I’ve shared this quote from Robert S. Mueller III, former director of the Federal Bureau of Investigation, in my previous book and several times during speaking engagements. I usually take this quote one step further and talk about one additional type of companies: those that don’t know they’ve been hacked. In the most recent annual study of data breaches, Ponemon Institute’s 2015 Cost of Data Breach Study: Global Analysis, based on a sample size of three hundred fifty (350) organizations, the average time to identify a breach is two hundred six (206) days (Ponemon Institute, 2015a). This means that it took companies just under seven (7) months to figure out that they’ve been breached. In addition, it took these same companies, on average, sixty-nine (69) days to contain the breach (Ponemon Institute, 2015a).