Skip to main content

2019 is predicted to be the “worst year on record” for data breaches. Every poll and statistic reported indicates a worrying rise in cyberattacks doing enormous damage to businesses.

Organisations that you would assume have the resources to protect themselves often appear in the news after being compromised by cybercriminals.

Any company, regardless of its size or industry, could fall victim to an opportunistic hacker. Whether it’s due to poor cyber hygiene, sophisticated cyberattacks or some combination of the two, there is always the possibility that your business could be next.

Protecting your organisation from cyberattacks doesn’t just mean having the most advanced security software. It also means knowing how to handle the situation when someone does break through. If you do end up on the wrong end of a malicious attack, here are seven things you should do to minimise the damage a breach can cause.

Report the breach to the ICO

If it is possible that the breach has put individuals at risk, such as your staff or customers, you may need to report it the ICO.

You are required to submit your report within 72 hours of becoming aware that you have suffered a breach. The process is designed to be simple and efficient. The information you need to provide will also help you with your next steps, in terms of understanding the extent of what has happened and what the ongoing consequences could be.

Inform anyone who might be affected by the breach

Customer opinions of a company can change drastically after a breach. 64% of consumers say they would be less likely to do business with an organisation after data was stolen.

The way you communicate with anyone affected by the breach can hugely influence their ongoing trust in you. It is incredibly important that they hear the news from you first, rather than find out that their data could be compromised from the media, online or through general rumours.

Being transparent with anyone who may be affected is the best way to keep their opinion of you from plummeting. Help them to understand what the implications could be for them and offer all the support you can.

Contain and remove the infection

This one should go without saying – get rid of the malicious software that made its way into your infrastructure. Ensure that the infection can’t spread to other systems within your network and cause further damage.

Make sure not to destroy evidence of the attack while investigations into it are ongoing. But at the very least find a way to neutralise the threat so you can get back to business as normal as efficiently and painlessly as possible.

Secure the vulnerability that got exploited

Again, this one should be obvious: Identify how the attack managed to get into your system and work out how to stop it from happening again.

At this point, someone already knows how to take advantage of a weakness in your cybersecurity. If you don’t reinforce that gap, they could do it again. Or someone else could find it for themselves and you could find yourself in the same position with another threat actor – possibly one that hides their tracks better and could do more harm.

You need to find the vulnerability that was exploited to allow the attackers access to your data and reinforce it.

Thoroughly check every device in your network for other infections

While cybercriminals will take advantage of the most easily exploitable vulnerability, they will likely still anticipate a response. They know that businesses are aware of threats to their data and they understand the usual processes taken to mitigate damage.

It’s not uncommon for cybercriminals to leave secondary infections that persist within your network and cause further damage after you think you’re safe.

Triple check your entire digital infrastructure if you have to. Don’t underestimate how cunning and malicious hackers can be. Keep an eye out even for threats that seem completely unrelated to the initial infection.

Learn from the experience

Conduct a thorough investigation into what happened. Invest in a third party cybersecurity audit if you want a truly objective view of the situation.

Make sure that you fully understand how you got exploited and why. Be prepared to accept accountability for mistakes you may have made in your cybersecurity practice that made it easier for attackers to gain access to your data.

It is wise to keep logs of your cybersecurity activity to reference in situations like this. Go over them and see if they can shed any light on what happened. Use this information to go forward with the most comprehensive cybersecurity strategy that you can.

Update your cybersecurity practices

If you tidy up the mess only to carry on as normal, you will get hacked again. Identify the flaws in your existing cybersecurity and implement whatever new measures are needed to make sure this won’t happen again.

This could mean investing in better security software or ensuring that all your staff are properly trained in best cybersecurity practice and spotting social engineering. It could mean introducing new policies to maintain your compliance status and keep your cybersecurity programmes fully patched and functioning.

Use this as an opportunity to review your cybersecurity processes and improve them, even in areas that weren’t involved in this breach.

Whatever you do, don’t just plugs the gaps and assume you’ll be fine. A cybercriminal was able to take advantage of you for a reason and it’s up to you to make sure it doesn’t happen again.


With as many as 88% of UK organisations reporting data breaches in 2018 and the numbers only climbing, it’s crucial to know how to respond if the next one is you.

  • Report
  • Inform
  • Contain
  • Secure
  • Check
  • Learn
  • Update

Find out how ThreatAware can help manage and monitor your cybersecurity processes by accessing our demo site or signing up for a free trial.