You’ve Discovered a Breach. Here’s Your Response.
NOW
Isolate affected systems. Disconnect any device that shows signs of compromise. This prevents the attacker from spreading further or stealing more data. If it’s your payment system, stop online payments immediately.
NOW
Preserve evidence. Do NOT restart systems. Do NOT delete logs. Do NOT clean anything up. You’ll need this evidence for forensics, law enforcement, and regulators.
WITHIN 1 HOUR
Contact your IT provider. Tell them what happened. Ask them to start forensic investigation. If you don’t have an IT provider, call a forensic firm now.
WITHIN 1 HOUR
Notify your senior team. Don’t keep it secret hoping it goes away. Get management and board members informed immediately.
WITHIN 2 HOURS
Reset critical passwords. If you suspect account compromise, reset passwords for email, banking, payment systems, and critical business applications from a clean device.
WITHIN 4 HOURS
Contact your insurers. If you have cyber liability insurance, notify them immediately. Many policies require rapid notification.
WITHIN 24 HOURS
Determine scope. Work with your forensic team to understand: What was accessed? What data was compromised? When did it happen? How did they get in?
WITHIN 48 HOURS
Assess notification obligations. Under GDPR, if personal data was breached, you may need to notify affected individuals and the ICO within 72 hours. Contact a lawyer if you’re unsure.
WITHIN 72 HOURS
ICO notification if required. If you process UK personal data and the breach meets GDPR threshold, you must notify the ICO. Complete your notification through the ICO’s breach reporting portal.