The first 48 hours: your data breach recovery plan

Imagine that you discover a data breach: what’s your next move? Do you unplug your computer? Call your lawyer? Hide under the desk? It can be difficult to know how to react to cybercrime, but a quick response is crucial: the first 48 hours can have a huge impact on the extent of your loss and your data breach recovery efforts.

A data breach could strike any business suddenly, and a measured, practiced response is your best counterattack. According to recent research, the average time to identify a breach is 196 days –  a lot of trouble can arise in that time. Fortunately, four steps can help you react wisely and recover quickly.

Find out everything that goes into a smart data breach response – download our white paper below.

First 48 white paper thumbnail

1.      Contain: stop the breach in its tracks

You’ll need to take immediate action with the help of IT, security, and personnel measures. It can be tempting to try to tackle the problem on your own or with your IT contact, but in many cases, the breach requires a variety of expertise and a significant effort from the very start. You’ll be in better shape if you can form an effective team right away.

According to recent research, the average time to identify a breach is 196 days –  a lot of trouble can arise in that time.

2.      Investigate: get to the source of the problem

Next, you’ll need to gather information on what was affected and how. It’s important not to make assumptions. There are three questions that can help guide your investigation and subsequent action:

  • What data was affected?
  • How did the event happen?
  • Can you fix the problem yourself?

The answer to that last question is often a resounding “no” – cybercrime and data breaches are increasingly sophisticated acts that require specialized knowledge and skills to remedy.

While you investigate the breach, stay calm and calculated in your action. Hasty reactions can make things a lot worse, especially when you act without advice from your digital security experts as you move through your data breach recovery efforts.

3.      Communicate: be transparent and work together

From your legal counsel and human resources (HR) team to public relations (PR) and your board of directors, everyone needs to be in the loop and align their messaging for any type of communications.

Since Canada’s federal Personal Information Protection and Electronic Documents Act now requires organizations to notify affected individuals and organizations of certain data breaches that create a real risk of significant harm, you can’t afford to take any chances. You’ll need someone to coordinate your communication during your data breach recovery.

Who’s in charge?

Managing your response is a big task, considering the whole process can take weeks or months to resolve. In many cases, you can minimize the impact to your business and customers by keeping your staff in their established roles, so choose a response leader at the start and stick with the supporting structure of internal and external experts you’ve set up.

4.      Remediate: focus on recovery

Only when you’ve stopped and contained the data breach can you turn your attention to getting your business back to normal.

There are a few things to keep in mind during this phase, including:

  • Choosing your data breach recovery partners wisely. When you work with vendors who’ve been there before, you can have more confidence in their ability to get you through this hardship.
  • Providing customers access to credit monitoring services. It’s a measure of good faith, but also a helpful tool for your business: offering affected customers credit monitoring services will help them recover and help you understand more clearly just how many customers were financially impacted by the breach.
  • Planning for litigation. Unfortunately, legal fallout is common when a data breach occurs. This can be a stressful and expensive consequence unless you have the right support. Legal counsel is indispensable, but a comprehensive business insurance policy can also help ease your burden.

Keep a record

It’s virtually impossible to guarantee your business will avoid another data breach, no matter how extensive your resources or coordinated your response. However, reviewing what you’ve learned and modifying your routine accordingly can help reduce the likelihood your defenses will be breached again.

Documentation helps you respond to future complaints, audits, and investigations. You can help defend your actions down the road by showing:

  1. Consider documenting everything you did during and after the breach – this will help sort out the truth when memories get fuzzy.
  2. Spell out not only what happened and how you’ve responded, but why. This way, you can defend your actions more easily.
  3. What potential harm could your customers or employees have been exposed to? If you’re audited or investigated by a regulator, you can show the effort you made to establish the impact on your customer and employees, as well as the steps you’ve taken to notify the affected parties and resolve the issues.

Improve security

So, you’ve wrapped up your data breach response and you’re ready to get back to business as usual. This is a great opportunity to make sure your operations are compliant, and that your security measures satisfy requirements.

Focus on your staff

Your employees can be your weak link or your first line of defense. Take the time to educate and train your staff, and do so continuously – education is ongoing, and one training session is simply not enough to maintain a cyber-savvy workforce.

Turn to the experts

Together with CyberScout, Northbridge Insurance has developed a versatile cyber risk insurance product: your policy can protect your bottom line if you suffer a breach, but it also grants you access to extensive cyber resources, reactive assistance, and personalized guidance to make sure the same thing doesn’t happen again. Together with your comprehensive data breach recovery plan, our expertise can help keep your business safe and secure as cyber risk evolves.


This blog is provided for information only and is not a substitute for professional advice. We make no representations or warranties regarding the accuracy or completeness of the information and will not be responsible for any loss arising out of reliance on the information.

Related Topics

Get a quote

    Contact Us

      Contact Us

      Welcome to
      Northbridge Insurance

      In order to offer a better experience, please confirm your location