A recent Ponemon Institute study found the average annual cost of cybercrime was $8.9 million per year per company. The companies in the study experienced on average 1.8 successful cyber-attacks per week. The frequency of such incidents has made data security the top legal concern of 55% of in-house counsel, according to the 2012 Law and the Boardroom Study by Corporate Board Member and FTI Consulting. A plethora of federal and state laws designed to protect consumers also has helped push data protection to the top of the compliance priority list. Businesses and criminals are constantly working against each other to come up with the latest technology to thwart the other in this area. However, not all data theft is high-tech. The improper disposal of documents containing sensitive data, such as in unsecured trash containers that are accessible to the public, violates federal rules protecting consumer information against trash-diving identity thieves. Doing the right thing starts with encryption, the process of encoding information so it is unreadable to hackers. The safe harbor only applies if the decryption keys that allow the data to be viewed are not compromised. Therefore, strong key management is essential. Experts also strongly recommend encryption for mobile devices.