A little behind in my reading...I just read a post by Bryan Sartin at VerizonBusiness.com. The post is a good read, but one thing stuck with me. Bryan states...
"I would estimate that payment cards represent as little as 1.2 – 1.5 percent of all data thefts. The remaining 98.x percent being occupied primarily by personally identifiable data (PII), then account credentials, company-proprietary data, and a few other categories in a distant fourth and fifth by incidence...When stolen, payment card data tends to lead to fraud. That’s the whole point of stealing it. The ensuing fraud is detectable and fraud analysis and detection tools have made it almost elementary to identify the likely source of a suspected payment card breach for almost 10 years."
The point is that compromises of payment card information are rarely detected by the company who breached the card information. Rather the breach is detected by the payment card industry and traced back to the company due to the fraud and tools utilized by the payment card industry.
No similar capabilities exists to trace the source of personally identifiable information, account credentials, intellectual property and other lost information.
Would you even know if your company was breached?