The fact that data breaches are becoming a routine occurrence in the life of a business is no surprise considering the drastic increase over recent years in the volume of data that companies maintain. While routine, breaches are nonetheless an extremely costly part of doing business. According to a 2014 research report by the Ponemon Institute, the average cost of post-breach activities is $1.6 million, with the average cost of lost business an astounding $3.2 million. Since some form of a data breach incident is highly likely, one solid defense is to create a written information security program (WISP). However, a WISP must be more than mere words on paper. In order to create an effective program, a company must comply with its WISP, in conjunction with other measures. And the company’s compliance efforts should be led by top executives in order to underscore the importance of the security issues involved.