Cybersecurity: Research Report #1: Data Breach Incident Analysis & Report

Read / Review the readings for Weeks 1, 2, 3, and 4.

Research the types of insurance coverage that apply to data breaches. Pay attention to the security measures required by the insurance companies before they will grant coverage (“underwriting requirements”) and provisions for technical support from the insurer in the event of a breach. Here are three resources to help you get started.

  • https://woodruffsawyer.com/wp-content/uploads/2019/06/40842_Woodruff-Sawyer-Cyber-Buying-Guide_Final.pdf
  • https://www.travelers.com/cyber-insurance
  • https://wsandco.com/cyber-liability/cyber-basics/
  • Read / Review at least 3 of the following documents about the Marriott International / Starwood Hotels data breach and liability lawsuits.
  • https://www.insurancejournal.com/news/national/2018/12/03/510811.htm
  • https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/10/ico-fines-marriott-international-inc-184million-for-failing-to-keep-customers-personal-data-secure/
  • https://www.bbc.com/news/technology-54748843
  • http://starwoodstag.wpengine.com/wp-content/uploads/2019/05/us-en_First-Response.pdf
  • https://www.consumer.ftc.gov/blog/2018/12/marriott-data-breach
  • https://news.marriott.com/2019/07/marriott-international-update-on-starwood-reservation-database-security-incident/

Find and review at least one additional resource on your own that provides information about data breaches and/or best practices for preventing and responding to such incidents.

Using all of your readings, identify at least 5 best practices that you can recommend to Padgett-Beale’s leadership team as it works to improve its data breach response policy and plans.

Write

Write a three to five (3-5) page report using your research. At a minimum, your report must include the following:

An introduction or overview of the problem (cyber insurance company’s audit findings regarding the company’s lack of readiness to respond to data breaches). This introduction should be suitable for an executive audience and should explain what cyber insurance is and why the company needs it.

An analysis section in which you discuss the following:

Specific types of data involved in the Starwood Hotels data breaches and the harm

Findings by government agencies / courts regarding actions Starwood Hotels / Marriott International should have taken

Findings by government agencies / courts regarding liability and penalties (fines) assessed against Marriott International.

A review of best practices which includes 5 or more specific recommendations that should be implemented as part of Padgett-Beale’s updated data breach response policy and plans. Your review should identify and discuss at least one best practice for each of the following areas: people, processes, policies and technologies. (This means that one of the four areas will have two recommendations for a total of 5.)

A closing section (summary) in which you summarize the issues and your recommendations for policies, processes, and/or technologies that Padgett-Beale, Inc. should implement.