Skip to content

Services, Wiki-Artikel, Blog-Beiträge und Glossar-Einträge durchsuchen

↑↓NavigierenEnterÖffnenESCSchließen
Emergency Hotline

IT Security Incident?
We help immediately.

When ransomware, data breaches, or compromised systems strike, every minute counts. Our certified incident response experts are standing by - by phone, remotely, or on-site.

+49 209 8830 6766 Send a message

Available 24/7 for acute security incidents

Immediate Measures

What you should do right now

Before you call us - these steps help limit the damage:

  1. 1

    Disconnect affected systems from the network immediately

    Unplug network cables, disable Wi-Fi - but do NOT power off devices (evidence preservation).

  2. 2

    Do NOT change passwords on affected systems

    Use a separate, non-compromised device for any password changes.

  3. 3

    Document screenshots and timestamps

    Photograph screen messages with your phone. Note down when the incident was first discovered.

  4. 4

    Call the AWARE7 emergency hotline

    +49 209 8830 6766 - We take it from here.

Incident Response Process

What happens after your call

01 0–15 Min.

Immediate Intake

We gather the most critical information about your organization and the incident - affected systems, scope, and initial indicators.

02 15–60 Min.

Initial Phone Consultation

Our incident response specialists provide first actionable guidance for damage containment - isolating systems, preserving evidence, managing communications.

03 From Hour 1

On-Site or Remote Deployment

Our experts begin forensic analysis, containment, and recovery - remotely or on-site at your location as needed.

04 Ongoing

Recovery & Hardening

We support the secure recovery of your systems, document the incident for authorities and insurers, and harden your infrastructure against follow-up attacks.

Our Areas of Expertise

We respond to every type of security incident

Our incident response team has experience with all common attack scenarios - from ransomware and business email compromise to complex supply chain attacks. Regardless of the incident type, we bring the expertise to respond quickly and systematically.

Call now Schedule a consultation
Ransomware & Encryption
Data Leaks & Exfiltration
Compromised Systems
Business Email Compromise
Insider Threats
DDoS Attacks
Supply Chain Attacks
Digital Forensics

Preparation

Documents you should have ready

The faster you can provide these documents, the more efficiently we can respond.

  • Cyber insurance policy

    Policy number, coverage limits, insurer's hotline, and claim notification form.

  • Network and system documentation

    Network diagram, IP address ranges, server inventory, software and versions in use.

  • IT service provider contracts

    Contact details of hosting providers, managed service providers, cloud vendors, and their SLAs.

  • Backup documentation

    Backup locations, timestamp of last backup, recovery procedures.

  • Emergency contact list

    CEO/management, IT leadership, data protection officer, legal department, PR/communications.

Reporting Obligations & Authorities

Official contacts in an emergency

Depending on the incident, there may be legal reporting obligations. We assist you with the coordination.

ZAC North Rhine-Westphalia

Central Cybercrime Contact Point - State Criminal Police NRW

+49 211 939-4040

ZAC Lower Saxony

Central Cybercrime Contact Point - State Criminal Police Lower Saxony

+49 511 9873-6230

BSI - Reporting and Information Portal

Germany's Federal Office for Information Security - incident reporting for organizations (anonymous reporting possible)

bsi.bund.de

BSI IT Emergency Card (printable)

Germany's Federal Office for Information Security (BSI) provides a free IT emergency card - designed to be printed and posted at workstations. It contains the most important behavioral guidelines for employees during an IT security incident.

View BSI IT Emergency Card

Observe legal reporting deadlines

  • GDPR Art. 33: Notification to data protection authority within 72 hours if personal data is affected
  • Critical Infrastructure / NIS-2: Immediate notification to Germany's BSI for significant IT disruptions
  • Cyber insurance: Claim notification per policy terms - typically within 24–48 hours

Your Advantages

Why AWARE7 in an emergency

Response time under 1 hour

Initial phone assessment and actionable guidance within 60 minutes of your call.

ISO 27001 certified

Our processes and your incident are handled according to certified standards - relevant for insurers, authorities, and business partners.

Experienced specialists

OSCP, OSCE, and GIAC certified pentesters and forensic analysts with experience from hundreds of security projects.

Structured documentation

Comprehensive incident documentation for your cyber insurance, business partners, and regulatory reporting obligations (GDPR, NIS-2).

Based in Germany

Headquartered in Gelsenkirchen, quick on-site availability in NRW and throughout the DACH region. All data stays in Germany.

Prevention after the incident

After resolution, we analyze the attack vector and harden your systems - so the same attack doesn't work twice.

Frequently Asked Questions

Common questions we get asked

How much does an incident response engagement cost?
Costs depend on the scope of the incident - number of affected systems, complexity of the analysis, and duration of the engagement. After the initial phone assessment, we provide a transparent cost estimate. With a retainer agreement, response times and daily rates are agreed upon in advance.
Are you available on weekends and public holidays?
Yes. For acute security incidents, our emergency hotline is available around the clock - including weekends and public holidays. For retainer clients, the agreed SLA response time applies regardless of the day of the week.
Do we need to report the incident to authorities?
This depends on whether personal data is affected (GDPR: 72-hour deadline), whether you qualify as a critical infrastructure operator under NIS-2 (immediate report to Germany's BSI), or whether your cyber insurance requires a claim notification. We clarify this together during the initial assessment and assist with all required reports.
Can you help remotely or do you need to be on-site?
Most incident response measures - forensic analysis, log evaluation, malware analysis, containment - can be conducted remotely. For severe incidents requiring physical access to systems, our experts come on-site. We are quickly available in the NRW region and throughout the DACH area (Germany, Austria, Switzerland) within 24 hours.
What is an incident response retainer and is it worth it?
A retainer is a pre-arranged agreement: you secure guaranteed response times, dedicated contacts, and pre-established processes. In an emergency, there is no need for contract negotiations and we can act immediately. Many cyber insurers require or recommend an IR retainer - this can positively impact your premium.
Does our cyber insurance cover the costs?
Most cyber insurance policies cover incident response costs - often including forensic analysis, recovery, and legal consultation. Have your policy number and insurer's hotline ready. We are familiar with the requirements of major insurers and document the incident in an insurance-compliant manner.

Incident Response Retainer

Be prepared before it happens

With an incident response retainer, you agree in advance on guaranteed response times, dedicated contacts, and pre-established processes. In an emergency, you don't lose valuable time on contract negotiations.

< 4h

Guaranteed response time

Dedicated

Team contacts assigned

Pre-configured

Access & playbooks ready

1x/Year

Incident response drill included

Schedule retainer consultation View all services

Other ways to reach us

Callback service

We call you back at your preferred time

Schedule a meeting

Digital consultation with our experts

Contact form

Leave a message - response within 24h

Cookielose Analyse via Matomo (selbst gehostet, kein Tracking-Cookie). Datenschutzerklärung