Businesses contacted by the National Cyber Security Centre (NCSC) are mistaking the intelligence agency staff for pranksters.
The NCSC, which opened as the defensive arm of GCHQ in 2016, contacts organisations following cyber security breaches and attacks to confirm details and offer advice.
A number of organisations which have suffered security incidents have mistaken these contacts and failed to engage with the agency, Sky News has learned.
When the agency opened, the deputy director for its incident management directorate, Peter Yapp, explained the environment around its outreach work to businesses.
“If something [regarding a cyber incident and your company] breaks in the press, I’ll get a call from someone in government,” Mr Yapp was quoted in The Register, before adding that he would be expected to explain to government what the incident meant.
“If you haven’t phoned me and told me about it, I will phone you,” he added.
These kinds of contacts are being treated with suspicion, according to individuals with knowledge of the outreach efforts, who said the intelligence agency’s staff had been accused of being pranksters.
These mistakes were especially understandable following security incidents, Sky sources added, when criminals can often attempt to take advantage of the confusion.
Businesses which have been contacted by the agency are encouraged to use the Contact Validation tool on the ncsc.gov.uk website which allows them to confirm the identity of the staff member.
A number of organisations first encountered NCSC during and just after the WannaCry attack which hit the NHS last year and led to almost 20,000 hospital appointments and operations being cancelled.
NCSC aims to offer both the public and private sector incident response advice as British businesses continue to be hit by more online attacks than ever before.
Sky sources noted that the situation is improving as the agency works on building a recognisable brand as a resource for providing cyber security advice.
A spokesperson for NCSC told Sky News: “As the UK’s authority on cyber security, we are committed to providing effective incident response to minimise harm and provide expert advice and guidance when needed.
“On occasions when NCSC technical experts contact organisations about cyber incidents, we provide them with the option to confirm the caller’s identity via the NCSC website.
“Our Contact Validation gives reassurance to our customers and ensures best practice in keeping the UK’s digital communities the safest place to live and work online.”