Though the investigation into the massive Marriott data breach that affected 500 million customers is still ongoing, lessons for companies have already emerged and lawsuits have been filed. The Cybersecurity Law Report spoke with Karen Hornbeck, a senior manager at Consilio, who offered insight on some of the mistakes made by Marriott in its initial communications with its customers along with advice on conducting cyber due diligence, resources for building a mature cybersecurity program, and when and how to involve the board. See also “Lessons From the Equifax Breach on How to Bolster Incident Response Planning (Part One of Two)” (Sep. 27, 2017); Part Two (Oct. 11, 2017).