Baich, who faced stern criticism from many former supporters for suggesting that the failure of ChoicePoint to vet its customers wasn't the purview of the CISO, said he now has a more holistic view of enterprise security after working on behalf of companies for Price Waterhouse Coopers and now Deloitte.

"It's allowed me to experience things differently. You can't talk about security or privacy and compliance without talking about people, policies, and processes," he said.

Among other things, companies need to plan in advance for incidents like the TJX or ChoicePoint breach and create cross-disciplinary teams, including human resources, legal, information security, physical security, and law enforcement personnel, to respond to them when they occur, Baich said.

"More than ever, companies are evaluated on their response by the press and by their shareholders," he said. "There's an opportunity to consolidate those into an effective, functioning team that takes a mature, holistic approach, but it requires organizational change."

However, even the best-intentioned companies will continue to wrestle with breaches if the public's awareness of the threat of identity theft and data loss isn't improved.