A large organisation has experienced an attack on their IT systems that has gone public, the technical elements have been contained and mitigated although the public, senior stakeholders and the press want answers. With this in mind and having read the Problem of Security, as an internal member of the security team or a consultant working on behalf of the affected organisation, what would your response and advice be to ultimately protect the organisation and its value creation given your new perspective and how much is too far? What would you do differently?