In an increasingly digital, interconnected world, efforts to appropriately safeguard personal information by even the most well-intentioned companies have been overcome by inadvertent security breaches (e.g., lost laptops containing private information). Additionally, sophisticated hackers and/or rogue employees are increasingly seeking to acquire and use personal information and other sensitive data for fraudulent purposes and their own financial gain.

As data breach incidents continue to rise at an alarming rate, so too have the costs—both financial and reputational in nature—for companies that fail to adequately protect their customers’ and employees’ personal information. Consider the following:

• More than 22 million records containing sensitive personal information were subject to data breaches in the United States in 2011.
• Data breach incidents cost U.S. companies on average $5.5 million ($194 per compromised customer record) in 2011.
• Data breaches are a fact of life, which may result in fewer people ending or diminishing their relationships with breached organizations.

Such statistics paint a stark picture of the modern age, in which the key question facing all companies that collect and maintain personal information of clients, customers, and employees is not whether a data security incident will occur, but rather when?