Another, day another large-ish chunk of the population wakes up to find an organisation they trusted has managed to let someone steal their sensitive information. This time was the turn of US retail giant TJX Companies, which reported that customer credit and debit card details may have been accessed as part of a hacking attack on its systems last month. The firm, which owns TJ Maxx stores in the States and TK Maxx in the UK, also disclosed that shoppers over here might be affected. No doubt the data breach prevention vendors will be queuing up to comment as we speak.

Despite everything that has been written, the laws that have been passed and the proven damage to brand and image that can result from such an incident – think CardSystems – large corporates who should really know better are allowing this kind of thing to happen. Why? Because they still fundamentally don't understand the risks involved in not properly protecting their most important assets, which these days means information.

When I say 'they' I mean the board; of course IT is well aware of the dangers, but so often the men and women in smart suits who are liable should anything go wrong, are "ill-prepared and ill-informed about the scale of the risk and the threats". Not my words, the words of Jim Kent – chief exec of information assurance specialists Vistorm. As he said, these events are not exactly unpredictable these days, and policies can be created and technology implemented to safeguard data. Forget about big name brands at low, low prices and do a bit of basic risk management next time.