Response team

  • Form a response team that involves Business, IT, Legal and Communications
  • Involve external expertise to the extent not available in-house
  • Set up reporting structure to Executive Board
  • Schedule regular conference calls and discussions
  • Document major decisions
  • Maintain legal privilege



  • Establish scope of incident
  • Secure, mirror and/or take offline critical systems and information (e.g. accounting, R&D)
  • Ensure IT systems used by response team are safe
  • Secure evidence such as log files
  • Establish notification obligations under law and contract
  • Make sure sufficient company resources are available


Regain control

  • Secure computers of management
  • Determine timelines and actions for resolution
  • Set up monitoring of attacker’s actions to ringfence incident
  • Determine scenarios and appropriate responses
  • Establish “trigger list” with potential international legal obligations
  • Prepare holding statement to answer unexpected press questions



  • Investigate vectors of attack
  • Investigate modi operandi attacker
  • Involve law enforcement and/or security agencies (where appropriate)
  • Liaise with companies in same sector (where appropriate)
  • Consult external IT expertise (where appropriate)



  • Determine avenues to terminate attack
  • Do not alert attacker before ready to take decisive action
  • Establish D-Day for termination of attack
  • On D-Day, cut off all known command and control
  • On D-Day, block any known IP addresses
  • On D-Day, perform full swipe of network
  • Implement disciplinary action (e.g. inside job)



  • Prepare press statement and Q&A
  • Prepare customer communication
  • Ensure sufficient communication resources
  • Establish response to (threat of) litigation



  • Determine appropriate level of security for industry
  • Review security measures and policy (passwords, patching, etc.) accordingly
  • Set up durable IT security monitoring for company systems
  • Perform periodic audit of IT security
  • Implement cybersecurity incident response procedure
  • Subscribe to ISEC’s and other sources of information re threats.

Cybercrime is an increasing threat to companies, their intellectual property and their operations. Persons who commit cybercrime range from teenagers to criminal organizations and from competitors to state-sponsored groups. Cybercrime can cause loss of financial control, liability towards customers and suppliers and significant damage to operations and reputation. Moreover, legislation increasingly requires companies to report security breaches to governmental authorities and notify customers of loss of personal information.

Our firm specializes in the international legal and project management challenges associated with cybersecurity. In case of incidents, our firm can provide immediate assistance in addressing legal needs, setting up a response team and bring you into contact with leading experts in the fields of forensic IT and press communication. We also maintain good relationships with Dutch and international law enforcement and security agencies, which we can involve where appropriate.

This solution provides the key steps for cybersecurity incident response.

We keep track of you on our site with cookies, in order to offer the basic functionality of the website and generate user statistics on an anonymous basis to make our website more user-friendly. We do not use or share your data with third parties for advertising purposes.
Accept cookiesChange cookiesClick here for more information about our cookies.