What Should A Company Do After A Data Breach?

Data breaches are every company’s worst nightmare. Unfortunately, they’re more common than you might think—in 2020 alone, 155.8 million Americans suffered the consequences of a data breach.

If a cybercriminal has targeted your organization, you may be wondering: What should a company do after a data breach? Who do you report a data breach to? And how much does a data breach cost a company, when all is said and done?

While every cyberattack is different, there are a few trusted steps you can take to bounce back from a data breach. Let’s take a closer look.

What should a company do after a data breach?

In the wake of a data breach, many companies feel paralyzed. Here are five steps to take as the victim of a data breach:

1. Confirm that a breach actually occurred. First things first, you’ll want to determine whether this is a false alarm or a full-blown data breach. Has a hacker really stolen private information from your company, or is this just an elaborate scare plot to extort money from your business? For example, ransomware victims can verify whether an attack has occurred by checking to see if their data has actually been encrypted—or if a cybercriminal is just faking it.

2. Determine what data was stolen. Social Security numbers. Dates of birth. Email addresses and passwords. Pinpointing what information is in your hacker’s hands is a top priority. The last thing you want is to be left in the dark, wondering.

3. Take action to prevent damage. When targeted by a data breach, another one of your first thoughts may be: Who do you report a data breach to? The answer will depend on what information was exposed in the breach. For example, if any Social Security numbers were stolen, you’ll want to contact the major credit bureaus. Were your credit card or bank account numbers leaked? Notify the businesses that maintain those accounts so they can monitor them for fraudulent activity. At the end of the day, quick action can mitigate damage—and prevent further consequences.

4. Communicate with customers and employees. Customer and employee data often gets exposed in corporate data breaches. These parties have a right to know their private data has been leaked—so clear communication is critical. Better yet? Be prepared for crisis communications long before disaster strikes. As noted in one Harvard Business Review article, “When a data breach happens, there is nothing worse than trying to figure out how to manage the crisis on the fly as it is still happening. That’s why every strategic marketing plan, and every company’s overall security strategy, should incorporate a data breach communication plan.”

5. Learn what went wrong. Identify your points of weakness to prevent future data breaches. For example, were your passwords too obvious? Then study the ins and outs of creating an uncrackable password to ensure you don’t make the same mistake twice. Educating employees about best cybersecurity practices can have a tremendous payoff, saving your company from future attacks.

How much does a data breach cost a company?

Wondering how much a data breach might cost your company?

The answer may surprise you. According to IBM’s 2020 Cost of a Data Breach Report, data breaches cost companies an average of $3.86 million per incident. What’s more, it takes businesses around 280 days to identify and contain a breach.

The bottom line? Data breaches cost your company valuable time and money—and strong cybersecurity is essential in the digital age.

Learn more with SiteLock

Now that you’ve answered the questions “what should a company do after a data breach,” “who do you report a data breach to,” and “how much does a data breach cost a company,” you’ve covered the basics. Want to learn more about these malicious attacks? Read “What Is a Data Breach” or contact SiteLock today to discuss how we can help your business protect itself from data breaches.