You’re under attack and the clock’s ticking…

You’re under attack.

Your systems are down. People are panicking. And the clock is ticking.

No, you haven’t been transported to the Counter Terrorism Unit and an episode of 24. But this is what the first 24 hours of a cyber-attack looks like.

The golden hour(s)

Much like when people go missing, the first 24 hours after a cyber-attack are the most critical. But what actually happens behind the scenes? Here’s a glimpse into the first 24 hours after a cyber-attack*. Tick tock…

00:00:00 – 01:59:00 | Calling Cyber Response

If you have Cyber Insurance, you’ll be calling your broker (if they have an in-house claims team) or your insurer’s Cyber Response Line. It’s like 999 but for cyber-attacks.

02:00:00 – 03:59:00 | Emergency teams standing by

Cyber insurers are ready to provide high-levels of emergency support within just a few hours of a breach. They’ll have forensic, PR, legal and credit monitoring teams on standby which they’ll activate as soon as they get your call.

04:00:00 – 05:59:00 | Activating forensics

Your insurer will deploy a technical forensic team to check your systems, find out how the hackers got in and identify any damage. Their priority is to secure your system and close any loopholes or access points so no one else can get in.

06:00:00 – 07:59:00 | Deploying IT support

While the forensics team carry out initial investigations, you’ll be getting your IT department or outsourced IT support up to speed and ready to help the forensics team.

08:00:00 – 09:59:00 | Initiating comms plan

While systems are being secured, you’ll be notifying your board of directors and/or risk management team, and communicating with team members. Since your usual communication methods may be down, it’s a good idea to store personal contact details somewhere that would be accessible in an emergency.

10:00:00 – 11:59:00 | Checking back-up data & securing the perimeter

If you have a data back-up, you’ll be checking to see if this has also been breached. Meanwhile, the forensics team will be conducting a deeper investigation to make sure the hackers haven’t left or embedded anything else in your system for a future date.

12:00:00 – 13:59:00 | Reporting to the ICO

If personal customer data has been compromised, you have to report it to the ICO within 72 hours of discovery. So you’ll be logging what’s happened, who’s involved and what you’re doing about it.

14:00:00 – 15:59:00 | Evoking your business contingency plan

If you haven’t already, you’ll be implementing your business continency plan. And if you don’t have one, now could be the time to consider creating one, even if it’s super simple.

16:00:00 – 17:59:00 | PR teams on standby. Legal on standby

Your insurer will have PR experts on standby in case of potential damage to your reputation. They’ll be ready to advise and support depending on the nature of the breach. Your insurer will also have legal experts ready to advise and guide you on any legalities.

18:00:00 – 19:59:00 | Contacting customers and suppliers

Under the guidance of PR experts, you’ll be making a list of any customers and suppliers that you need to contact urgently and what you’re going to say. Since your comms may be down, it’s a good idea to have a back-up of customer contact details.

20:00:00 – 21:59:00 | Credit monitoring on standby

Depending on the severity of the breach, your insurer may involve credit monitoring specialists to identify credit profile changes, which might be a sign of identity theft or fraud.

22:00:00 – 23:59:00 | Negotiating ransom demands

If there’s been an extortion attempt, your insurers will deploy specialist negotiators to ‘buy time’ for the forensics team to investigate the extent of the damage. If the decision is taken to pay, your insurers will help you deal with any demands and arrange the money or cryptocurrency to pay.

24:00:00 | Calculating financial losses & rebuilding systems

Now that the first 24 hours are over and the firefighting is well underway, you’ll be starting to think about potential financial losses. With the help of your insurers, you’ll start to make a plan for rebuilding machines, restoring data and recouping your losses.

We’re no Jack Bauer but in the face of security breaches, forensic investigations and ransom negotiations, we think having Cyber Insurance is a no-brainer.

“Incident Response gives you access to experts who can work at a rapid pace to contain and mitigate the effects of a cyber incident on your IT infrastructure, business income, reputation. Buying some level of cover is better than nothing at all because peace of mind beats uncertainty.” Harshitha Malladi, Cyber Underwriter, Aviva Insurance.

We believe so strongly that it’s a must-have insurance, we’d recommend it even if you don’t arrange it through us. And insurers agree; they’ve made Cyber Insurance more affordable to make it accessible for SMEs.

“We now have smaller minimum premiums on offer for essential covers. The intention is to help businesses thrive and stay cyber safe in a dynamic threat landscape.” Harshitha Malladi, Cyber Underwriter, Aviva Insurance.

*Timings are illustrative and may not be exact

Want to find out how cyber savvy you are? Take our latest quiz, and check out our Cyber Insurance Myths.