When it comes to security, most businesses - like most individuals - tend to operate in reactive mode. That is, it's not until something bad happens that we get motivated to set in place protections to defend against it happening again. Luckily, we don't always wait until the bad thing happens to us; we can also learn from the experience of others. Major security breaches such as those experienced by TJ Maxx, in which large numbers of people are affected, have resulted in changes in procedure and tightening of security in the impacted industry (in that case, retail).
Most people, even those in the IT security field, would be shocked at the sheer number of breaches that have occurred over the past several years. You can see a comprehensive chronology of data breaches on the Privacy Rights Clearinghouse web site at
Every time a breach occurs, there are lessons that should be learned and applied. The recent Epsilon breach resulted in the theft of literally millions of email addresses. Terry Corbell on the Biz Coach web site discusses some of the lessons that should be learned from the Epsilon incident.