If your business experiences a cyber attack, every second counts. Acting quickly and correctly can make the difference between a manageable incident and a financial or reputational disaster.
In this article, we’ll walk you through
the exact steps to take after a cyber attack—especially if you carry
cyber liability insurance.
Step 1: Contact Breach Counsel Immediately
The first call you make after discovering a breach should be to a
breach response attorney (also called breach counsel or breach coach). If your business has cyber liability insurance, your insurance carrier may provide access to these professionals as part of your policy.
🔑
Why this matters: Reporting requirements are strict—some insurers or state regulations require notice within
12 to 24 hours of discovering the breach. Delay can void coverage or trigger penalties.
Breach counsel acts as your
incident response quarterback, guiding you through the legal and technical maze that follows a cyber event.
Step 2: Notify Your Cyber Insurance Carrier
Most carriers have pre-approved law firms, forensics teams, and vendors. It's essential to
follow the insurance company’s approved process to ensure costs are covered and deadlines are met. If the breach occurs after business hours or on a weekend, initiate the claims process immediately—response teams are often available 24/7.
Step 3: Begin IT Forensics and Investigation
Once breach counsel is engaged, they will assign an
incident response team to conduct a forensic analysis of the breach under
attorney-client privilege. This investigation identifies:
- How the breach happened
- Whether the threat still exists
- What systems and data were compromised
The forensic team works to contain the breach and get your systems operational again.
Step 4: Follow Proper Ransomware Response Protocols
If the attack involves ransomware, do
not attempt to negotiate with cybercriminals on your own. Breach counsel will help determine if a ransom can be legally paid and will guide you through Office of Foreign Assets Control (OFAC) compliance if applicable.
Step 5: Comply with Notification Laws
Based on the forensic findings, breach counsel will advise whether
client notification is required. They will:
- Draft notification letters
- Coordinate identity monitoring or credit protection services
- Ensure compliance with
state-specific notification laws, especially if affected clients reside in multiple states
Failing to follow these requirements can result in fines, lawsuits, or additional regulatory action.
Why Timing and Expertise Matter
Cyber attacks can escalate fast. From
legal exposure and
regulatory fines to
reputational damage, the risks are significant. A delay or misstep in response can turn a manageable situation into a business-crippling event.
That’s why working with breach response professionals—from the
first hour of discovery—is critical.
Final Thoughts: Be Proactive, Not Reactive
Having a
cyber liability insurance policy that includes breach response support is one of the best safeguards a business can have. But even the best insurance won’t help if you don’t act fast and follow proper steps.
If you're unsure whether your current policy includes these protections—or if you need help putting the right coverage in place—contact us today.
We’ll help you review your coverage and make sure you're protected.
Additional Resources:
