Skip nav to main content.

You’ve Been Hacked. Now What?

Cyberattacks on businesses are at an all-time high. In 2021, there were 50% more cyberattacks on businesses per week (compared to 2020) and the average cost of a data breach rose to a new high of $4.24 million, according to the IBM Cost of a Data Breach Report 2021.

Your response to such events can either contain or exacerbate an incident. Activating a comprehensive, coordinated plan following a cyberattack will reduce lost time, money and customers as well as reputational damage. The key is having these components in place well before an attack.

Steps to take immediately following a cyberattack

When hit with a cyberattack — whether invasive code or an outflow of data — there are steps you can take to minimize the damage and prevent further disruption. The following actions are necessary for organizations of every size.


To contain a cyber intrusion, you have to quickly stop the spread of the attack and prevent further damage. To do this, you will inevitably have to reduce, shut down or block business operations, which can negatively impact business workflows and services. It’s a tough decision to make, but you need to think about protecting your data and systems. Running simulations or case studies as part of your cybersecurity program will help prepare you to respond rapidly and decisively.


Be prepared to communicate the situation, which may include a combination of direct customer contact and media announcements. Many states have laws requiring businesses to take specific actions after a data breach, so it’s essential to stay informed about the requirements in your state. Management will need to respond to a high volume of requests from customers, business partners, vendors, regulators, law enforcement and directors.

Management should also monitor and address the public’s reaction to the event, using a qualified public relations firm if necessary. Your insurance agent can help you find a cyber risk policy that offers media relations assistance as a side benefit.


Document how the incident came to light, who reported it and how they were alerted. Also, interview IT staff and other relevant parties. Hire a computer forensics investigator to determine how the hack occurred (a critical component of an insurance claim). According to Deloitte, management should:

  • Consider and research the possibility of insider involvement
  • Identify affected systems and isolate them so no one attempts to fix, patch or alter the state of the systems
  • Gather and analyze all available evidence to determine the cause, severity and impact of the incident


Following a cyber event, your company should strengthen network security and enhance monitoring and other measures to mitigate future risks of similar incidents. It is important to document the findings, report them to relevant stakeholders, and notify the appropriate regulatory bodies as required. Your business will be at risk for future hacks.

Train, train and train again

According to cybersecurity firm Sensei Enterprises, every time a company trains its employees on cybersecurity, its risk of falling prey to a successful phishing attack decreases. Training should cover:

  • Potential threats: malware, phishing and social engineering
  • Password policies: best practices, multi-factor authentication and how to use it
  • Web and email protection: what to look for and what to avoid
  • Preventive measures: best practices for security

Plan ahead

Though a cyberattack is stressful, proper preparation can minimize the associated damage and costs. A planned and practiced response is crucial to your cyber defense, which should include cyber liability or data breach insurance. Some cyber insurance policies give you access to resources to help bolster your cyber defenses, too.