Author:Duncan Gammie

January 20, 2022


DREAMing of a Safer Future for IT

A New Way to Handle Data Risk

3 min read

DREAM can proactively evaluate your organisations potential risk for a data breach and take steps to prevent it before the damage is done.

DREAMing of a Safer Future for IT


In July 2017, an assistant popped into Yahoo CEO Marissa Mayer’s office to deliver an important message: someone who operated under the name of Peace_Of_Mind had just conducted an interview with the media outlet Vice, and he claimed to be responsible for the theft and sale of over 200 million Yahoo user accounts. Yahoo was in the process of selling itself to Verizon, and any data breach, especially one of this magnitude, would have a serious impact on such a deal. Mayer acknowledged the assistant’s note and convened her board to go over next steps–a reasonable measure, to be sure, but the data breach had already occurred, and the question before them was no longer one of how to keep their customers safe, but rather how to assess the damages.

What they would soon find out was that they had been subjected to the largest data breach in the history of the internet, with over a billion usernames and passwords stolen from their site. The result impacted their sale to Verizon, to say the least, shaving off a third of a billion dollars from their initial asking price. The damage to their reputation among users would be almost as deep.

Companies need to be proactive about data breaches. It’s an area that even the largest companies all too readily ignore, perhaps because safety measures appear on their balance sheet as a cost, while the potential risks of getting hacked often seem nebulous and far away–until it’s too late. DREAM is GAT’s premier tool to evaluate your risk potential for a data breach and determine what proactive steps your firm should take to keep your data safe, rather than waiting until the damage has already been done.

DREAM’s secret ingredient is the expertise of our in-house data privacy experts who have decades of experience dealing with fraud, data breaches and privacy regulations. Through a simple onboarding process, any given client can offer some details about their company –ranging from what industry they might be in, to the kinds of data they process and what privacy regulations they might be subject to – that we can then flesh out and give an overall risk assessment score, as well as actionable steps to improve your score.

DREAM incorporates public data, such as stock movements across a firm’s industry as well as the impact of past data breach’s on similar firms’ valuation; it also pulls in relevant regulatory info, such as any applicable HIPAA and GDPR-related fines and regulations, as well as up-to-date tracking of how aggressive these regulators have been lately; and finally, DREAM compiles this data and performs a series of regressions to give a firm not only a detailed risk score, but also approximate damages and suggestions and their cost for how to mitigate them.

When even multi-billion dollar companies like Yahoo fail to get in front of potential breaches, it’s important to know that no firm is entirely free from threats. But with DREAM, one can make sure that you know to handle them.


The opinions expressed in this blog are those of the individual authors and do not represent the opinions of BRG or its other employees and affiliates. The information provided in this blog is not intended to and does not render legal, accounting, tax, or other professional advice or services, and no client relationship is established with BRG by making any information available in this publication, or from you transmitting an email or other message to us. None of the information contained herein should be used as a substitute for consultation with competent advisors.