Skip to main content
Risk Management Bulletin


By February 3, 2014No Comments

Hackers breach dozens of business web sites every day – and too many of these break-ins remain undetected due to the sophistication of the attacks and/or a lack of cybersecurity awareness among the victims.

Once you realize that bad guys have hacked into your site and stolen customer data, here’s what you should do, advises Ilia Kolochenko, CEO of internet security firm High-Tech Bridge SA (Geneva, Switzerland):

First, as soon as you learn how your site was compromised, patch the vulnerability or weakness hackers used to get in – otherwise you’re leaving yourself wide open to more hacks.

Next, notify all customers whose personal data was stolen to change their passwords immediately. Assure them that you’re investigating the breach and will do your best to make sure it will never happen again. Although this notification is essential for the security of your customers (as well as a legal obligation), let them know individually; do not publicize the incident. Hackers often carry out break-ins in order to harm a company’s reputation for providing a secure site.

Finally, file a criminal complaint against the attackers, even if they’re hidden behind a chain of proxy servers. It’s the job of law enforcement and security companies to identify and prosecute hackers. Don’t be too optimistic; many of these cybercrimes go unsolved. However, reporting the break-in might well bring results – and will show customers you’re committed to keeping their data safe.

The bottom line: do all you can to protect your web site against hackers – and be sure to invest in comprehensive cyber liability insurance coverage that can minimize losses to your business.

We’d be glad to review your exposure to cybercrime and recommend the policy that’s best for you.