It’s the phone call no information security executive wants to get. A few months into his tenure as a chief information security officer for the Town of Gilbert, Ariz., Tony Bryson learned that one of his municipality’s most significant vendors had experienced a cybersecurity incident. Bryson’s first concern was whether the Town of Gilbert’s government data had been compromised. But he was also worried about the long-term implications of a partnership that provided critical services to the town.