I suffered quite a few attacks in the late 90s, I think because Essex is alphabetically the first academic institution in the UK with 'sex' in its name. On a couple of occasions I was able to trace down the cracker to his home machine; but these days, crackers are much more likely to be anonymized, arriving via other cracked machines.
The things I found most useful were to:
-- if it's a new security hole, contact the CERT people at Carnegie-Mellon;
-- contact the root user on any machine from where the cracker arrived, warning them that their machine had been compromized too;
-- if possible, put something over the backdoor that simply responds with "This security hole has been plugged and your attempt to break in through it has been recorded." Whether or not you do actually record things are up to you.
I don't see that there's a real need for an organization like CERT in the UK: Linux is global and if there's a newly-found hole in widely-used software, it'll affect others too. On the other hand, there are quite a few companies that make a living out of Linux security; one of my former PhD students' first job after finishing was to drive around the City looking for open wireless networks. And yes, they were mostly in managers' offices.
I'm not aware of any companies that will help harden small Linux installations or help mop up after a break-in, but then again I haven't looked. Maybe there's a hole in the market...
HTH. ..Adrian