Padgett-Beale Inc.s (PBI) insurance company, CyberOne Business and Casualty Insurance Ltd, sent an audit team to review the companys security policies, processes, and plans. The auditors found that the majority of PBIs operating units did not have specific plans in place to address data breaches and, in general, the company was deemed not ready to effectively prevent and/or respond to a major data breach. The insurance company has indicated that it will not renew PBIs cyber insurance policy if PBI does not address this deficiency by putting an effective data breach response policy and plan in place. PBIs executive leadership team has established an internal task force to address these problems and close the gaps because they know that the company cannot afford to have its cyber insurance policy cancelled.

Unfortunately, due to the sensitivity of the issues, no management interns will be allowed to shadow the task force members as they work on this high priority initiative. The Chief of Staff (CoS), however, is not one to let a good learning opportunity go to waste especially for the management interns. Your assignment from the CoS is to review a set of news articles, legal opinions, and court documents for multiple data breaches that affected a competitor, Marriott International (Starwood Hotels division). After you have done so, the CoS has asked that you write a research report that can be shared with middle managers and senior staff to help them understand the problems and issues arising from legal actions taken against Marriott International in response to this data breach in one of its subsidiaries (Starwood Hotels).

Write a three to five (3-5) page report using your research. At a minimum, your report must include the following:

An introduction or overview of the problem (cyber insurance companys audit findings regarding the companys lack of readiness to respond to data breaches). This introduction should be suitable for an executive audience and should explain what cyber insurance is and why the company needs it.

An analysis section in which you discuss the following:

Specific types of data involved in the Starwood Hotels data breaches and the harm

Findings by government agencies / courts regarding actions Starwood Hotels / Marriott International should have taken

Findings by government agencies / courts regarding liability and penalties (fines) assessed against Marriott International.

A review of best practices which includes 5 or more specific recommendations that should be implemented as part of Padgett-Beales updated data breach response policy and plans. Your review should identify and discuss at least one best practice for each of the following areas: people, processes, policies and technologies. (This means that one of the four areas will have two recommendations for a total of 5.)

A closing section (summary) in which you summarize the issues and your recommendations for policies, processes, and/or technologies that Padgett-Beale, Inc. should implement.