Date posted: 15/02/2021 5 min read

So you’re hit by a data breach. What happens next?

Cybersecurity is vital, but businesses must also map out what to do if they suffer a successful cyber attack.

In Brief

  • Businesses and professional services firms should need to have a business recovery and continuity plan in case of a successful cyber attack.
  • Professional services firms should be particularly vigilant, as they are more “attractive” to attackers because of the amount of data they hold.
  • If a business is unprepared, the downtime after an incident may be more costly than any ransomware demand.

Business leaders no longer need to be told how important cybersecurity is. COVID-19 and work-from-home orders have ensured that even the most sceptical business leaders now understand the role cybersecurity plays in ensuring day-to-day operations.

In Australia, the Office of the Australian Information Commissioner (OAIC) recorded 539 notifiable data breaches from July-December 2020, with 310 (58%) caused by a malicious or criminal attack.

New Zealand’s National Cyber Security Centre reports there were 339 cybersecurity incidents in the 12 months to 30 June 2019.

And in January 2021, the Reserve Bank of New Zealand suffered a data breach related to a compromise of a third-party file sharing service, Accellion FTA, used to share files with external stakeholders.

Organisations rightly implement cybersecurity strategies and invest in infrastructure to defend against malicious attacks and threats. However, while preventing cyber attacks is important, it’s just as important for businesses to think about “what happens next” if they are to fall victim to an attack.

Post-breach downtime is the huge cost

Data gathered for Datto’s 2020 Global State of the Channel Ransomware Report shows the average cost of downtime for Australian businesses overshadows the ransom amounts cybercriminals set.

Most Australian businesses, on average, receive ransom requests of up to $2K, however the real cost of a ransomware attack is caused by downtime; 43% of businesses across Australia and New Zealand that have been hit by ransomware report losing between $10,000 up to $100,000.

The same data paints a grim picture for the professional services industry such as finance and accounting. These sectors are the most vulnerable to ransomware attacks, with 28% of these service firms in Australia and New Zealand being attacked.

So what does this all mean? For a start, professional services firms should be particularly vigilant, given they’re the most attacked and are more “attractive” to attackers because of the amount of data they have.

It also means that while it’s important to invest in technology that will protect against a cyber attack, businesses must also consider how they will deal with a “successful” cyber attack in the most cost-effective way.

How to reduce downtime and get back online

When a business suffers a cyber attack that halts operations, the most pressing matter is getting the business back online.

In some instances this can take days or weeks, which will have major implications for the organisation, and its customers and employees. Getting the business up and running again is mission critical.

“Getting the business up and running again is mission critical.”
James Bergl

As part of an organisation’s cybersecurity strategy, a plan should be developed on how the business will become operational again in the wake of a cyber attack.

Investing in a reliable business continuity and disaster recovery (BCDR) solution should be part of that plan.

Effective BCDR solutions back up businesses’ assets to ensure that if disaster strikes (either a cyber attack or natural disaster), the organisation doesn’t suffer a long and drawn-out downtime. With a reliable BCDR in place, those weeks of downtime previously mentioned can be slashed to minutes.

Getting back online is only half the job

If an organisation has been able to get back online quickly, customers may not notice the disruption to services. But it’s still important to notify them of the incident, and to do so in line with Australia’s Notifiable Data Breaches (NDB) scheme or New Zealand’s Privacy Commissioner under the Privacy Act 2020.

Under the NDB, any organisation or agency must notify affected individuals and the OAIC when a data breach is likely to result in serious harm to an individual whose personal information is involved.

According to the OAIC, “a data breach occurs when personal information an organisation or agency holds is lost or subjected to unauthorised access or disclosure. For example, when:

  • a device with a customer’s personal information is lost or stolen
  • a database with personal information is hacked
  • personal information is mistakenly given to the wrong person.”

As part of the notification to individuals, organisations must include recommendations about the steps they should take in response to the data breach – this could include updating login credentials and/or notifying banks.

Have a post-attack plan before it happens

As you can see, the NDB scheme is not quick and simple for businesses to follow, particularly in a time of high pressure following a breach.

This is why it’s critical for businesses to think of how they will manage and respond to a cyber attack before it happens, and to incorporate it into their cybersecurity strategies. It’s every bit as important as investing in technology to prevent attacks.

No organisation wants to be the victim of a cyber attack; it creates a number of unforecast costs and has the potential to cause significant reputational damage.

Unfortunately, in modern business, cyber attacks will always occur and it’s important to invest in infrastructure that will protect against them.

However, in the event that infrastructure doesn’t stop a cyber attack, businesses must have a plan in place on how they will effectively deal with the incident.

Read more:

Cybersecurity: What is your weakest link?

CFOs who think cybersecurity isn’t their problem face a rude awakening says George Weston Foods’ CFO, Lorna Raine CA.

Read more

5 cybersecurity essentials for small business

A cyber attack can be disastrous for accountants and financial advisers. Here’s how you can protect your business.

Read more