24/7 Incident Hotline

Cyber incident?
Call now.

Q: What should I do first if I suspect a cyber incident?

Call +31 (0)88 733 13 37 immediately. Do not power down affected systems (volatile evidence is lost) but isolate them from the network. Document what you observe and when. Our CSIRT coordinator will take charge within minutes and guide you through the first steps.

Q: What happens after I call?

Our CSIRT coordinator picks up within minutes (24/7, 365 days). You get an immediate first triage: how serious is it, what needs to happen now, which team takes the case. Retainer clients get our DFIR team on the case within 2 hours; without a retainer, mobilisation is typically within 4-8 hours.

Q: What does incident response cost without a retainer?

We charge on an hourly basis with a fixed mobilisation minimum. An average ransomware incident costs €25,000 to €150,000 in IR work depending on complexity and duration. A retainer client pays a fixed hourly rate and gets priority response.

Q: Do you work with our cyber insurer?

Yes. DEFION is known to the major Dutch and EU cyber insurers. We deliver reporting in the format insurers accept. Chain-of-custody, technical analysis and cost substantiation. Where helpful we coordinate directly with the claims handler.

Q: Do you come on-site or only work remotely?

Both. DEFION has offices in Zoetermeer and Barcelona and can be on-site anywhere in Europe. For air-gapped or strictly segmented environments (OT, defence, critical infrastructure) physical presence is often required. We are equipped for that.

Q: What if it turns out not to be an incident after all?

Better to call once for nothing than once too late. We only charge for work performed; a phone triage without follow-up is free. When in doubt: call.

A CSIRT coordinator answers within minutes. 24 hours a day, 365 days a year, across Europe. With a retainer: contractual response within 2 hours.

Do not power down affected systems. Volatile evidence is lost. Isolate them from the network and call us.

Netherlands · 24/7

+31 (0)88 733 13 37

CSIRT Zoetermeer

Spain · 24/7

+34 932 546 277

CSIRT Barcelona

Or email [email protected]. Reply within 30 minutes.

Contractual SLA guarantees (retainer)

< 2h

Retainer response

From call to DFIR team on the case

< 30 min

First triage

CSIRT coordinator within minutes

24/7

Coverage

365 days, holidays included

Geographic coverage

NL, ES and all of Europe, on-site

What is 24/7 Incident Response?

24/7 Incident Response is immediate help during a cyber incident. Ransomware, data breach, business email compromise or a suspicion of compromise. DEFION's CSIRT team in Zoetermeer and Barcelona is reachable day and night via hotline and email. Our coordinator picks up within minutes, performs immediate triage and mobilises the right team. Retainer clients have a contractual 2-hour response. Without a retainer, mobilisation depends on availability and is typically within 4-8 hours. We work alongside your internal IT, security and legal teams. And with your insurer when relevant.

Sound familiar?

Why you want this number in your phone

During a real incident, every minute is money

Ransomware spreads exponentially. For every hour you start containment later, the attacker encrypts more systems. The difference between responding in hours and responding in days is often the difference between one department being down and the entire organisation.

Finding an unknown vendor mid-crisis is a disaster

Anyone trying to contract an IR firm without a retainer in the middle of an incident has a second crisis. Negotiating scope, price, NDA and access takes days you do not have. And you have no idea who you are letting in.

Wrong actions destroy evidence

Powering systems down erases RAM and with it active sessions, malware and credentials. Logs roll over. Insurers and police require forensic evidence that holds up. Anyone working without protocol loses both the claim and the case.

Our Approach

What happens after you call

No hold music, no ticket system, no "we'll call you back". Our CSIRT coordinator answers and gets to work immediately.

Triage within minutes

Our coordinator answers, maps the situation and gives immediate first guidance: what to do and not do, who to inform, how to preserve evidence.

Containment and forensics

The DFIR team starts containment to halt spread and runs forensic investigation in parallel to determine scope and root cause. Coordination with your IT, legal team and insurer.

Recovery and lessons learned

Systems back into production safely, vulnerabilities closed, monitoring strengthened. Final report for management, insurer and regulator if relevant. Recommendations to prevent recurrence.

Certified and recognised

ISO 27001

SOC 2

TF-CSIRT

Microsoft Partner

CrowdStrike Partner

Frequently Asked Questions

FAQ

What should I do first if I suspect a cyber incident?

Call +31 (0)88 733 13 37 immediately. Do not power down affected systems (volatile evidence is lost) but isolate them from the network. Document what you observe and when. Our CSIRT coordinator will take charge within minutes and guide you through the first steps.

What happens after I call?

Our CSIRT coordinator picks up within minutes (24/7, 365 days). You get an immediate first triage: how serious is it, what needs to happen now, which team takes the case. Retainer clients get our DFIR team on the case within 2 hours; without a retainer, mobilisation is typically within 4-8 hours.

What does incident response cost without a retainer?

We charge on an hourly basis with a fixed mobilisation minimum. An average ransomware incident costs €25,000 to €150,000 in IR work depending on complexity and duration. A retainer client pays a fixed hourly rate and gets priority response.

Do you work with our cyber insurer?

Yes. DEFION is known to the major Dutch and EU cyber insurers. We deliver reporting in the format insurers accept. Chain-of-custody, technical analysis and cost substantiation. Where helpful we coordinate directly with the claims handler.

Do you come on-site or only work remotely?

Both. DEFION has offices in Zoetermeer and Barcelona and can be on-site anywhere in Europe. For air-gapped or strictly segmented environments (OT, defence, critical infrastructure) physical presence is often required. We are equipped for that.

What if it turns out not to be an incident after all?

Better to call once for nothing than once too late. We only charge for work performed; a phone triage without follow-up is free. When in doubt: call.

Don't wait. Call now.

24/7 available in NL and ES. Better to call once for nothing than once too late.

+31 (0)88 733 13 37 (NL) +34 932 546 277 (ES)

Or email [email protected]

No incident, but need a retainer or readiness? View Incident Response Retainer →

Cyber incident?Call now.