We implemented a breach management program with a multinational company. This involved creating policies and processes addressing reporting and investigation of incidents, supporting the creation of a training and awareness programme to ensure all employees would recognise and report incidents, supporting breach investigations in the early phase of rollout and creating an oversight process to ensure that senior management were kept informed, that root cause analysis was carried out and that “near misses” were acted on to address process gaps that could lead to future breaches. This was a complex change management project carried out closely with the client who has created a culture of incident reporting in the organisation that significantly reduces the risks associated with data breaches.