Editor's Note: This article was originally published on THRIVE, DXC Technology’s thought leadership platform, and reproduced with permission from DXC Technology.

When a company suffers a security breach, the first reaction is to try to stop the bleeding as quickly as possible. For some, that might mean pulling the plug on whatever system sustained the attack. But the first, best course is to quickly deploy an incident response team, conduct a forensic investigation to identify the nature of the attack, contain it and ultimately expel the attacker.

It’s important to note that no matter how much we prepare, attacks will happen. Therefore, the speed and quality of the initial response is critical. Getting incident response right helps minimize brand damage, regulatory fines, downtime and overall breach cost. Companies that contain a security breach within 30 days can save $1 million compared to companies that don’t, according to the Ponemon Institute’s Cost of a Data Breach Study 2018.

Once the crisis has passed, it might be tempting to breathe a big sigh of relief. But even more important than detecting and responding to the immediate attack is conducting post-event remediation. Companies need to recover their business operations. They need to collect and preserve evidence. And they need to take a comprehensive approach to shoring up their defenses to protect against future attacks.

Move from defense to offense