5 Things To Do Immediately After Discovering a Data Breach

The hours after uncovering a data breach are critical, and require immediate action. Here's what you should do.

Remember when we didn’t hear about a new cybersecurity crisis or data breach every single day? We don’t either. These days, it seems like the business world exists in a perpetual state of crisis, and not just because of the ongoing viral pandemic. 

And it’s exhausting. Security professionals and end-users alike are burning out from the constant string of bad news. It’s a phenomenon referred to by Security Intelligence’s John Zorabedian as data breach fatigue

Do not allow yourself to become complacent. Because if there’s one takeaway from the cyberattacks and breaches making the news, it’s that no business, no matter how great or small, is safe. You need to be ready in the event that it’s your organization on the chopping block next.

Because the way you respond after your systems are compromised can make or break your brand. The hours immediately after discovering a breach are arguably the most critical. Here’s what you should be doing the instant you know something went wrong.


Work with security personnel to identify what happened, how it happened, and why it happened. Do not, however, wait until you have all the details to notify customers and stakeholders. Instead, the moment you’re certain a breach occurred, contact your legal counsel, rope in your public relations team, and notify everyone who may have been affected. 


Transparency is the law of the land when it comes to responding to a data breach. Do not downplay the severity of a cyberattack. And do not, under any circumstances, leave out information or avoid notifying the public in hopes that the incident can be contained.

Your business has already been compromised. The damage has already been done. If you fail to provide as much relevant information as possible — or worse, seem confused, dodgy, or haphazard in your response to the breach — you will end up paying for it in the long term.


Know who is responsible for reaching out to everyone impacted by the breach. Have a plan and a process in place for crafting and releasing messaging around the incident. And establish how often and through what avenues you will contact the victims. 

Ideally, you’re going to want to establish multiple lines of communication, including accessible messaging for the hearing and visually impaired. 


Once you understand how a breach happened and have communicated that information to the public, your next step is simple. You need to know how you can prevent it from happening again. While you don’t have to go into detail about your security infrastructure or processes, you do need to establish, in no uncertain terms, that you are taking steps to address whatever vulnerability led to your business being compromised. 

You may wish to bring in a third-party security agency if your internal expertise seems insufficient — in fact, even if you’re confident in your security team, it’s advisable to bring in someone impartial to perform audits and penetration tests. 


Last but certainly not least, apologize. Hold yourself accountable, and avoid making excuses or justifications. Depending on the severity of the breach, you may even wish to make reparations to your customers. 

For instance, in the wake of the 2017 Equifax data breach, the credit reporting agency announced plans to offer free credit monitoring to all affected individuals, as reported by the Federal Trade Commission. Granted, this only came at the end of a long legal battle. Depending on the severity of your own breach, you might find yourself embroiled in a similar lawsuit. 

Accept it, and do what you can to show your customers that you’ve acknowledged your own mistakes and will do whatever is necessary to make things right. 

Don’t Delay

If your organization is the victim of a data breach, a swift response is imperative. You need to immediately spin up lines of contact and connect with stakeholders as soon as possible. Most importantly, you need to take action to prevent such a breach from ever happening again while also working to regain the trust of your customers. 

A breach needn’t be the end of your business, and it needn’t break your brand — but if you botch your response, it can and will.