At 
the hackers were there for several weeks(maybe months)- copying and taking data before they started deleting data, and breaking stuff.
Every day more malware (malicious software) is being created which is very hard to detect – why do you think Symantec says that anti virus is dead, the defenses of a network must contain more than just antivirus. Since AV only catches 45% on Symantec software. (WSJ article)
The “average” breach is not detected for 210 days.
Now Krebsonsecurity has found a move against Anthem from April 2014 (WSJ did not note the breach until last week). 9 months *30 = 270 days.
Think about it – do you think the hacker will let you know of his presence? Not until he is good and ready.
I would assume the hacker is in your network, only then with that thought in mind can you have a hope in finding him.
Even in my network we uninstall and re-install software (antivirus and more) many times in the year to keep the latest possible defenses, patch all possible software for defense. Sometimes Blue screens are caused by the latest patches, and we then just uninstall the patches and move on.
It is in the interest of the discerning owner to obtain all the techniques and technologies available to reduce the chance even a single percent.
IDS/IPS and NGFW are acronyms that security pros are familiar with. (intrusion Detection System/Intrusion Protection System) and Next Generation Firewall.
Pick your poison business owner/CEO:
A. In 7-9 months be in the headlines where your network and all its contents are bared for all
B. Pay what is necessary in security technologies today and reduce the chance or at least be able to find the attack in 3 months or 6. And in this case there will be a lower cyber risk in the legal arena as well as the public arena.
Contact Us to review your options as to what technologies to Use.
Here is a PCI compliance post at Fixvirus.com