Home / Incident handling

Incident handling

Have you suffered an incident? Contact us

Citizens: Incidencias INCIBE-CERT

Companies: Incidencias INCIBE-CERT

Institutions affiliated with the Spanish academic and research network (RedIRIS): Mailbox of RedIRIS

Critical infrastructure operators: Buzón PIC de INCIBE-CERT

Digital service providers: Incidencias INCIBE-CERT

If you wish, you can also contact us through the following form

In its CERT (Computer Security Response Team) work, INCIBE-CERT provides a service for the cybersecurity incidents reported by citizens and companies in Spain. The purpose of the service is to make available to INCIBE-CERT’s target audiences technological and coordination capacity that makes it possible to offer operational support in the face of cyber threats or in the event of cyber incidents.

This service is continuously available to citizens, companies, digital service providers, RedIRIS-affiliated entities and strategic operators 24/7/365.

The INCIBE-CERT specialist incident response technical team offers technical support in the event of cybersecurity incidents. To protect the confidentiality of the data provided, INCIBE-CERT has PGP public keys that make it possible to encrypt them.

Likewise, if the incident involves a crime, INCIBE-CERT facilitates the arrival and coordination with Law Enforcement Agencies if the affected person wishes to make a complaint.

Besides receiving incidents through the mailboxes used for this purpose, the INCIBE-CERT uses incident anticipation and early detection techniques by aggregating sources of information. This makes it possible, on the one hand, to issue alerts and warnings about campaigns to improve protection against cyber threats. On the other hand, in the case of the early detection of incidents, the affected party is notified and keeps in touch with Internet providers and other CERTs if necessary.

Among other ongoing actions to assist in the fight against fraud, we pay special attention to cases related to “.es” TLD domains. In this we work very closely with dominios.es. The collaboration of clients and users of the affected service is essential to properly block fraudulent content and prevent the impact it may have on said users.

The Incident Response service is aimed at:

  • Citizens: through the Office of Internet User Safety and the Incidencias INCIBE-CERT email address.
  • Companies: through Protect your company and the Incidencias INCIBE-CERT email address.
  • Institutions affiliated with the Spanish academic and research network (RedIRIS): through the Mailbox of RedIRIS email address.
  • Essential and critical infrastructure operators: through the Buzón PIC de INCIBE-CERT email address.
  • Digital service providers: through the Incidencias INCIBE-CERTemail address.


Contact the incident management service for RedIRIS. If you wish to obtain further information about incident management, you can check the following links:

RedIRIS also provides a list of valuable services, in collaboration with INCIBE:

  • The list restricted to security managers at institutions affiliated with RedIRIS to coordinate security incidents. At least one contact point per affiliated institution must be registered in this list.
  • The activities that INCIBE provides to the institutions affiliated with RedIRIS in coordination with RedIRIS are: incident management, technical advice, procedures, action guides, courses, recommendations, etc. INCIBE supports RedIRIS in those fora or activities, whether domestic or international, that are related to providing the incident response service.