Almost every week the media reports on negligent loss of data, much of it highly sensitive. Perhaps with so many people using so much data in so many different places we should not be so surprised.
Today more and more organisations emergency services, government departments and financial institutions hold information nationally and access it nationally, and, in some cases, offshore it.
There is relatively little offshoring of information by government. But corporate organisations, credit helpdesks and so on hold their customer relations management overseas.
They share information over the web with a vast number of IT systems and databases. It is almost impossible for anyone to know on what scale this information is accessible.
The aggregation of information, in itself, escalates the level of sensitivity. So there is greater risk of abuse or corruption, either intended or accidental, as in the loss of the child benefit database last year.
Unfortunately, shared technology increases risk, and criminals and vandals are using this same technology to remotely attack data systems. These attacks can be very successful, and by their nature make the deterrent of legal action more difficult.
We are faced with different threat levels to network-based information systems. These range from the careless user who leaves a disc on a train to foreign intelligence services who engage in cyber warfare against perceived enemies.
An example of the latter centres on the Russian incursion into Georgia in response, they said, to Georgias attack on the breakaway republic of South Ossetia. In the weeks leading up to this, Russia had disabled the Georgian presidents website with a massive spam attack what is known in the trade as a denial of service attack.
So in the quest to satisfy the network-enabled worlds increasing demand for effective data protection, the first step is an accurate assessment of risk.
At the lowest level, but the most common source of threat, are the millions of users themselves. They might lose a data stick, leave a laptop on public transport, or write their password on a Post-it note and stick it on their computer screen!
Next up are the service providers. With outsourcing on the rise you need to be confident your service providers conduct rigorous processes in how they look after their networks and information.
Higher still are the amateur hackers, of which there are many, although they are opportunistic and immediately they hit a firewall will probably move on.
At the pinnacle of threat are sophisticated hackers who are often linked to criminal gangs, and foreign intelligence services. These may be relatively few in number but they have a lot of resources behind them, and therefore need correspondingly greater efforts to fight them.
Sign up for CIO Asia eNewsletters.