Scandalous pictures of latest superstar is the type of privacybreach that makes headlines, but it is the lack of risk managementtoward other, less scintillating, breaches that is trulyscandalous.

Privacy breaches can happen anytime, anywhere, whether it istweeted, YouTube(d), Facebooked or even from old-schooltechnologies like laptops or even paper files (oh thehumanity!)

So how about this headline I ran across? "Digital photocopiersloaded with secrets." A CBS News expos? found some alarming things,ranging from detailed domestic violence complaints and a list ofwanted sex offenders to 300 pages of individual medical records,all from used copy machines. Click here to view story.

The point is, just when you think you have cyber issues underyour thumb and in control, you find there's a lot more lying underyour nose! And here I thought the only breach that might happen ata copy machine is when I print off a document (double-sided),forget to pick it up (often), and then someone else grabs it(unintentionally, of course).

Everyone has a security and privacy risk. We'renow born with it. And it is not becoming a serious issue - italready is. In 2009, according to the Open Security Foundation, there were554 data breach incidents reported affecting a staggering 220million records! - that means one record for every 1.36 people inthe United States.

Just as stunning are the costs. The average cost of a databreach rose to $204 per record in 2009, this according to thePonemon Institute's 2009 Annual Study: Cost of aData Breach. The average organizational cost per breach was$6.75 million. The least expensive breach in their survey?$750,000.

This is not nano-sized stuff. It is a huge exposure, and yetvery few firms are addressing that risk by buying security andprivacy insurance. Some firms understand the risk and want toabsorb the cost of risk -that is perfectly reasonable. The reality,however, is that most firms do not know the risks and areill-prepared to handle such a costly event. The most common excuseI hear is "they will buy it when claims start coming in." What, are220 million records not enough real-life occurrences?

What are you seeing out there? Is there a generational gapamongst customers-i.e. younger risk managers are more understandingof the risk? Does the level of e-risk savviness vary by customerindustry?

It's a brave new world out there, and will we be brave enough toproactively help our clients secure themselves from this issue?