won't. Every successful cyber attack that is hushed up, with no investigation or information sharing, makes other attacks more likely because no one learns from it. Keeping your cyber incident a secret doesn't help anyone except the criminals.
Myth 2 - Reporting to the authorities makes it more likely the incident will go public. Your confidentiality will be respected and both the NCSC and ICO don't proactively make information public, or share it with regulators without your consent. Remember your regulatory responsibilities.
Myth 3 - Paying the ransom quickly to get the decryption key and restore services doesn't always help.
Myth 4 - I've got offline backups, I won't need to pay a ransom.
Myth 5 - If there is no evidence of data theft, you don't need to report to the ICO. You should always start from the assumption that it has been taken.
Myth 6 - You'll only get a fine if your data is leaked. This isn't necessarily the case. A personal data breach is more than just a loss of data.
The full report is here: Why more transparency around cyber attacks is a good thing for everyone
We would always encourage staff to report any cyber attacks and data breaches. Visit our Information & Cyber Security Best Practice Library for support and guidance. Raise awareness with staff through training, posters and discussion. Having a 'no blame' culture will encourage staff to report issues.
Ensure you have a Cyber Response Plan: Cyber Response Processes.
What to do in the event of a cyber attack?
Tell someone! Report to IT. Report to SLT.
Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off.
If you are a victim of a ransomware attack we would recommend reporting this to Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss. Most cyber crimes like these will also need to be reported to the ICO by your data protection officer.
Isolate the infected device and pass to IT
Always ensure there are backups you can restore from.