GWI Australia

The first 3 things to do in the event of a data breach

Written by :


The destruction that can happen when an organisation experiences a data breach can be catastrophic. The longer it takes to detect and contain a data breach, the higher the costs of the breach will be. Costs may include customer communications, investigations, legal costs, business downtime, remediation expenses, regulatory interventions and lost customers.

All organisations are vulnerable when it comes to this modern-day Achilles heel. Breaches will continue to happen in any size company, in any industry and any country. It’s up to those retaining data to ensure they’ve done what they can to secure their data storage systems and are prepared when an inevitable attack happens.

What do I need to do in the event of a data breach?

Here is a breakdown of the first three steps to take if you have been breached:

  1. Contain – When a data breach is suspected it’s imperative you take immediate steps to limit any further access to other information. Have a process in place to respond quickly to a breach, know the best way to respond, understand who needs to be involved in the resolution and identify the steps for business continuity. This is also an appropriate time to ensure evidence is preserved that might help to determine the cause of the breach. A communications or media strategy may also be mobilised to manage public and customer expectations.
  2. Assess – A breach needs to be assessed to determine the cause and extent to which information has been accessed or viewed. A team should be assigned to investigate the breach, gather relevant information and make evidence-based decisions about the breach. If you have reasonable grounds to suspect that the breach could result in serious harm, customer notification will need to occur. If possible, take actions to recover lost information or to change access controls on customer information before unauthorised transactions occur.
  3. Review – A full investigation should be undertaken to prevent future breaches. You should review your legal and ethical obligations to those who have had information stolen. A prevention plan should be identified and implemented, staff training revisited, and security measures audited where appropriate.

With a focus on obtaining personally identifiable information, cyber criminals will continue to push the boundaries if they are able to access data for misuse or sale.

We know that data breaches are not going to stop this year or in the foreseeable future. The Office of the Australian Information Commissioner will implement the Notifiable Data Breaches (NDB) scheme and the requirements for entities responding to data breaches on 22 February 2018. The scheme introduces an obligation to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm.

With 46% of companies suffering reputational damage due to a data breach and 60% of small companies going out of business within 6 months of a cyber-attack, it’s imperative that prevention remain a top business priority.

Related blogs

Stuck on where to start with AI?