Data breaches are expensive. They cost an average of $5.4 million each to US companies in 2011 for mitigation and remediation alone, while also causing significant harm to brand and reputation.

The first 24 hours after you discover a breach are critical to restoring security, minimizing harm, obtaining and preserving evidence and complying with contractual and legal obligations. 

When responding to a breach:


  • Assemble an incident response team
  • Contact inside and outside counsel to establish a “privileged” reporting and communication channel
  • Coordinate with legal counsel to bring in cybersecurity experts and forensic examiners
  • Contact law enforcement (possibly)
  • Define legal obligations
  • Conduct interviews of personnel involved
  • Reissue or force security access
  • Stop additional data loss
  • Secure evidence
  • Preserve computer logs
  • Document the breach


  • Do not probe computers and affected systems
  • Do not turn off computers and
  • Do not run anti-virus programs or utilities affected systems
  • Do not copy data or connect storage devices/media to affected systems
  • Do not reconnect affected systems