You can’t find every attacker but you can indemnify against the worst outcomes

Marriott surely did some cybersecurity due diligence when it acquired Starwood Hotels and Resorts in 2016 but we learned this month that those efforts did not prevent Marriott from suffering one of the worst intrusions (in terms of the number of consumers impacted) in history.  Obviously, Marriott would have liked to avoid the losses that breach caused, estimated by some to be as high as 1 billion dollars.

There are good tools for detecting an intrusion but there are no guarantees that you will find an attacker dwelling on that system.  A better method to minimize and mitigate those losses involves spreading the risk of them and looking for opportunities to indemnify against the events of a really bad day.  That could be possible by implementing a new tool in cybersecurity due diligence that would pinpoint the likely sources of potential loss and allow the acquiring company and its advisors to shift that risk.

Read Foresight CEO Adam Bobrow’s analysis here.