Indeed, many experts suggest that for companies everywhere it’s a case of “when, not if”. This is not scaremongering. This is fact.
There are an array of misconceptions exacerbating the situation, including confusion about who has responsibility for investigating, preparing and responding to data breaches.
via When, Not if: Protecting Your Corporate Reputation In A Data Breach — Holmes Report