Service

Security incident and data breach response

When an incident or data breach happens, hours count. We help you take control of the situation, limit the damage and meet your obligations, instead of panicking alone.

  • ISO/IEC 27001
  • 3000+ workstations
  • Since 2017

A security incident is not only a technical problem, but also a legal and reputational one. We support your company on each of these fronts: stopping the attack, analysing what happened, notifying the data protection authority and restoring normal work.

What we do during an incident

From the first call to closing the case and drawing conclusions so it does not happen again.

  • Containment and isolation

    We cut off infected systems and accounts to stop the spread and limit the reach of the damage.

  • Event analysis

    We establish what happened, how, and which data was at risk. Without that, an effective response is impossible.

  • Notification and compliance

    We help assess the duty to notify the data protection authority and prepare documentation aligned with GDPR and NIS2.

  • Restoring operations

    We restore data from backups, bring services back up and close the gaps through which the incident occurred.

The first hours decide the scale of the damage

The most common mistake after detecting an attack is acting in panic: deleting traces, shutting everything down or paying the ransom without analysis. This usually makes the situation worse and makes it harder to later establish what happened and which data leaked.

An orderly response looks different. First isolation and preservation of evidence, then analysis and decisions, including about notification. This way you limit the damage, meet your legal obligations on time and get back to work faster, not more chaotically.

How we respond

To a plan, not in panic. Step by step, with clear communication.

  • urgentresponse to an incident report
  • 72 hwindow to notify the data protection authority
  • evidencewe preserve traces of the event
  • lessonsrecommendations after the incident
  1. Emergency contact. We take your report and set priorities right away. You know what to do and what not to do first.
  2. Containment and analysis. We isolate the threat, preserve evidence and establish the course of the event and the scope of the data.
  3. Notification and closure. We support the notification, restore operations and prepare recommendations so the risk does not recur.

How we bill

This service is billed as a fixed monthly subscription.

See ongoing care pricing

Frequently asked questions

What should you do first after detecting an incident?

Do not act in panic. Do not delete traces or pay a ransom without analysis. Contact us and we will help isolate the threat and preserve evidence, which is the basis for an effective response and later notification.

Does every data breach have to be reported to the data protection authority?

Not every one, but the assessment has to be made quickly, because you usually have 72 hours from confirming the breach to report it. We help assess the obligation and prepare documentation aligned with GDPR.

Will you help if we are not a regular client of yours?

Yes. We can support incident response on an ad hoc basis. Once the situation is under control, we often propose monitoring and safeguards that reduce the risk of further events.

What do we get after the incident is closed?

A summary of the event, a list of actions taken and remediation recommendations with priorities. The goal is not only to put out the fire, but to remove its cause.

See what peace of mind with IT costs

Answer 2 questions about your company. You will see a simple estimate right away, and we will prepare a full proposal within 24 business hours.

  • 2 minutes, no commitment
  • You talk to an engineer, not a salesperson
  • No spam, one contact about your quote