When data disaster strikes, speed is of the essence and, in theory, as soon as the breach is discovered the response team should dust off the pre-rehearsed action plan and put it into practice.

Of course, we live in the real world where other priorities mean planning for future possibilities is often back-burnered by day-to-day business. In fact, most companies are so preoccupied that, according to Verizon’s 2008 Data Breach Investigation Report, three-quarters of breaches are not discovered by the victim company but by a third party, such as a supplier or banking card company.

Card issuers may spot a pattern of fraud, and then run software to find a common point of purchase across all ...