TCS had a perfect security score. Then M&S and JLR were breached(counterpartywatch.substack.com)
counterpartywatch.substack.com
TCS had a perfect security score. Then M&S and JLR were breached
https://counterpartywatch.substack.com/p/tcs-had-a-perfect-security-score
1 comments
Curious whether people here see value in this kind of research: using alternative public data to assess vendor risk before a breach, rather than after. We're aware that "we found signals before a known breach" is a weaker claim than "these signals predicted a breach we didn't know about yet." Is retrospective analysis like this useful to practitioners, or does it only matter if it can be made prospective?