There’s a popular saying in the cybersecurity space, “There’s two types of organizations, those that have been breached and those that don’t know they’ve been breached.” In working with organizations that know they’ve been breached, I’ve noticed a very alarming fact. It’s not their first breach! This left me wondering why and how? How can an organization suffer from one breach and have a second or third similar breach? What did they not learn from the initial breach that would leave them vulnerable to similar subsequent breaches? One of the common themes we see is that they “handled” the first breach themselves or they hired a security consultant with little to no experience in incident response that focused on recovery and not fully understanding how the attack was carried out. This is a very scary reality that we are seeing more and more daily.