Regarding Equifax specifically, beyond what you did - reviewing their SOC reports and information security policies and audits yet found no concerns - there isn't anything anyone could have done. Normally, you want to make certain you have a all of the information you all collected for Equifax and be sure you have a current SOC 2 report on any critical or high-risk vendors.
You can get proactive and ask for a breach clause in your vendor contracts stipulating how you would like each vendor to reimburse you for any actual damages caused by a breach...now we're on a topic for a different forum.
If all your due diligence comes back without any red flags, and a breach occurs, you will have done all you can do in these instances.
Original Message:
Sent: 09-11-2019 01:39 PM
From: Anonymous Member
Subject: Thoughts on breaches after you did your due diligence
This message was posted by a user wishing to remain anonymous
In regard to a data breach like Equifax - we had reviewed their SOC reports and info security policies and audits but found no concerns yet there was still a data breach...... what else is there to do if all of the due diligence shows satisfactory controls?