How do you respond when a single data point, such as an IP address or phishing email, is all you have at the start of an investigation at AIG?