The security breach of Nationwide Insurance last week is thelast thing anyone in the business world wants to announce. There's a level of trust associated with anycompany that consumers choose to do business with, but despite thebest efforts of those companies and their security teams, theattack on Nationwide doesn't appear to be anything out of theordinary, nor will it be the last of its kind.

In an article to be published in the Decemberissue of Tech Decisions, I interviewed Dan Greteman,CIO of Allied Group, a part of the Nationwide family. The interviewwas conducted in late September, just days before the attack on hiscompany.

Greteman was proud of Nationwide's record on security, buthardly cocky. He pointed out that for two years in a row thePonemon Institute had listed Nationwide as one of the most trustedcompanies in the United States in terms of privacy.

Like all accolades, though, they focus only on what has happenedin the past. Security conscious CIOs, as Greteman admits, need tofocus on the future. He also doubts that security issues will everdisappear.

“I feel good about where we are as an organization—a greatmix of reactive and proactive,” he says. “We attend security eventsacross industries and speak to others to get a good perspective onwhat they are dealing with. It doesn't matter if you are afinancial services company, an insurance company or atelecommunications company, likely you have very similar dynamics.We are learning from them and I believe we've had very goodresults. As we move into new models and packaged software, we needbetter integration to make sure we are protecting our policyholderdata and personal information.”

How many CIOs would say the exact same thing about theircompany? Quite likely, most, but that statement—and the attack onNationwide—only goes to show how difficult a job companies have toprotect their private information on systems that are vulnerable toattack.

We as consumers trade off security every day of the week for onesimple reason: convenience. We want quick access to the personalinformation we share with companies to pay our bills and conductimportant business functions. As Greteman points out, when there issomething of value sitting out there, criminals will find ways toget their hands on it.

“Anytime there is money, personal information, and theability to do harm to folks, you are going to have people out theretrying to take advantage of that,” he says.

Vigilance in terms of data security is a 24-hours-a-day job andeven then it might not be enough.