top of page

How it works

CyberCare uses investigation and recovery techniques honed by years of first response to thousands of cyber incidents.

Typical cyber incidents

Cybercrime is a low-risk activity for criminals. In 2019 the UK convicted only 57 cybercriminals, and despite cybercrime being a 1.5 trillion dollar industry, most other countries have similar conviction rates. As a result, cybercrime and digital fraud is rife in the business community.

Many businesses are unaware of the risk cybercrime poses to their business; they believe incidents are a ‘black swan’ event. The reality is quite the opposite. As incident responders, we see cybercrime’s prevalence first hand. Here are some of our most common incidents and how we help businesses respond.

Malicious software 

Malware is software designed to disrupt, damage or corrupt a computer system. The most common malware is Ransomware. Ransomware blocks access to a computer system until a sum of money is paid. Malware can be installed by simply clicking on the wrong link, or by a hacker who has breached your systems. We can determine the extent of a malware/ransomware incident, and as experts in containing malware, we can eradicate the infection and recover key systems.

Unauthorised access 

Hacking is the process of gaining unauthorised access to a computer system. Hackers generally aim to get administrator privileges to crucial systems so they can deploy malicious code. Alternatively, they try to access company communications in Business Email Compromise (BEC) attacks in an attempt to divert payments and as a staging post for phishing attacks. Should this occur, we can help investigate and remediate incidents of unauthorised access.

Digital Blackmail
Cyber breaches & extortion

Cybercriminals regularly use stolen data to extort money from an organisation. If a business is being blackmailed, we help determine the data stolen, the method used to extract information, and the negotiation. We also help with containment and eradication of the breach and the recovery of critical business data.


These are just some examples of the potential cyber risks a business can face. 60% of small businesses end up shutting their doors permanently as a result of being hacked. Cyber incident response typically costs businesses up to R225,000. By joining CyberCare, you can get the same world-class incident response for a single per-incident fee of R6,500.

Faulty hardware or network failure
System damage

System damage can result from a hack, faulty hardware or a network failure. As part of our membership, we assist businesses and any 3rd party service providers, to replace, restore or re-collect lost data. We can also help with encrypted, corrupted, or destroyed data resulting from a system damage incident. 

Theft of funds
Cyber-enabled fraud

Cyber fraudsters impersonate employees, clients, or partners to trick businesses out of money. Fraudsters not only target the breached organisation if they have access to communication systems, they will also target customers and partners by issuing fake invoices. If a fraudulent payment occurs, we can provide advice on the recovery of funds. 

Service Disruption
Denial of service

The purpose of a Denial-of-Service (DoS) attacks is to disrupt a server or network, making it inaccessible to its intended users. This is accomplished by flooding the target with traffic or sending it information that triggers the system to crash. Our specialists can help identify DoS attacks, assist with recovery, and advise on mitigation strategies to prevent further incidents. 

Immediate hotline response

How to get help

Our incident reporting process is simple to follow and will guide a business to the fastest remediation. When a cyber incident occurs, members can call our 24/7 incidence response hotline, pay a one time incident fee, and then immediate triage and response will begin.

Call our hotline and provide your subscriber reference

Discuss your reported incident with our specialist

Upon confirmation, our specialist will provide you with call reference information

Complete the incident payment form

Make your ‘per incident’ payment

A specialist will contact you on the number arranged and continue the incident investigation and recovery


Included support

Access to cyber/fraud expert advice on the recovery of stolen funds

Assistance determining the severity of the incident

Computer forensic investigation

Support and guidance for existing IT team

Initial technical triage with remote access

Security testing to determine network vulnerabilities


Incident response as a membership benefit

Only available through partnered associations

We exclusively partner with societies, associations, business groups and affiliation schemes to provide CyberCare as a membership benefit. As such, the service is only available to members or affiliates of these organisations. Please click below to see if you are a member of a group or affiliated to a scheme we already support. 

If you are an organisation that would like to offer its members or scheme affiliates the CyberCare service, please get in touch.


Membership requirements

Our membership is designed to provide future support for small businesses who are not already suffering from an existing incident. As such, we have the following requirements to become and remain a member.

  • The CyberCare service starts 30 days from the date of your first subscription fee payment. If you seek support for an existing or active incident within this timeframe, please contact our non-membership support service STORM Guidance Incident Response.

  • Your business must have less than 20 staff (full-time or part-time)

  • Your annual turnover must be less than R100 million

  • Your business must have it’s own IT specialists, either as staff members or provided by an outsourced IT company to perform remediation activities. Your IT staff do not need digital investigations or incident response skills as our specialists provide this capability. We will also support your own IT specialists with advice and guidance.

It is important to note, should there be any business changes resulting in operations falling outside of the above criteria, your subscription will become invalid. However, organisations from partnered associations who do not meet the above criteria will receive a preferential rate from STORM Guidance Incident Response

Practical help managing cyber incidents

We give business groups and their members the best chance to recover from a cyber incident while protecting them against high incident response fees.

bottom of page