Do you know what to do if your organization is hacked? We walk you through 8 steps you need to take to protect your business, clients, and customers. For even more cyber safety tips, check out aicpa.org/cybersecurity.

1. 8 steps to take if
your organization
is hacked

2. 1. Contact your insurance carrier or advisor
If you have cyber insurance, the first thing you should
do is contact your carrier. They can provide you with
resources to help you through the next 7 steps. If you
don’t have a cyber policy in place, you’ll still want to
read on – but seriously consider investing in one!
2

3. 2. Identify breach details
You need to determine the extent and scope of the
hack or breach. Consider working with a forensics
expert to identify how long ago the breach occurred,
how it occurred and what data has been exposed.
3

4. 3. Consult with legal experts and regulators
Once you know what data has (or potentially has)
been exposed and to what extent, your legal team
can help you navigate your obligations. Keep in mind
that the state where an impacted individual resides is
the law that will apply – and each state has differing
requirements for regulatory agency notification,
impacted party notification and credit monitoring.
4

5. 4. Notify parties and monitor credit as necessary
State laws differ on who you’ll need to notify and how
quickly, but be prepared to do so. You’ll need to mail
notifications and either hire a call center or establish
one within your existing staff. And whether mandatory
or voluntary, you’ll likely obtain a credit monitoring
provider. Even if not required by law, doing so could
help reduce loss of clients or harm to a business’s
reputation.
5

6. 5. Take steps toward remediation
What caused the breach in the first place? If it was
human error, additional training may be required of
your staff. Regular training is one of the best
prevention methods.
If it was a systems issue, you may need to hire IT
consultants to help you secure your current system or
install upgrades in security software.
6

7. 6. Restore data
IT consultants will need to help you restore whatever
data was lost or stolen. The longer it’s been since
your last data backup, the more tedious this task
could be. That’s why your organization should always
back up data on a regular basis.
7

8. 7. Manage public relations
Depending on the extent of a breach, you may need
to hire a public relations firm. Getting in front of a
situation as quickly as possible can help mitigate
reputational harm and lost business. Experienced PR
professionals can help get your message out promptly
and effectively.
8

9. 8. Involve law enforcement
Contact your local FBI office directly or go through an
attorney that specializes in data breaches. The FBI
can describe the current cyber threat landscape and
provide an understanding of how they’re able to assist
in the event of a data breach.
9

10. 10
For more information on cyber
best practices, visit
aicpa.org/cybersecurity.
This information has been adapted from the document “HACKED! Building defenses
against and responses to intrusion,” a publication by the American Institute of CPAs