4 Things to Do Right After a Cyber Attack

It’s every financial institution’s biggest nightmare – experiencing a cyber-attack. In our last article, we explained how to implement a cyber-response plan. As so much confidential information is held at banks, it can have devastating effects and you might be scrambling to put that plan in action. However, with the right Cyber Liability Insurance program and the urgency to complete the following four tasks, you can recover promptly and minimize damages.


First, detect and identify what happened. Time is of the essence here, so a sense of urgency is key. As per the cyber-response plan, a team of IT professionals, communications, finance, legal, and HR should already be in the know. This team should identify compromised devices and analyze the malware to determine how it got in, its behavior, its diffusion and any stolen data. Furthermore, the team should also examine compromised devices to determine indicators of compromise (IOCs), and collect log data from as many sources as possible for further analysis, states Innovation Insights.

Contain the incident.

The team should next determine whether they should contain or not contain the attack. Once the nature and severity of the breach is identified, it needs to be managed. However, blocking access immediately and disabling systems can give the attacker the impression that the institution knows it’s under attack, potentially giving the attacker time to lay dormant and continue the breach once the company has “fixed” the breach.

Remove malware.

According to a 2013 report from Solutionary, organizations spend up to 30 days recovering from malware attacks, at a cost of over $3,000 per day. This includes killing active processes, removing sensitive information from databases, disconnecting affected hosts, and more. Bear in mind that this process takes time and more importantly – money.

Be proactive.

Just as companies learn from attacks, so do the attackers. Be proactive about scanning for malware, updating software as it becomes available, and also staying current with threat intelligence options.


About FGIB

Since 1983, Financial Guaranty Insurance Brokers has distinguished itself as a provider of Professional Liability, Cyber Liability, and Crime insurance products for financial entities, in addition to providing crime insurance and general business insurance products to a number of firms across the United States. We offer both first party and third party cyber liability coverage to give you the protection you need and the peace of mind you deserve. To receive timely, personalized service from knowledgeable and experienced staff, call us today at (626) 793-3330 to speak with one of our professionals.