Chat with us, powered by LiveChat

Data Breach Investigation

Data Breach Investigation & Incident Response

Identify, Protect, Detect, Respond and Recover

If you have been subjected to a data breach, hacked or compromised, your organisation needs to ensure it takes the necessary steps to mitigate the potential of serious harm that might impact business critical or personally identifiable information.

What is an Incident Response Engagement Look Like?

For most organisations in Australia, having a defined incident response framework is something of a luxury. In the event you are breached, Gridware technical engineers can be on-site within 1-3 hours to implement our proprietary incident response methodology.

Gridware will immediately assess the extent of the breach, the severity of the incident and the likely impact it will have on the business, including financial, business loss and reputation. We will also determine whether a notification is required under the revised Privacy Act (Commonwealth)  regulations relating to Mandatory Data Breach Notification. We can also liaise with the relevant law enforcement or any other relevant government authorities such as the Australia Federal Police, the Australian Cyber Security Centre and other bodies.

How we Investigate, Contain and Remediate a Data Breach

  • Detection and Analysis

    Immediately come on-site and work remotely from our Sydney head office to determine whether and how an incident has occurred. Forensic analysis of the precursors and indicators. Report the incident to the appropriate Board or government agency where required.

  • Containment

    Review if the current steps taken were adequate. Acquire, secure and document evidence. Contain the incident by identifying the source of vulnerability and reducing the impact of serious harm to individuals, employees and stakeholders.

  • Protect and Recover

    Determine if the measures taken were adequate. Remove the source of vulnerability or exploit. Repeat detection and analysis to identify other vulnerabilities. Secure systems from further breach. Recover to operationally stable state.

  • Post-Incident Report

    Create a follow-up report. Undertake lessons learned through workshops with IT and management teams.

Why you should choose Gridware for data breach investigation


We are a nationally recognised leader managing over 10 daily active cyber breach investigation engagements.


Our leadership team’s involvement in the industry provides deep and current understanding of risk and threats.

Risk Approach

We take a risk-based approach to ensure information security is addressed holistically and not just technically.


We employee a wide variety of expert to ensure any cyber event can be addressed quickly and effectively.

What Does A Post-Incident Response Report Include?

High-level Guidance on:

  • Understanding your company’s risks
  • Assessing the extent of a breach
  • Determine likely impact and consequence
  • Identify the root cause of a breach

Forensic Investigation Services To:

  • Detail any forensic material identified relevant to the breach
  • Determine the most likely point of entry/root cause
  • Identify the extent of unauthorised access
  • Highlight activities or lateral movements of the threat actor within the target environment

Report and Review:

  • List of findings, root cause and risk rating
  • How the issue was contained
  • Recommendations for improvement
  • Overall suggestions to improve security

Data Breach Investigation and Incident Response (FAQs)

What is a data breach investigation?

A data breach investigation is a process undertaken by cyber security forensic specialists such as Gridware to determine the immediate extent of a ‘hack’, which includes but is not limited to the loss of confidential data to an unauthorised individual or the compromise of a critical set of infrastructure or web applications by a malicious party.  The data breach investigation will also determine the impact and consequence of the breach to calculate the financial, reputation or business loss involved.

How do I contain a data breach?

To contain a data breach, you need to follow an industry set of steps and procedures relevant to the infrastructure (such as Office 365) or application (web based or cloud) that was subject to the breach and ensure access is restricted and closed from unauthorised or outgoing gateways. This usually involves setting up a network perimeter, implementing immediate password changes, introducing multi-factor authentication for all privileged users and assess the state of back ups that are available to ensure they are not compromised.

How much does a data breach investigation cost?

The costs of a data breach investigation will vary from organisation to organisation, and is heavily dependent on the amount of resources required to conduct the forensic analysis. The average cost of a data breach investigation in Australia is between $10,000 – $40,000.

Can I Download an Incident Response Plan Template or Sample?

We do provide templates, checklists and sample policies and procedures for download, including sample incident response plans. You just need to contact us.

How long does a data breach investigation take?

The length of the investigation depends on the size of the data breach, being the amount of data that has been exposed or leaked, as well as the size of the business and complexity of the business processes. For most organisations, a data breach investigation can commence and be completed in under 7-10 days. In most cases, containment of a data breach can be completed within 1-2 business days depending on many other factors that we would need to assess.

How quickly can you start a data breach investigation?

Gridware’s cyber forensic team can begin work on a breach with 15 minutes of being notified. Our capabilities runs across our Sydney, Melbourne, Brisbane offices as well as other capital cities, Gridware’s cyber forensic team can issue an immediate assessment and action plan to contain a breach in under 6 hours. For greater Australia, we have a minimum service level agreement (SLA) target response of 24 hour.

Ready to team with Gridware?

Make the switch and team up with Gridware to make information security a priority in your company.

What Our Customers Say

  • "Gridware is the cybersecurity company that compeititors look up to. Knowing where the security gaps are within our applications before go-live gives us peace of mind that we are actively protecting our customer data. What differentiates Gridware from other companies is that when they start working, it is like we gain a valuable internal resource."

    IT Manager Nikon Australia
  • "With Gridware, we gained a valuable security partner to review our IT programs across various large projects across Australia. It saved us having to build our security expertise from scratch. They're flexible, thorough and quick with solutions. An agile vendor, one of the best we have worked with."

    Marsha Wilson Director, IT and Innovation
  • "Gridware is an intelligent company. The team has worked with us to identify and solve a number of cyber risks. It has been a pleasure working with Gridware."

    Mark Knowlton former CIO, Macquarie Bank

–  We work with the best  –

We are proud to have offered our incident response, forensic investigation and remediation services to some of Australia’s largest ASX listed and private sector organisations. Our expert cyber forensic team are recognised for their capability and agility in responding to complex cyber breaches across all major cities in Australia including Sydney, Melbourne, Brisbane and Perth.

The best way to team up with Gridware is to Call or email us today to secure a meeting with our team.

Case Studies

Take a look at how we have helped some of our many clients.

News and Insight

Have a look at some of the media exposure Gridware has received.

Other Services

Have a look at other services Gridware can offer your business.

Contact Us

Let us give you a call back to provide more detail on our offerings or arrange a presentation

Start typing and press Enter to search