What to do in the event of a cyber-attack on your business

The consequences from suffering a breach can be severe to the running of your business, from outcomes such as financial losses and reputational damage to legal repercussions and operational disruptions. Defined as any offensive or invasive action which targets computer systems, networks, or personal digital devices, it’s crucial that businesses know how to respond promptly and effectively to minimise the impacts.

To provide your business with the knowledge necessary to manage a cyber-attack, read Markel Direct’s guidance below.

How a cyber breach may occur

Overtime, the means and methods of cyber-attacks have progressively advanced, making way for a wide range of routes available for hackers, depending on their motives and capabilities. The most popular attack techniques used on businesses include:

• Phishing – An attempt to trick victims into sharing sensitive, personal information. This is the most common type of attack, typically coming in the form of a seemingly trustworthy text message or email, providing a link or call to action to trick the user into sharing their sensitive data.
• Malware – Any type of malicious software, such as viruses or spyware, designed to harm computer systems. Veeam reported that ransomware is a popular type of malware being increasingly used to target businesses, with 85% of such attacks targeting small businesses in 2023.
• Denial of service – An effort to overload a website or network, with the aim of degrading its performance by overwhelming business demand, sometimes making a site completely inaccessible.

Steps to take after a data breach

As advised in our article on how to improve your business cyber security, you should have an existing cyber-attack response plan in place detailing roles and responsibilities. To assist with this plan, we have outlined the specific steps to take to manage your business’s cyber security.

Contact your insurer

If there appears to be a cyber-attack on your business, contact your cyber insurance provider first. Many cyber policies, including Markel Direct’s, offer an advice helpline to assist you with any cyber concerns you may have. These experts will be able to support you in responding to a cyber-attack and advise you on your next steps.

Confirm the attack

Once someone has reported an attack, whether an employee has noticed a slower site speed or a customer has been locked out, you must confirm that a breach has happened, or in some cases, if it is still happening. To verify if an attack has occurred, take a look at your security software or contact your IT security provider. In 2022, IBM’s data security report revealed that it takes an average of 277 days for a business to identify and report a breach, so it’s vital to confirm the attack as soon as possible to minimise any damage.

Determine the type of attack

If your in-house team doesn’t include an IT technician with specialist knowledge, enlist an outside source to help you identify what type of attack took place. Bringing in resources for advice and support will help you to be able to more efficiently answer which kinds of services have been targeted, and how the hackers were able to breach your site, feeding into future prevention plans.

Contain and assess the damage

Make sure all devices/platforms which have been affected are temporarily suspended, where possible, to prevent the cyber-attack from spreading. Disconnect devices from the internet, isolate any critical systems and change passwords on crucial accounts.

Once the attack has been contained, consider what information was taken and the impacts of the data breach. This will include assessing what damage was made and why the security measures in place were not effective enough.

Report to the authorities

The Data Protection Act 2018 requires data breaches to be reported to the Information Commissioner's Office (ICO) within 72 hours if they pose a risk to individuals' rights and freedoms. If you do not report the breach on time, you will receive a penalty, unless you can provide a valid reason – for serious breaches of data protection principles, the ICO have the power to issue fines up to £17.5 million or 4% of your annual turnover, whichever is higher.

If your data breach has a significant impact on any essential services that the Operators of Essential Services (OES) provide, this must be reported via the Data Security and Protection Toolkit without undue delay, no later than 72 hours after the OES became aware of the incident.

Inform any customers

Before informing your customers of the cyber-attack, you must take the time to think about your public messaging. Outline the plan you are going to take to address the event, including what your business intends to do in the aftermath. It is essential that you notify your customers before any media or social sources potentially share it. Providing transparency is essential to ensure your business can remain operating after these events.

The ICO shares that if a personal data breach results in a high risk of adversely affecting an individual’s rights and freedoms, the customer must be informed without undue delay.

Secure your database

After the event of a cyber-attack has happened, ensure your employees remain trained on how to identify one in the future, as well as the processes to follow in the case of another attack happening. Educate yourself and your employees about cyber security regulations which need to be followed throughout business operations – read our guide, here, to understand the four main laws and regulations.

To minimise the threat of a cyber-attack in the future, review any lessons learnt throughout managing the breach, and explore our dedicated article which explains the top five ways to protect your business against cybercrime.

Rob Rees, Divisional Director at Markel Direct, shares:

“With cybercrime on the rise, it’s essential that small businesses and self-employed individuals are protecting themselves against a potential significant financial loss and a damaged reputation. Cyber insurance is at hand to safeguard those against external cyber threats.”

To discover more cyber security advice, visit our Knowledge centre.

Please note: This article provides guidance for information purposes only. It should not be relied upon wholly when making or taking important business decisions – always seek the services of an appropriately qualified professional. The views expressed by websites referenced to are limited to those of the websites, and do not necessarily reflect the views of Markel Direct.