Organisations need to have a good risk management system in place and protect sensitive information like any other valuable business asset, to help protect them against malicious attacks and to comply with regulations at the same time.