Isolate Affected Systems: Immediately isolate affected systems or areas of the network to prevent further unauthorised access. This helps contain the breach and limit potential damage.

Activate Incident Response Team: Activate your organisation's incident response team, which may include IT experts, legal counsel, and communication specialists. Clear roles and responsibilities should be established.

Preserve Evidence: Preserve evidence related to the breach. This may include logs, system snapshots, and any other data that could assist in investigating the incident.

Notify Management: Inform senior management or the board of directors about the breach. They need to be aware of the situation to make informed decisions regarding the response and communication strategy.