Cyber Liability 101: What To Do When There Is A Cyber Attack

If your business experiences a cyber attack, every second counts. Acting quickly and correctly can make the difference between a manageable incident and a financial or reputational disaster.

In this article, we’ll walk you through the exact steps to take after a cyber attack—especially if you carry cyber liability insurance.

Step 1: Contact Breach Counsel Immediately

The first call you make after discovering a breach should be to a breach response attorney (also called breach counsel or breach coach). If your business has cyber liability insurance, your insurance carrier may provide access to these professionals as part of your policy.

🔑 Why this matters: Reporting requirements are strict—some insurers or state regulations require notice within 12 to 24 hours of discovering the breach. Delay can void coverage or trigger penalties.

Breach counsel acts as your incident response quarterback, guiding you through the legal and technical maze that follows a cyber event.

Step 2: Notify Your Cyber Insurance Carrier

Most carriers have pre-approved law firms, forensics teams, and vendors. It's essential to follow the insurance company’s approved process to ensure costs are covered and deadlines are met. If the breach occurs after business hours or on a weekend, initiate the claims process immediately—response teams are often available 24/7.

Step 3: Begin IT Forensics and Investigation

Once breach counsel is engaged, they will assign an incident response team to conduct a forensic analysis of the breach under attorney-client privilege. This investigation identifies:

How the breach happened
Whether the threat still exists
What systems and data were compromised

The forensic team works to contain the breach and get your systems operational again.

Step 4: Follow Proper Ransomware Response Protocols

If the attack involves ransomware, do not attempt to negotiate with cybercriminals on your own. Breach counsel will help determine if a ransom can be legally paid and will guide you through Office of Foreign Assets Control (OFAC) compliance if applicable.

Step 5: Comply with Notification Laws

Based on the forensic findings, breach counsel will advise whether client notification is required. They will:

Draft notification letters
Coordinate identity monitoring or credit protection services
Ensure compliance with state-specific notification laws, especially if affected clients reside in multiple states

Failing to follow these requirements can result in fines, lawsuits, or additional regulatory action.

Why Timing and Expertise Matter

Cyber attacks can escalate fast. From legal exposure and regulatory fines to reputational damage, the risks are significant. A delay or misstep in response can turn a manageable situation into a business-crippling event.

That’s why working with breach response professionals—from the first hour of discovery—is critical.

Final Thoughts: Be Proactive, Not Reactive

Having a cyber liability insurance policy that includes breach response support is one of the best safeguards a business can have. But even the best insurance won’t help if you don’t act fast and follow proper steps.

If you're unsure whether your current policy includes these protections—or if you need help putting the right coverage in place—contact us today.

We’ll help you review your coverage and make sure you're protected.