Menu

PNG SECURA Logo

Close

PNG SECURA Logo
SECURA Blog

Create a cyberattack response plan for your small business

Cyberattacks can be devastating for a small business owner. It’s important to create a Cyber Incident Response Plan ready in case your business should fall victim to a data breach.

A man working on his phone and laptop.

As a small business owner, protecting yourself against the threat of cyberattacks is important. The financial, reputational, and emotional cost of a data breach can be devastating – and can threaten your company’s existence. Putting proactive measures in place, including employee training, investing in encryption software, and creating two-step authentication processes, can help reduce the likelihood of a successful attack. It’s equally important for you and your employees to have a Cyber Incident Response Plan ready in case your business should fall victim to a data breach.

Follow these steps to start your plan:

1. Build a Cyberattack Response Team with representatives from all departments that will need to act in response to the attack, e.g., upper management, IT, sales/marketing, communications, HR, and legal.

2. Identify critical company assets most likely to be targeted and vulnerable. This could include employees if their cyber risk knowledge is low.

3. Research, identify, and contract with external expertise and data backup services if you do not have in-house resources and expertise to manage a cyber breach.

4. Create a detailed response checklist to capture the source of the attack, outline how to contain the breach and backup and restore data, and list lessons learned.

5. Develop a communication plan including key audiences, communication vehicles, and timing in the event of a breach. It’s critical that employees, customers, and those whose personal information has been compromised be notified as soon as possible.

6. Practice executing your response plan by testing hypothetical scenarios.

If your company’s data is breached, here are the key processes to remember.

· Investigate the source of the breach and identify the computer or network where the attack originated.

· Attempt to isolate the infected device(s) to minimize damage.

· Evaluate the scope of what data was impacted by the breach.

· Seek legal advice on complying with rules and regulations about reporting a data breach and the legal implications for your business.

· Inform your insurer about the breach, if applicable. Cyber liability insurance coverage may cover the total cost of the incident, or the damages suffered by affected parties.

· Notify all affected parties. If unknown, communicate with anyone potentially impacted by the breach.

· Consider issuing a public statement if the impact of the breach is significant.

· Clean your systems starting with quarantined devices and networks.

· Restore lost data by identifying the most recent backup that was not affected and can be used to restore lost data.

© 2023 The Hartford Steam Boiler Inspection and Insurance Company. All rights reserved. This document is intended for information purposes only and does not modify or invalidate any of the provisions, exclusions, terms, or conditions of the policy and endorsements. For specific terms and conditions, please refer to the coverage form.

Cyber Security

Find an agent

Our independent agency partners will help you compare coverages and share industry insights as you shop for the right insurance policy for your needs.
FInd a local agent

Related articles

Employees talking around a table.
SECURA Blog

How to talk to employees about cybersecurity

As a small business owner, your employees are the first line of defense in preventing a cyberattack. It’s important to talk to your employees about cybersecurity and what to do if something happens.
August 30, 2023 08:23 AM
Learn more
A screen that says "System HACKED"
SECURA Blog

How to deal with ransomware when data is held hostage

Educate yourself on the complexities of ransomware, and the importance of selecting a cyber insurance carrier that provides the coverages you may need.
September 20, 2022 08:00 AM
Learn more
Someone typing on a laptop, over the picture it says "protection"
SECURA Blog

How to prevent a cyberattack

Preparing to protect your business against a cyber-attack should always be on your check list.
April 22, 2020 08:00 AM
Learn more
Load More

Coverages may not be available in all states. Coverages described are subject to all the terms and conditions of the policy, including deductibles, exclusions, and limits of liability. Not all agents are authorized to write all types of insurance. Policies may be underwritten by SECURA Insurance Company or SECURA Supreme Insurance Company, affiliated companies referred to collectively as SECURA Insurance Companies. Please read the policy carefully. Any claim example is for educational and informational purposes only. The information in this document will not be used to determine the coverage of an actual claim presented. All claims are adjusted based on the relevant facts, conditions and coverages at the time of loss. For specific terms and conditions, please refer to your coverage form. Coverage is also subject to applicable deductibles and limits of coverage.

The information provided by SECURA on its Website (the Site) is for general informational purposes only. All information on the Site is provided in good faith, however SECURA makes no representations or warranties of any kind, express or implied, regarding the accuracy, adequacy, validity, reliability, availability, or completeness of any information on the Site. The information contained on the Website is to the best of our knowledge true and accurate at the time of publication, however it is generally to be used solely for informational purposes. The materials on this website are not guaranteed to be correct, complete or up to date. You should not act or rely only on information on this website.

The Site may contain (or you may be sent through the Site links to other websites or content belonging to or originating from third parties or links to websites and features in banners or other advertising. Such external links are not investigated, monitored, or checked for accuracy, adequacy, validity, reliability, availability or completeness by SECURA. SECURA DOES NOT WARRANT, ENDORSE, GUARANTEE, OR ASSUME RESPONSIBILITIES FOR THE ACCURACY OR RELIABILITY OF ANY INFORMATION OFFERED BY THIRD-PARTY WEBSITES LINKED THROUGH THE SITE OR ANY WEBISTE OR FEATURE LINKED IN ANY BANNER OR OTHER ADVERTISING. SECURA WILL NOT BE A PARTY TO OR IN ANY WAY BE RESPONSIBLE FOR MONITORING ANY TRANSACTION BETWEEN YOU AND THIRD-PARTY PROVIDERS OF PRODUCTS OR SERVICES.

UNDER NO CIRCUMSTANCE SHALL SECURA HAVE ANY LIAIBLITY TO YOU FOR ANY LOSS OR DAMAGE OF ANY KIND INCURRED AS A RESULT OF THE USE OF THE SITE OR RELIANCE ON ANY INFORMATION PROVIDED ON THE SITE. YOUR USE OF THE SITE AND YOUR RELIANCE ON ANY INFORMATION ON THE SITE IS SOLELY AT YOUR OWN RISK.

SECURA would like to remind you that the data contained in this website is not necessarily real-time or accurate.

SECURA and any provider of the data contained in this website will not accept liability for any loss of damage as a result of your reliance on the information contained within this website.