Hands typing on a laptop computer.

Crisis alert: How to respond to a data breach

by ​George Dearing


5 steps to take if your data has been breached

Time: 3 minute read

The number of data breaches and cyber attacks is increasing. Javelin Strategy & Research1 says fraud losses from existing bank accounts and credit card accounts were up 45 percent last year to $16 billion. Welcome to the new world of work — with new and advanced threats.

The good news is that companies are realizing that how they react to a breach can be just as important as the technology infrastructure they use to defend themselves against attackers.

“Customers will always judge a business by the swift action it takes, rather than what got you into trouble in the first place,” said Jason Maloni, SVP at communications firm Levick, as quoted in the Wall Street Journal.2

So if you’ve been breached, and don’t know how much of your customers’ personal information has been stolen, what do you do? Let’s break it down into steps.

​If you haven’t already, you should establish procedures for quickly reporting a suspected or confirmed breach.


1. Establish a data breach response team

Even though the technical pieces are typically handled by IT security, your overall response to a data breach requires a team of multiple people from various departments. Depending on the size and complexity, it should at least include the manager of the program experiencing the breach, the CIO, chief privacy officer, general counsel, someone from your crisis communications team, and an executive from finance or procurement.

Infographic illustrating the incident response plan.

2. Prep your employees on roles and responsibilities 

It’s important to make sure employees are well versed when it comes to your data breach response plan. As your plan is tested and refined, make it a point to spell out everyone’s roles and responsibilities. And make sure everyone assigned with a role knows how information flows (or needs to flow) between departments during a crisis, and how decisions are made within the organization. Timeliness is critical when responding to a data breach, and not being able to find the right people for an important decision can be costly. 

Explore our content library

3. Assess the extent of the breach and its impact

The assessment step is when it’s necessary to gauge the extent of the risk and how stakeholders might be harmed. Once that’s determined, businesses can then determine whether customers should be notified. Since your responses could often be highly visible, even public, make sure company officials are thoroughly briefed on how to articulate the breadth of the situation. The more details you can provide the media or customers, the better off you’ll be if the situation escalates. If you’re found to be hiding important information from your customers, the PR hit could be devastating for your organization. Be open and upfront.

4. Have a clear process for reporting data breaches and know which agencies to notify 

If you haven’t already, you should establish procedures for quickly reporting a suspected or confirmed breach. As mentioned in the second bullet, knowing where to go for information during a breach is critical. A well-crafted response plan lays out which resources are best suited to respond to a particular request for information or action. Once things inside the organization are perfected, response times to external organizations and agencies will improve.

5. Analyze responses and identify lessons learned 

Businesses should always review and measure their responses to a data breach, even the most basic actions that were taken. By identifying the lessons learned, companies can build that expertise into their compliance and governance models that deal with security and privacy. And keep testing and refining your response plan — you don’t want a major incident to be the plan’s first test.

For more information, check out this McKinsey piece3 on incident-response strategies. 

Recommended for you


Recommended for you

image of hard drive Case Study: Kramon & Graham PA Forensic analysis helps Baltimore litigation firm prove spoliation
dictionary definition of hacking Article: 11 essential hacking terms The types of threats and hacking terms that are impacting business security
Young businesswoman sitting at desk, using computer Article: Data Risk Assessment Checklist Learn to identify and avoid security breaches
1 Robin Sidel. "Fraudulent Transactions Surface in Wake of Home Depot Breach." Wall Street Journal. September 23, 2014.https://www.wsj.com/articles/fraudulent-transactions-surface-in-wake-of-home-depot-breach-1411506081
2 Steven Norton. "P.F. Chang’s Confirms Data Breach; Now Comes the Hard Part." Wall Street Journal. June 13, 2014. http://blogs.wsj.com/cio/2014/06/13/p-f-changs-confirms-data-breach-now-comes-the-hard-part/
3 Tucker Bailey, Josh Brandley, and James Kaplan. "How good is your cyberincident-response plan?" McKinsey & Company, December 2013. http://www.mckinsey.com/business-functions/digital-mckinsey/our-insights/how-good-is-your-cyberincident-response-plan
Close Chat
HelpChoose A Topic