3 Important Steps After a Cyber BreachAugust 22, 2019 - by Matt Scott
Any cyber-related claim can be terrifying for a company, and time is of the essence. There are a few important steps to take in order to streamline the process for a successful investigation.
Read our step-by-step guide to walk you through all the questions and information you’ll need.
Step 1 - Understand the Impact and Determine the Scope
The first step in a cyber breach-related claim investigation is to understand how the issues of the event were identified and the state of the current infrastructure that is in place.
- Who identified the event and how?
- What system infrastructure is in place (i.e. types of servers, how many workstations, etc.)
Step 2 – Confirm the Infection and the Level of Access Reached
The second step is understanding exactly what happened and what that means for the insured.
- What type of attack occurred (i.e. phishing, ransomware/malware, rogue software, password attack)
- What systems were infected?
- What level of access was reached by the infiltrator?
Step 3 – Determine the Extent of the Damage and Repair
Proceed with caution if it’s been found that data was lost or compromised. If lost, it’s necessary to understand implications especially when it involves personal or private information.
- Were the systems involved internal or third-party?
- Did the data loss contain Personal Identifiable Information (PII), Personal Health Information (PHI) or Intellectual Property (IP)?
- Are there legal implications, and if so, is a cyber expert needed?
Recovery and data repair is possible. Cyber breach experts can be retained to assess cause and effect, assist with claim or incident resolution and quantify costs. For more information, check out our full infographic below.
About the Author
Matt, Practice Leader, Digital Forensics, has nearly 20 years of experience, and provides consulting expertise to the insurance, legal, law enforcement, private, and public communities on computer/mobile forensics, cyber incidents and failure analysis. He investigates computer-related crimes, cyber incidents (breach investigations) and/or ransomware. He also has vast experience determining origin and cause of failures, and is highly proficient in multiple programming languages.