What to do in the event of a cyber-attack

06 March 2019

A risk management action checklist for firms to follow if a cyber-attack occurs.

Cyber-attacks on businesses often go unreported and many do not have a cyber risk management plan in place. Here’s a simple checklist for firms to follow in the event of an attack:


Don’t panic: in the event of an incident, pull together an internal team, ideally already identified as part of a contingency plan, and start identifying as many details about the breach as possible – how it occurred; was it an external attack or due to data leakage through a stolen/lost mobile device?; and what type of data has been compromised – is it local, national or international?

Secure system/containment

Isolate or suspend the part of your system or network that has been compromised in order to stop it spreading. Containing the breach could be very simple, or it could take weeks, so be prepared for all eventualities.

Impact assessment

Assess the potential impact of the breach on the business and your customers, and document what you are doing to control it. 

Consider telling the police, who have increasingly sophisticated knowledge in this area and can provide advice and support, particularly if blackmail is involved.

 Sign up to our latest  news & insights Sign up to our latest  news & insights

Public relations

Identify and alert any relevant parties that the breach could impact – be they suppliers or customers. 

It is much better to control the message, rather than wait for the rumour mill to start. Own up, act and take responsibility.

If customers’ data has been stolen or compromised, for example, you could offer free credit screening services.


Once you have repaired the data and systems, ensure you have identified the cause and source of the attack and the system vulnerabilities.

Legal/regulatory requirements

Ensure you are aware of and adhere to any industry specific or wider regulatory reporting standards, in particular the GDPR.

Review, assess, implement

Once the attack has been dealt with – review what you did, how you responded and lessons you can learn and implement. 

For more information please contact Sarah Stephens, Head of Cyber on +44 (0)203 394 0486.