Cybersecurity: So You Think You Have a Breach

Posted on 05.08.17

Cybersecurity: So You Think You Have a Breach

Organizations of any size should have some type of incident response plan.  An incident response plan outlines the steps your company takes when responding to cyber incidents.  Smaller companies or companies without complex IT infrastructure might incorporate the cyber incident response plan into their overall incident response plan, which may cover situations like inclement weather, an employee who doesn’t report to work, or other work related emergencies.


Incident Response Plans

Companies with complex IT infrastructure should have a dedicated IT incident response policy that can deal with system outages, performance issues, and cyber incidents.

Incident response plans, as one might expect, should include the steps to follow to identify, contain, and recover from an incident.  But an incident response plan can also address:

  • How to identify severity ratings for an incident
  • Roles and responsibilities
  • Etiquette
  • Employee expectations and more

An important part of responding to a breach is not making the situation worse.  As your technical teams work to deal with an incident, avoid using the word “breach”; use “incident” instead.  The term breach may be interpreted by courts as acknowledgement of stolen data.

Small to Mid-Size Business Cybersecurity

If you suspect you have a breach, your first call should be to your cyber insurer, if you have one.  Your second call should be to your cyber attorney.  Once you have an experienced cyber attorney in your corner, let him or her direct all further activities in responding.  Your attorney will help you make public statements without incriminating yourself, comply with breach notification laws and other regulations, and potentially protect your internal research into the breach under attorney-client privilege to prevent it from being discoverable, should the breach result in litigation.

Actionable Steps

  • Implement, at a minimum, a basic incident response plan 
  • If you think you have a breach:
    • Don't use the word “breach”; use “incident”
    • Call your insurer
    • Call your cyber attorney
    • Do what your attorney says

The content in this article covers just one aspect that small to mid-size businesses need to address for Cybersecurity. 


Interested in learning more about Keiter's cybersecurity services? Contact us. Our Cybersecurity team can provide you with critical insight into your company’s cybersecurity footprint.

Additional Cybersecurity Resources:

The information contained within this article is provided for informational purposes only and is current as of the date published. Online readers are advised not to act upon this information without seeking the service of a professional accountant, as this article is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant.

Posted by: Christopher Moschella, CPA, CISA

Chris is a Senior Manager in Keiter’s Risk Advisory Services. Chris has a strong combination of IT skills, which range from IT audit and internal control assessments, including general computer controls and application controls, to full stack web development. Most recently, Chris developed a Cybersecurity web application that assesses an organization’s resistance to social engineering attacks. Chris shares his cybersecurity insights on our blog