Instead, advisors should first call a forensics firm. Advisors with a thorough response plan retain those companies in advance, said Brian Lozada, information security director for Abacus Group LLC, a technology firm supporting hedge and private equity funds.
A lawyer who can navigate state and federal laws on when a firm must notify clients of a breach is also critical. Running afoul of these laws can trigger civil and even criminal penalties. In New York, for example, consequences could include a $150,000 fine, said Michael Yaeger, a New York lawyer who advises firms on cyber security issues.
The burgeoning cyber industry even offers cyber insurance, which can help firms offset the tab for those services and also defray expenses for notifying clients and providing credit-monitoring services. Some policies even cover the cost of one very specific expertise required by firms after hackers have made off with a motherlode of client data: a public relations consultant.