Skip to content
data breach
6 min read

4 Steps to Managing a Data Breach Incident

A data breach is one of the most jarring experiences a GC can have. It happens all the time and is becoming more and more frequent, yet the day it happens to you can be the most unnerving day in your career. 

A fire drill approach to responding can invite more chaos than it solves. The best route to success is through preparation. Yet, even though companies that respond to these incidents quickly can save more than $ million, only 24% of companies have an incident response plan.

What should you include in your response plan? How can you get ahead of an incident that seems more and more inevitable each day? We have a few ideas.

How to Effectively Manage Data Breach Incidents

Don’t wait until the data incident is at your doorstep to start putting a plan together. To give yourself the best chances of surviving a data breach incident, your team can follow this four-step process.

1. Appoint a Response Management Team

First things first, assemble a cross-functional data incident response team that will manage whatever happens. 

Appointing a team that is primarily responsible for anticipating and addressing data breach issues as they come up will help to streamline your incident response. And since time is of the essence, having a team in place can help you to respond to incidents quickly and efficiently. 

Protip: Go through a tabletop exercise to run through scenarios, so the inevitable doesn’t take you by surprise.

2. Take Stock of the Situation

Once the breach has happened, the response team should take stock of the situation: what is the extent of the breach? What kind of data is involved? Who is affected by the incident? What are the reporting requirements?

Keeping a cool head while your team assesses what’s happening might be challenging, but it is important to get all the facts before you can respond appropriately.

20 KPIs Every Team Should Track

3. Fulfill Reporting Obligations

How you communicate to your internal and external customers has far-reaching implications for the success of incident management.

Search your contract repository and filter for applicable law to determine your reporting obligations. How soon after the incident do you need to make a report? What information do you need to include in your reports?

Knowing this will be crucial to maintaining both compliance and your customers’ trust.

4. Learn From the Incident

Congratulations, you’ve survived. And if you were proactive in your approach to incident management, you probably came out of it more or less in one piece. But the work doesn’t end there. 

After the incident, conduct a full debrief with your response team. Has this incident happened before? How likely is it to happen again? Tracking the performance of your response to specific types of incidents over time will give you a clearer picture of your risk profile. 

This can go a long way in helping to manage future incidents better.


It is impossible to completely avoid data incidents. Given how common breaches are and the breadth of data available on the internet, your best bet is to be prepared for the eventuality, not just completely avoid it from happening at all. These three steps – prepare, respond, and recover – are a great roadmap to keeping your business going and ready for whatever challenges lay ahead.

Want to learn how LinkSquares can help you prepare for potential data breaches? Request a demo today.