Cyberattacks: The First 72 Hours

As everything becomes digitized these days, it can feel like being on the receiving end of a cyberattack is inevitable. Regardless if your organization already has a plan in place to prevent this, or if you are working on creating one, it’s important to understand what to do in the first 72 hours after a cyberattack.

1. Mobilize your cybersecurity response team.

Douglas Williams, president and CEO of Williams Data Management, strongly recommends taking this key action immediately following a cyberattack. “Assemble a business continuity team, including IT and data forensics experts, and have them determine the size and scope of the vulnerability,” he said. It’s important that each team member knows what to do and what their responsibility is in the event of an attack.

2. Identify the type of attack.

For the team to address the attack appropriately, it’s necessary to identify the type of attack. The source of the attack, the extent of it, and its impact is all vital information.

3. Contain the breach.

Another necessary step is to shut down all access the attacker could have to your accounts and data. Disconnect the affected network from the Internet, disable all remote access to the network, re-route network traffic, and change all vulnerable passwords. The key is to completely deny the attackers access to your system. You can then work to return the system to a hopefully more secure working condition.

4. Assess and repair the damage.

You’ve identified the attack and contained the breach, now is the time to determine if any critical business functions were compromised. See if any data has been affected by the breach and take care of any unauthorized entry points that remain. You may need to reinstall systems, recover backed up data, and repair or replace any damaged hardware.

5. Report the attack.

Promptly report the attack to the proper authorities. Immediately contact the FBI and state and local law enforcement offices. You’ll also want to report the attack to the Secret Service’s Electronic Crimes Task Force, as well as the Internet Crime Complaint Center and the Federal Trade Commission. If you have cyber liability coverage, be sure to contact the claims department as soon as possible.

6. Communicate with the public.

If you have a PR person or department, it’s best to speak with them on how to communicate the cyberattack with customers and the public. This is especially important if anyone’s data was possibly compromised. Being upfront and honest will help keep the public’s trust.

7. Learn from the experience.

Take this opportunity to go over training with employees, sketch out an even better plan for next time this could possibly happen, and be sure to fix any mistakes that were made.

Member Resources

The best fight against cyberattacks is being prepared and training your staff. Taking these critical steps if something does go wrong will help reduce the impact on the business and the public.

For more resources on cybersecurity, you can sign up for our no-cost member resource, eRisk hub, at or complete a cyber assessment with us to qualify for a higher sublimit, with an increase from $200K to $1M. For any questions, email us at

The owner of this website has made a commitment to accessibility and inclusion, please report any problems that you encounter using the contact form on this website. This site uses the WP ADA Compliance Check plugin to enhance accessibility.