Ing + McKee

You’ve Been Hacked. Now What?

September 7, 2022

Cyberattacks on businesses are at an all-time high. In 2021, there were 50% more cyberattacks on businesses per week (compared to 2020) and the average cost of a data breach rose to a new high of $4.24 million, according to the IBM Cost of a Data Breach Report 2021.

Your response to such an event can either contain or exacerbate an incident. Activating a comprehensive, coordinated plan following a cyberattack will limit lost time, money and customers as well as reputational damage. The key is having these components in place well before an attack.

Steps to take immediately following a cyberattack

When hit with a cyberattack – whether invasive code or an outflow of data – there are steps you can take to minimize the damage, rectify the situation and prevent further disruption. The following actions are necessary for organizations of every size.


To contain a cyber intrusion, you have to quickly stop the spread of the attack and prevent further damage. To do this, you will inevitably have to reduce, shut down or block operations, which can have a negative impact on business workflows and services. It’s a tough decision to make, but you need to think about protecting your data and systems. Running simulations or case studies as part of your cybersecurity program will help prepare you to respond rapidly and decisively.


As of November 1, 2018, all companies subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) are required to report breaches of security safeguards involving personal information to the Privacy Commissioner of Canada if these breaches pose a real risk of significant harm to individuals. They must also notify all affected individuals.

Be prepared to communicate the event and your response across all media, including social media, to assure stakeholders that the organization’s response is adequate. Management will need to respond to a high volume of requests from customers, business partners, vendors, regulators, law enforcement and the board of directors.

Management should also monitor and address the public’s reaction to the event, using a qualified public relations firm if necessary. Your insurance professional can help you find a cyber risk policy that offers media relations assistance as a side benefit.


Document how the incident came to light, who reported it and how they were alerted. Also, interview IT staff and other relevant parties.Hire a computer forensics investigator to determine how the hack occurred (a critical component of an insurance claim). According to Deloitte, your management should:

  • Consider and research the possibility of insider involvement
  • Identify affected systems and isolate them so no one attempts to fix, patch or alter the state of the systems
  • Gather and analyze all available evidence to determine the cause, severity and impact of the incident


Following a cyber event, your company should strengthen network security and enhance monitoring and other measures to mitigate future risk of similar incidents. It is important to document the findings, report them to relevant stakeholders, and notify the appropriate regulatory bodies as required. Your business will be at risk for future hacks.

Train, train and train again

According to cybersecurity firm Sensei Enterprises, every time a company trains its employees on cybersecurity, its risk of falling prey to a successful phishing attack decreases. Effective training should cover:

  • Potential threats: malware, phishing and social engineering
  • Password policies: best practices, two-factor authentication and how to use it
  • Web and email protection: what to look for and what to avoid
  • Preventive measures: best practices for security


Plan ahead

Though a cyberattack is stressful, proper preparation can minimize the associated damage and costs. A planned and practiced response is crucial to your cyber defense, which should include cyber liability or data breach insurance. Some cyber insurance policies give you access to resources to help bolster your cyber defenses, too.

target pixel