Skip to main content

Best practices after a cyberattack

March 16, 2023
clock 4 MIN READ

You’ve been hit! An unexplained withdrawal from a bank account, missing mail, unfamiliar credit card charges, bills for services unrelated to you, an IRS notice with incorrect information or worse, a direct notice of a data breach, or receipt of an extortion threat. Cyberattacks are a regular occurrence in our global, virtual world. The range and type of cyberattacks against individuals and businesses are becoming more and more complex.

When it comes to learning about cybersecurity, most content focuses on preventative measures. But what should you do after an attack has occurred?

We recommend you focus your attention on the following: triage, remediate, insurance and prevention.


While assessing the situation is naturally the first step in this process, a quick response is also required. Many of the triage and remediation steps below should occur simultaneously. Initial assessment steps may include:

  • Attempt to identify all avenues for attack, including personal computers, tablets, phones, browsers, social media, email and recent travel.
  • Attempt to identify all the data that has been impacted particularly financial data.
  • A review of your credit reports for inaccuracies is taking an initial step.
  • Engage a professional expert/consultant to help evaluate the extent of the attack and provide alternatives for triage and corrective measures, including ongoing monitoring.


A response, as quickly as possible, is as important to reduce further exposure to harm as any specific activities. The nature of your breach and attack will dictate which items are relevant to you.

  • Disconnect all devices from the internet.
  • Place fraud alerts on your credit reports through each credit agency and consider a soft freeze on all credit cards.
  • Request new credit cards.
  • Change all passwords.
  • Close the accounts you suspect were tampered with or opened fraudulently.
  • Depending on the nature of the attack, you may need to contact some or all of the following organizations.
    • Call banks for the theft of an ATM/debit card, paper check fraud or unauthorized transactions.
    • Call all your credit card companies to report errors within 60 days.
    • Notify the credit reporting companies, especially if you suspect identity theft.
    • Call the Social Security Administration and Internal Revenue Service (IRS) for Social Security number misuse or theft (including attempt to secure your tax information).
    • Inform the Securities and Exchange Commission (SEC), broker and/or account manager about an investment account attack.
    • Alert the local U.S. Trustee Program office if a false bankruptcy was filed in your name.
    • Contact debt collectors to freeze collection action on fraudulent accounts.
    • File a complaint with the Federal Trade Commission (FTC) for consumer fraud.
    • Contact every healthcare provider (doctor, pharmacy, clinic, lab, health plan).
  • Report the incident to law enforcement, especially if the hacker attempts to communicate with you, negotiate terms or if child identity theft is involved.
    • File a report with your local police in the community where the identity theft occurred.
    • Report wire fraud to the Federal Bureau of Investigation (FBI).
  • Contact your attorney for breach reporting to create some legal protections.
    • Consider using a reputable data recovery specialist; it may be required depending on the scale.
    • Consider hiring a forensics firm to audit and ensure that your data and systems are clean.


Review your insurance policies to identify which terms and conditions may apply to your attack. If you don’t have ample protections, consider cyber insurance as a part of the next step (prevention) to shift the risk.


Preventative measures reduce risks for future attacks and help ease the pain should an attack happen again. Some of the best practices include:

  • Create a crisis response plan (incident response plan).
  • Retain a cybersecurity firm to annually assess your risks.
  • Secure your devices: maintain secure passwords and create two-factor authentication.
  • Update anti-virus protection and firewalls.
  • Secure and back up all digital data.
  • Track data usage and assess data sensitivity; be aware of who has access to it.
  • Educate your family.
  • Be vigilant on the internet and set security settings to the highest protection level.
  • Be responsible on social media.

Engaging in a cyber-risk evaluation process helps you understand when and how your exposure changes over time, as well as what risk management strategies are most effective. Through strategic planning, you can help protect your family and business from malicious cybercriminals. Before making any decisions, consult your wealth managers and risk management professional for further information.

Neither SEI nor its affiliates offers insurance products. Readers should consult with a qualified insurance professional.

Neither SEI nor its affiliates provide tax advice. Please note that (i) any discussion of U.S. tax matters contained in this communication cannot be used by you for the purpose of avoiding tax penalties; (ii) this communication was written to support the promotion or marketing of the matters addressed herein; and (iii) you should seek advice based on your particular circumstances from an independent tax advisor.

SEI Private Wealth Management is an umbrella name for various life and wealth advisory services offered through SEI Investments Management Corporation (“SIMC”). SIMC also provides various wealth services under the umbrella name SEI Private Wealth Management.

A greenish-brown large leaf on a pile of smaller brown leaves, representing adaptability

Talk with us.

See your wealth through a new lens. If you're like other wealthy individuals, you might be surprised at the gap between your goals and the wealth you've set aside to attain them.

Contact us

More reading

Check out these articles for more wealth insights.