This chapter is intended for the curious reader who would like to know about other companies’ experiences with a serious incident, and the outcomes. Although ISO27001 stipulates that, to enable learning, companies should share information on such experiences, it is actually difficult for them to do so. Nobody likes to admit that they have had a serious problem. This is understandable as, nowadays, it is highly likely that customers, members of the public or even government officials will try to gain some windfall profit from such an incident through lawsuits, bad press or other action. In addition, of course, if the company affected is publicly traded, the stock market may react quite severely to news of a serious breach. ...