Incident Response

Been Hit by a
Cyber Attack?

Don't panic. Follow this step-by-step guide for the first 72 hours. Every minute counts — but the right actions matter more than speed.

Critical Mistakes to Avoid

×

Paying the ransom without consulting experts (no guarantee of data return)

×

Turning off affected machines (destroys forensic evidence)

×

Delaying DPC notification beyond 72 hours (GDPR penalty risk)

×

Communicating publicly before understanding the full scope

×

Assuming backups are clean without verification

The First 72 Hours

Follow these steps in order. Each phase builds on the previous one.

Hour 0-1: Contain the Breach

Isolate affected systems from the network immediately

Do NOT turn off affected machines (preserve forensic evidence)

Change all administrative passwords

Document everything — times, actions, observations

Hour 1-4: Assess the Damage

Determine what systems and data are affected

Identify the type of attack (ransomware, data theft, BEC)

Check if backups are intact and uncompromised

Activate your incident response team or contact experts

Hour 4-24: Notify and Respond

Notify the Data Protection Commission (DPC) if personal data is involved (72-hour deadline)

Contact your cyber insurance provider

Brief senior management and legal counsel

Begin forensic investigation to determine root cause

Hour 24-72: Recover and Restore

Begin restoring systems from clean backups

Implement additional security controls to prevent re-infection

Communicate with affected customers or partners if required

Document lessons learned and update incident response plan

After the First 72 Hours

Once the immediate crisis is contained, you need to focus on three things: full recovery, root cause analysis, and preventing it from happening again.

Full Forensic Investigation

Understand exactly how the attacker got in and what they accessed

Business Continuity

Restore operations while maintaining security controls

Regulatory Compliance

Complete DPC notifications, customer communications, and documentation

Security Improvements

Implement controls to prevent the same attack from succeeding again

Need Immediate Help?

If you're currently dealing with a breach or attack, we can help. Our team has experience guiding Irish businesses through incident response and recovery.

Read: Post-Breach Recovery Full GuideBuild a Security Strategy (Prevent Future Attacks)

Prevention Is Better Than Recovery

The best time to prepare for a breach is before it happens. A vCISO can help you build the security programme that prevents attacks and ensures rapid recovery.

Cookie Preferences

We use cookies to enhance your experience, analyze site traffic, and serve targeted content. By clicking "Accept All," you consent to our use of cookies. You can manage your preferences in our cookie policy.