Emergency Plan For Your Cybersecurity

In many areas of our lives, we have a plan ready for the worst-case scenario. Why should cybersecurity be any different? We evaluate your preparedness to respond to cyber attacks with a readiness assessment and, if necessary, create an effective emergency plan tailored to your company. If a successful attack against your company does occur, we are at your side as an incident response team within the shortest possible time. You can have this support guaranteed with an Incident Response Retainer, which ensures that our incident response team is ready for you 24/7 and you are immediately connected with our experts, without going through a hotline.

The Oneconsult International Computer Security Incident Response Team (OCINT-CSIRT) provides expert support for ransomware and hacker attacks. We are available around the clock to assist you with security incidents. We coordinate all involved parties and accompany teams in this challenging situation. No matter if IT/OT team, crisis team, management, or the board of directors.

As a preventative measure, we test your security team’s ability to react with practical and therefore realistic exercise scenarios for various target groups, from the IT team to crisis management exercises with all stakeholders involved. In addition, we train your employees for the emergency case of a cybersecurity incident. Oneconsult is your “Cyber Fire Brigade”, so that you can get back to your daily business.

Your Advantages at a Glance

  • Swift response to security incidents
  • 24/7 access to expertise and experience
  • Guaranteed discretion
  • Effective coordination of all partners
  • Experts specializing in major incidents and crises
  • Minimizing the impact of attacks
  • Mitigation of reputational risks
  • Appropriate communication at all levels
  • Compliance with legal requirements

Our Incident Response Services

Incident Response Retainer

Can you respond to cyber attacks around the clock? Discover our Incident Response Retainer (IRR) and secure the competent support of our experts – 24/7, 365 days a year.

Digital Forensics & Incident Response Readiness Assessment

How well is your organization prepared for cyber attacks? Discover our Digital Forensics & Incident Response (DFIR) Readiness Assessment to uncover weaknesses and gaps in your processes, documents and tools.

Incident Response Plan

Prepared for an emergency? We develop a customized incident response plan for you based on international standards and your individual requirements.

Incident Response Plan Review

Can your incident response plan cope with a major incident or even a cyber crisis? Our experts will review it and help you optimize.

Incident Response Exercise

What happens if you become the target of a cyber attack? Test your team’s response capabilities in a tabletop exercise or simulation and find out how you can improve them.

Incident Response Playbooks

Defined processes are crucial for successfully dealing with cyber attacks. Use our detailed Incident Response Playbooks for efficient responses to common and critical incidents.

Microsoft 365 Threat Hunting

Do you really know what is going on in your Microsoft 365 and Azure Active Directory? Our Threat Hunting Service reveals previously undetected security incidents and helps to identify suspicious activities at an early stage.

Our Incident Response Approach

We accompany you before, during and after a cyber incident – so that you can fully protect your company.

Oneconsult Incident Response Plan ENG

After completion of the assignment, you will receive a customized final report, which will contain the following information:

  • Initial situation
  • Management summary
  • Documentation of the incident response assignment
  • Findings and facts from the forensic investigation
  • Recommendations to prevent reoccurrence and improve technical and organizational measures

The incident is discussed in a joint lessons-learned meeting (retrospective / post-mortem analysis) in order to identify opportunities for improvement.

Why Oneconsult Is Your Specialist for Incident Response

  • We have been offering Incident Response and Digital Forensics as our core competence for over 15 years.
  • Our incident response team has the most recognized certifications in the field of Incident Response & Digital Forensics: GCFA, GCFE, GDAT, GNFA, GREM, GCIH and more!
  • The Oneconsult International Computer Security Incident Response Team (OCINT-CSIRT) is available around the clock (24 h x 365 days).
  • Since 2019, we are a full member of FIRST (Forum of Incident Response and Security Teams).
  • We use international standards and methods to manage and investigate cybersecurity incidents: ISO/IEC 27035, ISO/IEC 27037 and other ISO/IEC standards as well as NIST SP 800-61, NIST SP 800-101 and many more.
  • Our satisfied and long-standing customers are the best proof of our service quality.

Get a Incident Response Quote Now

Frequently Asked Questions (FAQs) About Incident Response

In the event of a crisis, Oneconsult International Computer Security Incident Response Team (OCINT-CSIRT) assesses the situation in a joint meeting. Together with you, we define the objective and the necessary immediate measures before initiating the incident response. If this contributes to the efficient management of the situation, Oneconsult employees will also visit you on site. Working closely together, we get the incident under control, develop a strategy, and implement it. At the same time, OCINT-CSIRT specialists carry out an investigation into the incident and provide the information that is essential to successfully manage it. In this way, we ensure that you can return to normalcy as quickly as possible.

The duration of an incident response assignment depends on the type and the extent of the incident. Simple incidents can be resolved within a few hours or days, while more serious incidents can take weeks or even months. Response time and practical experience in dealing with such incidents are particularly important aspects of timely incident resolution. Fast and targeted action is crucial to stop the spread of damage, limit the damage, and resume normal operations as quickly as possible. A well-prepared incident response team as well as clear procedures and defined roles can help to deal with an incident efficiently and shorten the duration.

The duration of the incident response assignment varies depending on the type and scope of the incident. Simpler incidents may be resolved within a few hours or days, while the investigation and recovery may take weeks or even months in more complex cases. However, reaction time is an important aspect of incident response. Quick action is critical to stop the propagation of the damage, contain it, and restore operations as quickly as possible. A well-prepared incident response team as well as clear procedures and defined roles can help shorten the incident response time and manage the incident efficiently.

Confirmed by Our Statistics

Every day, companies around the world rely on our expertise. This is confirmed by our statistics in addition to our long-standing customers.


Incident Response 


SMEs accompanied


Large-scale operations

Don’t miss anything! Subscribe to our free newsletter.

Your security is our top priority – our specialists provide you with professional support.

Availability Monday to Friday 8:00 a.m. – 6:00 p.m (exception: customers with SLA – please call the 24/7 IRR emergency number).

Private individuals please contact your trusted IT service provider or the local police station.

For more information about our DFIR services here:

Add CSIRT to contacts