When hackers attack, is your network a fortress or have you dropped your drawbridge?

How companies react when first hit by an e-commerce emergency has a big impact on the outcome - planning for every eventuality is vital, according to computer security expert John Leach.

Leach is vice-president of Global Integrity, an information protection services provider, and has worked in techno-security for the past 15 years.

"Unless you're fully prepared beforehand, confusion will always win," Leach said.

"It takes a lot of effort, and needs the people in charge of your emergency response to know exactly what they're doing, if you're going to stay in control of the response process.

"As soon as one person loses sight of the plan and starts to make their own decisions on the fly, the whole plan can fall apart."

He said the first signs of a serious attack on a company's network were often the tip of the ice-berg.

"It's quite likely that the attack will be well underway before you've started to realise something is wrong, and what you see first might be only a side effect of the attack," Leach said.

He said this misleading initial view, combined with the enormous pressure to take immediate action at the first sign of attack, sometimes meant the wrong action was taken.

"If you start making assumptions and judgments based on just a partial view of the attack, your early actions could compound the problem enormously," Leach said.

"For example, you have to know whether the company's primary objective is to catch the attacker or minimise the damage.

"If you want to catch the attacker, you have to preserve evidence. If you want to minimise the damage, you'll trample over potential evidence from the first steps you take and that'll quickly undermine any chances you might have had of a successful prosecution."

To make the best response quickly, companies need to decide on what level of incident response they require, and be able to recognise when a security breach is beyond their control and outside experts are needed.

"With the degree of change around us, what was an appropriate security response yesterday might not be an adequate security response tomorrow," Leach said.

"We need to recognise the changes, recognise the changing needs and develop the security approaches and tools needed for the new security challenges we face."