“…In the internet age, organizations regularly solicit, process, retain, and analyze data related to financial transactions, communications, personnel, clients, and the like (Newman & Clarke, 2003; Yar & Steinmetz, 2019). While some data retained by organizations is mundane, much can be considered “sensitive”—that it can be abused in the wrong hands—including financial data and personal identifying information (PII) (Hinduja & Kooi, 2013; Holt et al, 2016). Organizations have thus become prime targets for illicit hackers and other unscrupulous actors interested in accessing and abusing sensitive information and computer systems (Holt et al, 2016; Khey & Sainato, 2013; Verizon, 2021).…”