With cyber crime on the rise, it’s becoming a matter of when, not if, a business will be the victim of an attack. So it’s vital to have a well-developed response plan ready to go in the event of a ransomware attack or other cybercrime.

Here are five of the key steps to take. 

1. Trigger your disaster recovery plan and contact your insurer

Your approach to cyber security should have a clearly articulated strategy which you can learn more about in our recent blog on Cyber attack protection. You should also immediately contact your cyber insurer, who may be able to appoint an experienced forensic expert to assess the damage from the attack. These experts can investigate how the attack occurred, the strain of ransomware or other attack, and can suggest other remediation steps.

At this stage, you may want to seek advice from a professional about disclosing the breach to government bodies, regulators and other stakeholders, including affected customers and staff.

2. Restore stolen data from backups

Ideally the business will have recently backed up its data and system externally to servers that are not connected to the main network. That way, the criminals can’t delete the back up and the business can be backed up and running in a relatively short time space.

How frequently to undertake back-ups depends on the nature of the business. As a general rule, the greater the frequency and number of transactions the business does, the more regularly it will need to back up this information. For some businesses, it will be minute-by-minute. For others, back-ups once a day are sufficient.

3. Make a commercial decision about paying a ransom

In general, it’s inadvisable to pay criminals a ransom after an attack. But from time to time, businesses may have no choice but to take this step. This is often when they have not adequately backed up their data, and paying a ransom is the only way to get access to it.

This is even more reason to ensure good back up hygiene. If there’s no choice but to pay a ransom, your insurer may require proof the criminals are in possession of the data before any money is transferred.

4. Implement a post-recovery plan

Once you have access to your data, it’s time to get back to business. This starts with a health check of the network.

Be aware any initial attack may be a distraction from a larger attack to a different part of the IT system. Exploring that possibility should be a focus of the health check.

Post-recovery activities may also involve work to restore the business’ reputation among its clients and other stakeholders. Follow expert advice to implement policies and procedures to help reduce the risk of future cyberattacks. Develop clear and timely communication, so no one is kept guessing about the actions you’ve taken to better protect your business.

5. Check and recheck the network

After an attack, perform regular scans and penetration tests. This involves trying to find vulnerabilities in the system so you can understand what needs to happen to reduce the risk of hacks.


Your AIB Business Insurance broker can help you perform a risk assessment of your business to help ensure the right mechanisms are in place to withstand a cyberattack and recommend the appropriate cyber insurance policy. Contact us today to find out more.

Important note

This general information does not take into account your objectives, financial situation or needs.  Information is current as at the date the article is written but is subject to change. 

Steadfast Group Ltd ACN 073 659 677