Everything You Ever Wanted to Know About the NCSC’s “Early Warning” System

Early Warning System

Executive Summary

  • The National Cyber Security Centre’s (NCSC) “Early Warning” system is a free service provided by the government which helps organisations become aware of potential cyber security breaches as early as possible.

  • As the name suggests, Early Warning is designed to alert businesses to threats before they can do any significant damage to company systems or compromise sensitive data.

  • The Early Warning system operates using several tiers of notifications for cyber security incidents, network abuse events, and vulnerable open ports.


Here’s a question: how soon do you think you’d discover a cyber attack on your business?

According to some statistics, over 50% of cyber attacks actually get through without being detected at all – at least until the damage is done.

Luckily, at least for UK businesses, there is an answer and – perhaps surprisingly – it’s totally free and funded by the government.

No, you aren’t dreaming, because it’s entirely in the UK government’s interest to protect businesses from cyberattacks – and the consequential knock to the economy the ripple effect might create.

Here’s what UK businesses should know about the NCSC’s Early Warning system.

What is the NCSC’s Early Warning system?

It’s only natural that the government would have access to cyber security protection systems which dwarf those available to small businesses. With NCSC’s Early Warning system, you can tap into the monitoring power of the UK government, giving you instant notifications about potential breaches into your company’s network.

The Early Warning system effectively taps into a feed of internet events sourced from various locations including public, commercial, and private sources. Millions of events are logged in the system, and any business registered with Early Warning can be notified when either their IP address or website domain name is compromised or targeted as part of a cyberattack.

Early Warning currently sends three types of notifications to a specific contact at the business, the email address for whom is provided when the company signs up for Early Warning:

  • Incident notifications lets the business know that Early Warning has detected a high likelihood of an ‘active compromise’ of their systems.
  • Network abuse events mean that the company’s assets (e.g. a computer on their network) has been used as part of malicious activity. This might occur following a botnet infection, for example.
  • Vulnerability and open port alerts indicate that a business has potentially vulnerable services or applications actively running or exposed on their network. For example, outdated operating systems with well-known exploits.

How Early Warning works (in plain English)

Early Warning operates using a network of feeds which are populated by cyber security researchers across the world.

These researchers monitor and track cyber security threats and ongoing events, then populate these feeds which connect to the Early Warning system. The NCSC collates all of the feeds it receives from its cyber security partners and runs monitoring using filters based on information provided by any business registered with the service. As long as a business has taken a few minutes to sign up to the free NCSC Early Warning service, they’ll receive an alert long before many on-premises cyber security systems would detect the threat.

So what happens when the NCSC actually detects an active threat within its network of cyber security monitoring feeds?

Well, once the Early Warning system is notified of a potential breach via one of its feeds, the system will check for either an IP address or domain name (web address) within its database of registered businesses. If there’s a match, it sends one of the notifications we covered above to alert the business that mitigation measures may be required to secure the network.

Alerts can be sent on either a daily or weekly basis depending on the severity of the threat, so that incident and network abuse notifications are sent daily, while open port alerts are sent weekly.

How can UK businesses sign up for NCSC Early Warning notifications?

One of the best things about the NCSC Early Warning system is that it’s entirely free to register, so there’s not really any reason not to.

Not only that, but anyone can sign up for Early Warning alerts using just the following details:

  • A registered account for NCSC Single Sign On. These are free accounts which take a couple of minutes to create.
  • The name of your organisation.
  • The public IP addresses and domain names for your website.
  • The name and email address of the contact(s) you’d like your NCSC Early Warning alerts to go to.

To actually start the process and get signed up, just visit the NCSC Early Warning website now and enter the required details above.

Before you sign up, however, it’s important to note – just as the NCSC does – that Early Warning should not be used as a replacement for proper cyber security policies and measures. Instead, Early Warning should be considered another string to your security bow. It should complement any existing cyber security measures and policies you have in place, such as the deployment of an Endpoint Detection and Response system or other security-focused tactics such as Multi-Factor Authentication.  

Want to work with the cyber security experts?

Here at Get Support, we’ve spent over two decades working with businesses of all sizes across the UK.

In that time, we’ve helped companies defend against and recover from a range of cyber security issues. All of that experience has made our IT support team genuine experts in the field.

So, if setting up NCSC’s Early Warning system sounds a bit on the complicated side, or you just need it explaining in the context of your specific business, why not ask us for a helping hand?

To talk to our IT support experts today, just call us on 01865 594 000 or fill in the form at the bottom of the page.

Latest From The Blog

New Microsoft Bookings

365 Feature Focus: The All-New Microsoft Bookings

Microsoft Bookings is designed to make the arrangement of customer appointments simple and straightforward. In 2021, Microsoft gave the app a new facelift, enhancing some features and adding some new ones. Here’s what you need to know.
On-Site Vs Remote IT Support

On-Site vs. Remote IT Support: Which is Right for Your Business?

With more businesses working from home or going the hybrid route, having a dedicated IT support team on site might not be the best option for UK companies. Here’s how to decide whether to keep IT support in the office or go remote.
Cyber Security

The UK’s Cyber Essentials Scheme is Changing in 2022. Here’s How

The Cyber Essentials scheme, backed by the UK government, gives businesses the chance to become certified in the fundamentals of cyber security – but it’s not been updated since 2014. In 2022, that’s going to change.