Stabilise the position first
The immediate priority is understanding what happened, what systems or information are affected and whether the problem is ongoing.
Operational teams may focus on containment, but the legal consequences begin at the same time, particularly where personal data or contractual duties are involved.
Preserve evidence and control communications
Early communications often shape the dispute and regulatory landscape that follows. Internal and external messaging should be consistent, accurate and legally informed.
Evidence preservation is equally important. Logs, decisions, correspondence and technical findings can become critical later.
Think beyond the initial incident
A serious breach may lead to complaints, claims, business interruption, third-party disputes and wider reputational issues. Early legal strategy should account for that broader risk picture.