It’s hard to see a survey these days that doesn’t include cyber as one of the top risks faced by organizations around the world.

But should it be?

Are we hyperventilating unnecessarily? Or is the risk so severe that such a reaction is justified?


This is the first of two posts I plan on the topic. This one will talk about the effect of breaches on consumers, and then I will move on to corporations and my advice to risk and cyber professionals.


Over the last decade or so, I have traveled all over the world, sometimes on vacation but also to speak at conferences and lead training sessions.

While my preference is for the Hilton family of hotels (simply because I have more status with them), I have also stayed frequently at Marriott, Sheraton, and other properties.

So when Marriott announced a massive cyber breach in November, I wondered how it would affect me personally.

The first thing I noticed was that while this was announced as a Marriott breach in the news (such as on NBC), the report didn’t make it clear that it only related to stays at hotels like the Sheraton and the Westin. NBC references Starwood, but not everybody knows which hotels are included in the Starwood family.

So what was stolen?

A January update by Marriott provided a little clarity:

  • The breach relates to stays at Starwood…


Обучение для риск менеджеров