There is also the simple argument that people want companies to come under greater scrutiny.
LogRhythm research has shown 70 per cent of UK consumers want more prescriptive regulations and 80 per cent support compulsory data loss disclosure.
With so many people wanting stricter laws, it would make sense for companies to really shore up their security something that would benefit everyone from the consumer to the company chief executive.
"Organisations need to move quickly to ensure that their security systems are ready for any data breach disclosure regulations, and that they do not fall into the trap of viewing compliance as a one-time only requirement otherwise, they are risking severe penalties," said Ross Brewer, vice president and managing director for international markets at LogRhythm.
"While the UK is still behind the US in implementing such name and shame' legislation, it's only a matter of time before similar laws requiring mandatory data breach notifications are implemented here."
Time for the ICO to shine?
When laws eventually do come into force making concealment of data breaches a criminal offence, as they are likely to do, it could be the time when the ICO receives praise rather than denigration.
The body has been slammed in the past for not being harsh enough, particularly on private companies. Many thought Google got off very lightly after the Street View scandal. The small fine handed to ACS:Law owner Andrew Crossley did not go down well in some corners either.
When businesses can no longer hide their data offences, however, the ICO won't have many excuses to shy away from fining perpetrators.
If the ICO fails to act sternly when that time comes, it won't be doing itself any favours.
The watchdog has shown it is not afraid to hit public sector firms with significant fines.
It should show that same attitude to private companies too, so citizens' data is universally protected.
