...
contain the attack/violation and prevent that additional areas/systems are affected
secure production system efficacy on highest possible plateau
secure information that may lead to identifying the responsible party and root cause
make security backups of all affected systems for later inspection and analysis, internally and/or externally
inform all affected staff and third parties as applicable and agreed in the according data processing agreements
...