Good News: Check Before The Wreck
OCIE reported that "[t]he vast majority of examined firms," in addition to auditing themselves periodically for cyber risk, "report conducting firm-wide inventorying, cataloguing, or mapping of their technology resources." This includes hardware, software, network resources and connections, logging capabilities and practices, and other resources. These are particularly important security steps for cyber-attack readiness and disaster recovery so firms can know what, specifically, has been compromised in a breach. Such information informs the organizations how to best proceed, as well as what their legal duties are, while potentially serving to mitigate liability).
(Image Source: Ulrich Kohls via Creative Commons license)