Any provider of professional services should always have a rehearsed plan in place for how to respond to a cyber security breach. A serious breach affecting a large organisation might necessitate the instigation of an incident room , with adequate resources in terms of clean air-gapped hardware ring-fenced from the rest of a compromised network and the requisite staff. A clear timeline should be set out detailing the approved step-by-step strategy for responding effectively at a time of crisis, in particular if the presence of personal data in the breach will necessitate reporting the matter to the UK ICO within 72 hours of the date of knowledge of the breach.
It is essential that in the immediate aftermath of such an incident your organisation does everything it can to contain the situation. This means engaging with the key organisations, including regulators, insurers, suppliers, law enforcement and others as necessary, without delay in order to limit the damage and bring about the best possible result in rectifying it. Remember that usual day-to-day activities such as operating a compromised client account could be regarded as a breach of trust by a regulator like the SRA and may also constitute serious misconduct because of the impact on clients.