Be an Expert: A Critical Thinking Approach to Responding to High-Profile Cybersecurity Breaches

ABSTRACT This case examines three high-profile cybersecurity breaches to illustrate how organizations respond to these situations. Students explore breaches involving Capital One, Equifax, and Target and apply critical thinking to examine attack details, breach prevention, and breach responses by assuming the roles of security consultants, chief information officers, and internal auditors. The case objectives include (1) summarizing how organizations respond to cybersecurity breaches, (2) evaluating threats to organizations’ cybersecurity infrastructure, and (3) justifying how accountants and auditors may respond to cybersecurity breaches. This case is designed for undergraduate- or graduate-level accounting information systems, auditing, information technology (IT) auditing, internal auditing, and fraud examination classes and can be extended for intermediate or advanced financial accounting courses. This case provides instructor flexibility, as the class can be split into three groups with each group assigned as the expert on one breach or one or more breaches can be assigned to all students.