Cyber incident? Call first.Panic later.
The first 60 minutes can decide the size of the loss. Call the hotline before you pay, reboot, delete logs, email customers, or explain things to the internet.
+91 80059 63112
Average pickup in 90 seconds. The response pod joins the bridge, helps preserve evidence, and coordinates the next move before the incident gets bigger.
Six moves that decide the outcome.
Most cyber incidents get worse because of what happens in the first hour. Do these six things while the response pod gets moving.
- T+0Pick up the phone
Call the hotline and say: “I have an active cyber incident.” That is enough. We will guide the rest.
- T+5Isolate, don’t shut down
Disconnect affected machines from the network. Do not power them off. Memory can carry forensic evidence.
- T+10Preserve evidence
Do not delete logs, overwrite backups, or “clean up” systems. Forensics needs the raw scene.
- T+15Lock down accounts
Rotate admin credentials, revoke active sessions, and force MFA re-enrolment on suspected accounts.
- T+30Identify the bridge
Keep the room small: decision-maker, IT lead, communications lead. Everyone else can wait.
- T+60FNOL drafted
We help prepare the first notice of loss, alert the carrier, brief counsel, and queue the response track.
Eight reflexes that cost claims.
These feel productive in the moment. Most of them hurt evidence, coverage, recovery, or all three.
- 01Do not pay the ransom unilaterally. Carrier consent and sanctions screening may be required.
- 02Do not power off compromised machines. Isolate from the network and leave them running.
- 03Do not delete logs. Messy logs are still evidence.
- 04Do not talk to the press. Route media calls to your communications lead or our PR partner.
- 05Do not email customers in bulk before counsel reviews the notification draft.
- 06Do not blame an employee in writing. Privileged investigation comes first.
- 07Do not change every password blindly. Wait for forensics to flag the likely vector.
- 08Do not trust the threat actor’s “proof” of data. Validate independently.
Escalation paths. With names, inboxes, and SLAs.
When something goes wrong, you should not be hunting through threads to find the right person.
Claim support questions, before the bridge call begins.
Quick answers on reporting a cyber incident, what details to share, what happens next, and how Mitigata helps you recover.
- You can report a cyber incident by calling our 24×7 hotline at +91 80059 63112 or by submitting a claim through the online form on our website. Share as much detail as you can, including the date, time, nature of the incident, affected systems, and any evidence available.
- Please share a clear description of what happened, the date and time, affected devices or accounts, screenshots or error messages, relevant logs, your contact details, existing security measures, and details of any previous cyber incidents if applicable.
- Our team reviews the situation, contacts you for any missing details, and guides you through the next steps. This may include starting the claims process, reducing further risk, coordinating with forensic experts, informing the insurer, and helping with legal or communications support.
- Yes. Information shared during incident reporting is handled carefully and used only to support claim filing, incident response, investigation, recovery, and related coordination.
- Mitigata helps coordinate forensic experts, legal support, claims documentation, insurer communication, PR guidance, prevention recommendations, and stolen fund recovery where applicable.
- Avoid paying ransom, rebooting machines, deleting logs, changing everything at once, emailing customers, or speaking publicly before counsel and the response team review the situation. Call first. We will help you sequence the response.
Something feels off? Don’t wait for proof.
A suspicious login, strange payment request, ransomware note, leaked data alert, or fake support call is enough reason to call. Early action can reduce loss, preserve evidence, and protect the claim.