Identify the affected systems, determine whether the attackers were able to copy data and prevent further data leaks. If the necessary expertise is not available in your company, seek support from a specialised company.
Client communication is of vital importance. Draw up a communication concept before you fall victim to a cyberattack. This needs to answer the questions of whether and how clients should be informed, who will do so and through which channels the communication should be carried out.
Prepare an emergency plan (business continuity management), which describes how you can continue to work if IT is unavailable for a prolonged period. Like the communication concept, the emergency plan must be drawn up before an incident occurs. There is no time for this once you have been targeted.
Get an overview of the potential data loss and estimate the risk for the individual pieces of data.
Depending on the type of stolen data, inform the Federal Data Protection Commissioner (https://www.edoeb.admin.ch/edoeb/en/home.html).
Report the matter to your local cantonal police. They will then initiate the necessary investigations. You can search for police stations in your area and their telephone numbers on the Suisse ePolice website: https://www.suisse-epolice.ch/#/search-station (in French, German, Italian).