Cyberattacks on businesses are becoming increasingly destructive. In the U.S., the average cost of a data breach is $4.88 million, according to IBM’s Cost of a Data Breach Report 2024.
Your response to such events can either contain or exacerbate an incident. Activating a comprehensive, coordinated plan following a cyberattack will reduce lost time, money and customers. It can also minimize the damage to your reputation. The key is having these components in place well before an attack.
Steps to take immediately after a cyberattack
Whether it was invasive code or an outflow of data, you can take steps to minimize the damage and prevent further disruption. The following actions are necessary for organizations of every size.
Contain
To contain a cyber intrusion, you must quickly stop the spread of the attack and prevent further damage. To do this, you will inevitably have to reduce, shut down or block business operations, which can negatively impact business workflows and services. It’s a tough decision to make, but you need to think about protecting your data and systems. Running simulations or case studies as part of your cybersecurity program will help prepare you to respond rapidly and decisively.
Communicate
Be prepared to communicate the situation. This may include a combination of direct customer contact and media announcements. Many states have laws requiring businesses to take specific actions after a data breach, so it’s essential to learn the requirements in your state. Management will need to respond to a high volume of requests from customers, business partners, vendors, regulators, law enforcement and directors.
Management should also monitor and address the public’s reaction to the event, using a qualified public relations firm if necessary. Your insurance agent can help you find a cyber risk policy with media relations as a side benefit.
Investigate
Document how the incident came to light, who reported it and how they were alerted. Also, interview IT staff and other relevant parties. Hire a computer forensics investigator to determine how the hack occurred. This is a critical component of an insurance claim.
According to Deloitte, management should:
- Consider and research the possibility of insider involvement
- Identify affected systems and isolate them so no one attempts to fix, patch or alter the state of the systems
- Gather and analyze all available evidence to determine the cause, severity and impact of the incident
Improve
Following a cyber event, your company should strengthen network security and enhance monitoring and other measures to mitigate the risk of similar incidents. It is important to document the findings, report them to relevant stakeholders and notify the appropriate regulatory bodies as required. Your business will be at risk of future hacks.
Train, train, and train again
According to cybersecurity firm Sensei Enterprises, every time a company trains its employees on cybersecurity, its risk of falling prey to a successful phishing attack decreases by 20%. Training should cover:
- Potential threats: malware, phishing, and social engineering
- Password policies: best practices, multi-factor authentication and how to use it
- Web and email protection: what to look for and what to avoid
- Preventive measures: best practices for security
Create a plan
Though a cyberattack is stressful, proper preparation can minimize the associated damage and costs. A planned and practiced response is crucial to your cyber defense, which should include cyber liability or data breach insurance. Some cyber insurance policies give you access to resources to help bolster your cyber defenses, too.
Want to strengthen your defense against a cyberattack? Visit with a Conrade commercial insurance agent to find a customized plan for your level of risk management.