Follow your plan— Knowing what to do ahead of time will ensure less damage done and more cooperation with your insurer. A thorough response plan is a key feature of any cyber- security framework. If you don't have one, it's time to make one.
Call your insurer— If you have cyberrisk insurance, your insurer may cover a cyber response team, computer forensics and even public-relations experts. They can help you figure out whether notifying your customers is required by law. Check your coverage and be prepared to arrange for any services not included.
Call your dedicated threat-response team— Whether they are your internal IT department or professionals from outside the office, this should be a group you choose beforehand to handle any attack, day or night. If you haven't established a team, call a few candidates and ask what they would be able to do in case of an emergency and for how much. Then, make sure to notify your choices that they are your go-to team.
Don't touch anything unless an expert says you should— Forensics experts require evidence from your computers and servers that can be lost if they are shut down or lose power. If you suspect that a crime is in progress, disconnect the affected devices from the internet only.