SECURITY BREACH? CALL 888.234.5990 EXT 9999

When Disaster Strikes: What To Do In Case Of a Cybersecurity Emergency

Cybersecurity emergencies come in a variety of forms and have varying impacts on your organization’s security. In our recent experience, the ones most likely to cause significant losses—of data, money, and productivity—are ransomware attacks.

Ransomware attacks were more than three times more prevalent over the course of 2019 than in the previous year. They’re also more carefully targeted, exploiting businesses that the bad guys know will be able to pay the ransom. As a result, the average payment grew to $36,295 by mid-2019, costing businesses a total of about $8 billion per year.

But there are ways to stop these attacks or at least mitigate the damage they do. Organizations that invest time and effort into Business Continuity and Disaster Recovery (BCDR) planning can significantly decrease their chances of experiencing significant financial losses or other lasting damage from a cyberattack. The BCDR planning process starts with risk assessment and business impact analysis. Your team should evaluate which systems and applications you need to maintain business-critical operations, and then develop procedures that ensure your company can get back up and running within a timeframe that’s acceptable to your stakeholders.


By taking the following steps, you can protect your business from the majority of cybersecurity risks, including ransomware attacks. Most data breaches start small and then, if the hacker’s activities aren’t detected and stopped, they’ll escalate their efforts into a full-blown attack.

Key things you can do to avoid getting to this breaking point include:

  • Enact proper security monitoring
  • Put together a solid (and well-tested) backup strategy and recovery plan
  • Make sure that software is patched regularly and that systems aren’t so outdated that they can’t be maintained securely.


In the event of an attack, if your business does finds that data has been encrypted or stolen or IT systems have otherwise been compromised, we recommend you take the following steps:

Step One: Take a Complete Damage Assessment

A quick response is critical. Identify exactly which systems or components have been compromised, determine the precise extent of the damage, and identity the strain of ransomware or other malware involved in the attack so that you can understand what you’re dealing with.

Step Two: Plan and Follow a Disaster Containment Strategy

Make sure that all traces of the attackers have been removed from your network before you begin the process of restoring from backups. You will also need to utilize forensics to confirm that the original vulnerability that allowed them to enter your system has been identified and fixed.

Step Three: Restore from Data Backups or Replace Components as Needed

Ideally, you should be backing up frequently enough that you won’t lose enough data to interrupt your operations after you perform your recovery. If you’ve been a victim of a successful attack, it may also make sense to replace outdated hardware or software with newer versions to protect your business from similar cyber attacks in the future.

Don’t let the prospect of a cybersecurity emergency keep you up at night. Instead put your focus on preparation so you can minimize the risks and have the right tools in place to react quickly and make a fast recovery if you are breached. Need help getting started? Contact us and learn more about our CISO Advisory Services.