The number of security attacks is doubling every year.

Corporate policies may not be defined for security, disaster recovery, hardware deployment, network maintenance, Internet access, business conduct, etc. These policies may not be updated on a regular basis.

Business partners may require that their mutual organizations have security precautions in place before conducting business transactions.

Standard deployment procedures for technological infrastructure may not be in place.

Organizations don't have dedicated or contracted staff to manage security needs.

Corporate data may not be safe and is often not encrypted.

Data controls may not be in place so that corporate information may be accessed by unauthorized users.

The "no problems so far" attitude does not imply that security breaches are not already occurring. The loss of vital corporate information could already have happened.