Businesses' and institutions' reliance on information technology grows every day. In fact, the trend is no longer to just get digitized, or even to go online—we are now moving toward completely "paperless" offices.

 

When filing systems and information warehouses were physically within walls it was far more difficult to steal or misuse sensitive information. Today's virtual world presents only nebulous barriers to information thieves. 

 

This has necessitated the promulgation of laws and regulations to criminalize cyber intrusions and internal abuses, and they set information assurance requirements to protect sensitive consumer, financial, health and educational information. 

 

At a minimum, covered businesses and institutions must comply with various regulations that require physical and procedural safeguards for IT systems and physical spaces that house protected information. Failure to meet regulatory minimums can result in serious consequences that could, potentially, expose a business to financial failure through fines, lawsuits or lost business.​