Preparing For and Responding to a Cyber Attack: What You Need to Know

In today’s digital landscape, cyberattacks are not a matter of if but when. Whether you’re in education, healthcare, retail, or any other sector, your organisation must be ready to act swiftly when data is compromised. Drawing on key insights from the legal session at our cybersecurity event at Sophos in July 2025 with Helen Tringham, Partner at Mills and Reeve, this post explores what businesses should do before and after a cyber-attack strikes.

Before the Breach: How to Prepare

  1. Have Robust Policies and Procedures in Place

Preparation starts with solid governance. Make sure your organisation has clear, accessible policies that detail:

  • What constitutes a data breach
  • Who to notify internally
  • How to escalate incidents
  • Steps to preserve evidence

Most importantly, train your staff. Employees are often the first line of defence and sometimes the first point of failure. As Helen noted, confusion about what qualifies as a breach or how to report it can quickly escalate into regulatory trouble.

  1. Map and Minimise Data Collection

A real-world example shared during the session involved a data controller provider storing scans of employee passports. Over 1,000 of these were later leaked on the dark web. Ask yourself:

  • Do we need to store this personal data?
  • Where is it stored and how is it protected?
  • Who has access?

Minimise sensitive data wherever possible and be intentional about storage security.

  1. Run Simulations and Build Incident Response Teams

Have designated response teams and run table-top exercises. Senior leaders shouldn't attend every meeting, but the right information must be passed on efficiently. Practice builds readiness.

  1. Get the Right Insurance and Understand It

Cyber insurance can be a game-changer if it is activated correctly and promptly. But policies are becoming harder to claim against, with clauses about outdated systems or slow reporting. Make sure you:

  • Ensure your systems comply with policy requirements
  • Understand what is and isn’t covered

After the Breach: What to Do When It Happens

  1. Act Quickly to Contain the Incident

Time is critical. Delays in containment increase both damage and cost. Some organisations may manage incidents internally, but many benefit from early expert support. Spending money early often saves much more later.

  1. Notify the Right Authorities Promptly

Under UK GDPR, you must report certain data breaches to the Information Commissioner’s Office (ICO) within 72 hours of anyone in your organisation becoming aware of it, not when IT formally confirms it. If your team doesn't know how to report, you risk penalties and reputational damage.

You may also need to inform:

  • Law enforcement
  • Affected individuals
  • Partner organisations and data processors

Make sure you know who your stakeholders are ahead of time.

  1. Involve Legal and Understand Privilege

Legal guidance is essential post-breach. However, not all documents are privileged. For example, a root cause analysis report, even if created by lawyers, may not be protected. Be clear about what communications are legally shielded and what could be shared in litigation or regulatory action.

  1. Protect Your Confidential Information

If critical data has been posted online or on the dark web:

  • Consider legal remedies, including injunctions against platforms hosting your data
  • Clearly identify and request the removal of confidential or proprietary content

Taking action quickly demonstrates to regulators and partners that you're treating the situation seriously.

  1. Communicate Carefully, Especially if Publicly Traded

For listed companies, communication after a breach must be handled with care. Avoid accidental disclosures that could affect stock prices or breach insider trading rules. In many cases, a temporary communications blackout may better than rushing to make statements that might do more harm than good.

 

The Final Word: Preparedness is Protection

Cybersecurity is not just an IT issue. It affects compliance, legal risk, customer trust, and financial health. As Helen emphasised, the organisations that fare best are those that:

  • Train their people
  • Plan for every stage of a breach
  • Act fast and strategically when the worst happens

Take the time to prepare now. It can save you enormous costs, and your reputation, later.

 

If you're worried about your cybersecurity, we at Intergence are offering a free cyber security assessment and infrastructure audit which you can register for here.