It never rains but it pours. Just as bosses and boards have finally sorted out their worst accounting and compliance troubles, and improved their feeble corporation governance, a new problem threatens to earn them -- especially in America -- the sort of nasty headlines that inevitably lead to heads rolling in the executive suite: data insecurity. Left, until now, to odd, low-level IT staff to put right, and seen as a concern only of data-rich industries such as banking, telecoms and air travel, information protection is now high on the boss's agenda in businesses of every variety.

　　Several massive leakages of customer and employee data this year – from organizations as diverse as Time Warner, the American defense contractor Science Applications International Corp and even the University of California, Berkeley -- have left managers hurriedly peering into their intricate IT systems and business processes in search of potential vulnerabilities.

　　"Data is becoming an asset which needs to be guarded as much as any other asset," says Haim Mendelson of Stanford University’s business school. "The ability to guard customer data is the key to market value, which the board is responsible for on behalf of shareholders". Indeed, just as there is the concept of Generally Accepted Accounting Principles (GAAP), perhaps it is time for GASP, Generally Accepted Security Practices, suggested Eli Noam of New York’s Columbia Business School. "Setting the proper investment level for security, redundancy, and recovery is a management issue, not a technical one," he says.