"Incidents like the one experienced by TJX provide the best argument for not holding onto large amounts of sensitive information, but there's no evidence yet that these events have pushed other companies to improve their own data security efforts," Coney said. "This is exactly the situation that the criminals want; they can move in and steal the data and it's hard to tell what they made off with, which lets them keep doing business longer."

One of the major problems in convincing companies to invest in technologies to defend information from internal and external threats, experts said, is that security workers still have a hard time justifying the cost of expensive new tools to senior executives, who want to know why the systems they've already installed aren't enough.

Making a case for how a data breach could affect a company's bottom line should be simple, but many business leaders are unwilling to dip into their coffers for new IT defense systems, EPIC's Coney contends.

"If you consider the problem in terms of risk analysis and the potential cost of an incident that exposes sensitive information, including the damage to a company's reputation, it shouldn't be a hard case to make," Coney said. "But getting companies to think like that is still a challenge, as the IT workers don't have a way to position the issue from a bottom-line standpoint; eventually someone will make a case for liability with one of these breaches, and that's when people will really get it."

Research company, Ponemon Institute, based in Elk Rapids, Mich., estimates that information losses cost U.S. companies an average of $182 per compromised record in 2006. However, other industry watchers, including Gartner's Mogull said there's no real way to quantify the long-term damage done to a firm's reputation by a TJX-like event.