After a system breach, what is the immediate requirement for companies under PCI DSS?

The immediate requirement for companies under PCI DSS after a system breach is to notify affected parties and comply with PCI DSS requirements for reporting. This is crucial because timely communication to affected parties, such as customers and payment card brands, helps mitigate potential damage and allows for appropriate actions to be taken. Compliance with the reporting requirements outlined in PCI DSS demonstrates a commitment to maintaining security and transparency, which is essential for rebuilding trust with customers and stakeholders.

Additionally, notifying the relevant parties is a fundamental part of incident response and prepares the organization to handle the fallout from the breach. This includes possibly informing regulatory bodies depending on the legal obligations related to data breaches. By adhering to these requirements, organizations can take the first steps in a structured incident response, ultimately aiming to prevent future breaches and enhance their overall security posture.

The other options, while they might seem reasonable in a broader sense, do not prioritize the necessary actions outlined by PCI DSS as effectively as the requirement to notify affected parties.