Due Diligence After Incidents

Due diligence can be useful after incidents and compromise.

I’m sure we would all agree that identifying and addressing security risks upfront is the preferred option, however, there is no such thing as 100% secure and breaches happen with increasing frequency.

When a breach occurs, due diligence evidence is often reviewed as part of the investigation or post-mortem process. The aim of this review is to identify if anything could have been done differently to identify or prevent this breach from happening. In the case of compliance regimes such as PCI DSS, this check is part of their process for understanding which organization is at fault and liable for any damages that occur.

During this review process, assessors (or auditors) will be trying to understand how risk was managed and understood. They may consult the evidence and notes from due diligence processes and assess whether the information provided at that time was complete and accurate. If evidence suggests that the information provided was incomplete, or included errors, inaccuracies, or omissions, this may impact liability and expose your organization to legal threats.

Finally, in the case of cybersecurity insurance claims, if your security due diligence was found to be incomplete or accurate, it may lead to the insurer refusing to accept your claim and cover the loss.