Cybersecurity attacks, data breaches and hackings can be devastating and demoralizing to a company, leaving it with a difficult question: What now? Too often, companies focus on the whodunit of a cyberattack. They want to attribute the data breach or cybersecurity incident to a specific actor, a villain. Yet focusing an internal investigation on identifying the source of a data breach or cybersecurity attack is often an inefficient use of the company’s time and resources.

Consider the following scenario. You are coming home from a vacation with your family. When you reach the front door, you notice that the door is unlocked and the door jamb is completely busted. You push open the door further, only to find the house in complete disarray. You quickly put the pieces together and determine that while your family was enjoying vacation, someone had broken in and burglarized your home. You ask your spouse to call the police and direct your children to stay outside the house. But what do you do next? Would you assume your best impression of Sherlock Holmes, grab a magnifying glass and immediately start investigating to determine who the burglar was? Or would you instead take stock of your house, determine what valuables were missing, and figure out how the burglar got into the house and the alarm system was not triggered?

To read the full article, go to JAMS ADR.