Action in 4 areas in the first 24 hours: technical, legal, communication, business continuity.
Technical (CISO)
- Isolated attack.
- Recovery from backups.
- Forensics team.
Legal (DPO + lawyer)
- KVKK 72 hours notification.
- USOM + BTK notification.
- Complaint to the Public Prosecutor's Office.
Communication (CMO)
- Customer notification draft.
- Press release.
- Transparency inside.
Business continuity (COO)
- Backup system active.
- Customer SLA notification.
Frequently asked
What does insurance cover?
Cyber insurance: collection + compensation + job loss.
If the attacker is not found?
Compensation from insurance + customer settlement.
Communication order?
Internal → regulator → customer → public.
Relevant legislation
- TCK art.243-245 — Basic articles of cyber crimes.
- TCK art.158/1-f — Qualified fraud (information tool).
- CMK article 134 — Search for digital evidence.
- 5651 SK — Access blocking and content removal.
- Budapest Cybercrime Convention — Türkiye is a party; international cooperation.
Legal notice: This article is for general information purposes; A meeting with a lawyer is required for a concrete case.