You will be aware of the  recent fiasco  regarding the loss of data at LinkedIn. It still amazes me the number of corporations that really have no clue about data safety. After high profile cases such as Sony, you would think that all corporate IT heads and CIOs would be reviewing their systems. Apparently not.

Why does it always take a major incident to prompt a review of data security?

Surely the people that have jobs at the CIO level have some idea of what they should be doing?

Or does it all come down to money?

Is a partly protected system cheaper than a fully protected one? Are senior management unwilling to spend the money?

Any data breach causes untold reputational damage to a business. It can cause a complete loss of confidence by customers, staff and investors. Surely spending additional money to prevent such disasters is money well spent?

Then again, perhaps executive bonuses are more important.