What to do after a data breach

In 2025, the global average cost of a data breach reached USD $4.44 million, whilst in the United States, costs soared to USD $10.22 million. However, organisations with AI and automation extensively deployed throughout their security operations saved an average of USD $1.9 million in breach costs and reduced the breach lifecycle by 80 days. The 2025 threat landscape has evolved dramatically, with 13% of organisations reporting breaches of AI models or applications, and 97% of those compromised lacking proper AI access controls.

The impact of these security breaches is far-reaching, with 95% of incidents motivated by financial gain. The costs to an individual whose personal data has been intercepted can be devastating, with consequences ranging from financial fraud and identity theft to psychological and even physical harm. It's crucial, therefore, that organisations do everything in their power to protect customer information.

But whilst most organisations understand this in theory, properly securing data is fraught with complexities, with many business leaders unsure of what to do after a data breach, or how to identify one. With cybersecurity threats continuing to evolve—including AI-powered attacks, deepfake fraud and shadow AI risks—it's critical that business and IT leaders understand how to identify a data breach and what to do after a data breach occurs.

How to identify a data breach

As is evident in the 2025 IBM data breach report, detecting and containing a breach can be difficult. However, businesses with fully deployed security automation systems, including artificial intelligence, machine learning and analytics, detected breaches 80 days faster and experienced significantly lower costs compared to companies without security automation.

By deploying security and data breach detection tools to regularly monitor your network for signs of compromise, you can improve your organisation's ability to quickly and effectively detect breaches. After all, if you know what your baseline traffic looks like, it becomes much easier to identify abnormal activity.

Here are a few signs that your network could potentially be compromised:

• Presence of unknown or unauthorised IP addresses on wireless networks
• Multiple failed login attempts for system authentication and event logs
• Suspicious activity on the network after-hours
• Unusual network activity
• Unexplained system reboots or shutdowns
• Services and applications configured to launch automatically without authorisation
• Suspicious emails, particularly AI-generated phishing attempts
• Slow computer or network operations
• Increased help requests for anomalies, such as missing files or emails

What to do after a data breach

Quickly detecting a data breach is only part of the equation—once a breach is detected, it must then be resolved. The Office of the Australian Information Commissioner (OAIC) recommends that a data breach response plan follows four key steps: Contain, Assess, Notify and Review.

Contain

The first step upon detecting a data breach is containing it as much as possible by limiting any further access or distribution of the affected personal information and preventing the compromise of other information. To do this, you may need to change access credentials or shut down the affected system altogether.

Assess

The next step is evaluating the extent of the damage, and attempting to mitigate it where possible. This means gathering as much information about the breach as possible, and considering whether remedial action, such as recovering lost information or changing credentials on compromised accounts, can be taken to reduce potential harm to individuals.

Notify

If the assessment reveals that the data breach is likely to result in serious harm to the individuals involved and remedial action has not resolved this, then according to the guidelines of the Notifiable Data Breaches scheme, organisations must notify the OAIC and the affected individuals.

Notifying individuals about a data breach is a highly important step, not only because it allows individuals to take proactive steps to prevent potential harm to themselves, but because it also helps an organisation repair its reputation. Transparency in breach disclosure builds trust and demonstrates accountability.

Review

Once the data breach has been appropriately dealt with, organisations should then take the time to review the incident in order to reinforce or update security measures to prevent future breaches.

Prevention is better than a cure

Whilst data breaches are relatively common, there are a number of data security strategies that organisations can take to reduce the likelihood and magnitude of a breach, including:

• Know where your data is: Organisations need to have a thorough understanding of where and how sensitive data is stored and secured.
• Implement Zero Trust architecture: With Zero Trust reducing breach costs by USD $1.76 million on average, adopting a "never trust, always verify" approach across all access points has become essential. Zero Trust enforces strict identity verification, least-privilege access and continuous monitoring across all environments.
• Deploy AI-powered security: Organisations using extensive AI and automation in security operations save an average of USD $1.9 million per breach and detect threats 80 days faster. AI-powered tools can identify anomalies, predict threats and respond to incidents at machine speed.
• Give employees regular cybersecurity training: Human error continues to drive 95% of all breaches. It's important, therefore, that employees are regularly taught cybersecurity best practices, including how to identify AI-generated phishing attempts and deepfake scams.
• Run data breach drills: There's not much point in having a highly detailed data breach response plan if aspects of that plan are flawed. That's why it's important to test the various processes in realistic drills, so you can iron out any kinks before real disaster strikes.
• Conduct regular security audits: A security audit of your print and document environment can help to identify any vulnerabilities in your systems, as well as workflow inefficiencies. Bringing in an experienced third-party to conduct the audit may improve your chance of identifying weaknesses that you might have missed.
• Engage an expert: No organisation can be expected to keep on top of new threats and security measures on their own. By engaging a third-party, you can have peace of mind knowing that experienced cybersecurity specialists are looking after your data.

Kyocera's comprehensive cybersecurity services provide organisations with proactive defence against evolving threats, including fully managed Security Operations Centre (SOC), Essential 8 assessments, penetration testing and security policy training. With the 2025 threat landscape characterised by AI-powered attacks, shadow AI risks and sophisticated supply chain compromises, having expert security partners has never been more critical.

The 2025 data makes one thing clear: organisations that invest in AI-driven security, implement Zero Trust principles and maintain comprehensive incident response plans are significantly better positioned to prevent, detect and recover from data breaches. The cost of inaction isn't just financial—it's the loss of trust, transparency and control.