As recent events have seen a spike in cybercrime activity of all types, William Fry’s Cybersecurity Team outlines 10 key steps to take when faced with a cyber attack or security breach.

90% of large businesses have suffered an information security breach in the past year* while the Irish Data Protection Commissioner has noted a 50% increase in data breach notifications**. Cyber attacks against businesses of all sizes are becoming more frequent and more sophisticated. Attacks can threaten entire firms due to the significant reputational damage and regulatory risk involved. As well as data protection authorities, other sectoral regulators are actively reviewing this area. The Central Bank recently identified cybersecurity as an area of emerging risk and announced its review of controls and procedures around system security and access as a key area for themed inspections.

An ever-growing list of regulatory and contractual requirements is due to be augmented by new legislation which will introduce specific requirements in terms of cybersecurity and data breach management. Under the EU Data Protection Regulation (see here), businesses will be required to notify data protection authorities of security breaches involving personal information within 72 hours of their occurrence, with breaches of the Regulation potentially resulting in fines of up to 4% of annual global turnover or 20,000,000 euro, whichever is the larger. The EU Network and Information Security Directive will also have significant implications for businesses in critical sectors such as transport, communications, energy, health and finance and will also introduce breach reporting requirements and sanctions – see our update here.

Responding to a cyber attack – 10 critical actions

  1. Activate your organisation’s incident response plan
  2. Quickly assess the scale of the attack and the information at risk
  3. Seek legal advice to co-ordinate the response while maintaining legal privilege
  4. Direct your IT department to backup and maintain all audit trails
  5. Monitor banking activity on organisation accounts and inform your bank of a breach
  6. Consider other appropriate steps to contain the incident and limit the damage e.g. take affected devices offline
  7. Preserve evidence and record all actions taken
  8. Check your organisation’s insurance policy and coverage
  9. Determine if notifications outside your organisation are required, for example to: 
    • affected individuals
    • customers / suppliers 
    • regulatory authorities such as the Data Protection Commissioner, the Gardaí etc.
  10. Alert your PR team and decide on a communications strategy   

There is no substitute for being prepared

Responding effectively to a cyber attack or security breach ultimately requires an appropriate level of preparation. Businesses must plan in advance how they will deal with a data breach or similar incident in order to minimise and manage this key business risk for all organisations