Does Your Company Know What To Do After a Cyber-Attack? | Blog | MMA

Does Your Company Know What To Do After a Cyber-Attack?


SVP, Management Liability
+1 763 548 8599
December 19, 2018

Many businesses have made it a priority to install protections against cyber criminals, including stronger firewalls, two-stage authentication, employee training and more.

And yet, many of these same companies have no plan for responding to a cyber breach incident. It may be they feel safe once they have protections in place or, more likely, they simply have not made it a priority to develop a response plan. Either way, these companies are missing an essential part of an overall cyber-protection program.

A Reponse Plan Begins With Communication

That starts by establishing who should be involved. Your cyber incident response team should be comprised of key decision-makers and leaders of key functional areas who will be involved in responding to the cyber-attack. The team should include representatives from IT, legal, compliance and communications.

Once you have identified your incident response team, it is important to remember to include legal representation on all critical communications, as this will ensure that the content of those communications is protected by attorney/client privilege. Because your email could be compromised, it is recommended that initial communications be conducted by phone and team members should be careful to remember that information exchanged during calls and meetings should be kept confidential as any information that is prematurely released could cause further damage.

When you communicate is also important. The sooner, the better for the initial contacts within your organization. Communications outside of the initial list should be timely, but thoughtful as sometimes an early, but incorrect response can cause more harm than good. Be sure to consider legal and regulatory requirements as well; they vary by legal jurisdiction.

Assess the Extent of the Problem

Clearly, you will want to involve IT immediately. But the responsibility for accurately identifying the scope of the breach or how badly it damaged your company should not fall solely on your internal IT staff. There are too many specific state and federal standards that need a significant level of due diligence to ensure that you’re meeting all regulatory requirements. Oftentimes, even if your IT staff has the capability to diagnose and remedy the situation, bringing in a well vetted third-party forensic firm puts your organization in a stronger legal position.

Therefore, your response plan should contain a short list of qualified IT forensics firms you can trust to work with your internal IT team to assess the situation and recommend any technological and training changes the company needs to make.

Carry Out the Rest of the Plan

Once the assessment is complete and you have a plan to repair damages, you’ll need to thoughtfully notify others and work closely with internal and external resources.

  • Notify all employees as to what happened and what is being done
  • Inform your customers as determined appropriate for your organization or legally required, make any necessary amends and let them know next steps
  • Use Public Relations to speak to the public at large about what happened. The better cyber liability insurance policies will provide you with a PR expert in the event of an incident.
  • Work with law enforcement
  • Work with governmental regulators as necessary

Cyber Insurance Policies Can Provide Additional Help

Advanced planning like this is important for any organization, and will be valuable in the event of any cyber incident. Employers with well-written cyber insurance policies in place, however, are likely to be better positioned to weather the fallout. Not only will they be provided with financial remuneration for their losses, but they will also gain access to multiple specialists (attorneys, public relations specialists, and more) who can help them navigate the complex issues following an incident.

Check to see if your policy includes access to these “rapid response teams” of experts who specialize in post-cyber incident mitigation. The better policies in the marketplace do.

Marsh & McLennan Agency Can Help

Your company’s core expertise, more than likely, isn’t responding to cyber-attacks. That’s why it can be beneficial to rely on experts to help you create your cyber-attack response plan.

If you’d like to talk with us about the expert assistance and resources available, contact Dan Hanson, a qualified CPCU and MMA’s Senior Vice President for Management Liability and Client Experience. You can reach Dan at (763) 548-8599 or at