Hands typing on a laptop computer.

Crisis alert: How to respond to a data breach

by ​George Dearing


5 steps to take if your data has been breached.

Read time: 3 minutes

The number of data breaches and cyber attacks is increasing. Javelin Strategy & Research says fraud losses from existing bank accounts and credit card accounts were up 45 percent last year to $16 billion.¹ Welcome to the new world of work — with new and advanced threats.

The good news is that companies are realizing that how they react to a breach can be just as important as the technology infrastructure they use to defend themselves against attackers.

“Customers will always judge a business by the swift action it takes, rather than what got you into trouble in the first place,” said Jason Maloni, SVP at communications firm Levick, as quoted in the Wall Street Journal.²

So if you’ve been breached, and don’t know how much of your customers’ personal information has been stolen, what do you do? Let’s break it down into steps.

​If you haven’t already, you should establish procedures for quickly reporting a suspected or confirmed breach.

1. Establish a data breach response team

Even though the technical pieces are typically handled by IT security, your overall response to a data breach requires a team of multiple people from various departments. Depending on the size and complexity, it should at least include the manager of the program experiencing the breach, the CIO, chief privacy officer, general counsel, someone from your crisis communications team, and an executive from finance or procurement.

3. Assess the extent of the breach and its impact

The assessment step is when it’s necessary to gauge the extent of the risk and how stakeholders might be harmed. Once that’s determined, businesses can then determine whether customers should be notified. Since your responses could often be highly visible, even public, make sure company officials are thoroughly briefed on how to articulate the breadth of the situation. The more details you can provide the media or customers, the better off you’ll be if the situation escalates. If you’re found to be hiding important information from your customers, the PR hit could be devastating for your organization. Be open and upfront.

4. Have a clear process for reporting data breaches and know which agencies to notify

If you haven’t already, you should establish procedures for quickly reporting a suspected or confirmed breach. As mentioned in the second bullet, knowing where to go for information during a breach is critical. A well-crafted response plan lays out which resources are best suited to respond to a particular request for information or action. Once things inside the organization are perfected, response times to external organizations and agencies will improve.

5. Analyze responses and identify lessons learned

Businesses should always review and measure their responses to a data breach, even the most basic actions that were taken. By identifying the lessons learned, companies can build that expertise into their compliance and governance models that deal with security and privacy. And keep testing and refining your response plan — you don’t want a major incident to be the plan’s first test.

For more information, check out this McKinsey piece on incident-response strategies.³

Responding to a security breach

Strengthen your security and take charge of your information

Learn more

Recommended for you

Defining Hacking & 11 Essential Hacking Terms
Defining Hacking & 11 Essential Hacking Terms

Defining Hacking & 11 Essential Hacking Terms

Get to know the basics of hacking with our guide to 11 key hacking terms. Uncover the vocabulary and concepts that make up the world of cybersecurity.

Data Risk Assessment Checklist
Data Risk Assessment Checklist

Data Risk Assessment Checklist

Learn how to conduct a content risk assessment, identify critical data that is exposed and put a plan in place to avoid security breaches.

Digital Forensics for Kramon & Graham
Digital Forensics for Kramon & Graham

Digital Forensics for Kramon & Graham

Learn how Ricoh's Digital Forensics Services helped Kramon & Graham recover $8.5 million through a default judgment, prove data wiping and spoliation of ESI.

  1. 1Robin Sidel. "Fraudulent Transactions Surface in Wake of Home Depot Breach." Wall Street Journal. September 23, 2014.https://www.wsj.com/articles/fraudulent-transactions-surface-in-wake-of-home-depot-breach-1411506081
  2. 2Steven Norton. "P.F. Chang’s Confirms Data Breach; Now Comes the Hard Part." Wall Street Journal. June 13, 2014. http://blogs.wsj.com/cio/2014/06/13/p-f-changs-confirms-data-breach-now-comes-the-hard-part/
  3. 3Tucker Bailey, Josh Brandley, and James Kaplan. "How good is your cyberincident-response plan?" McKinsey & Company, December 2013. http://www.mckinsey.com/business-functions/digital-mckinsey/our-insights/how-good-is-your-cyberincident-response-plan