Most businesses are unaware that they are not compliant with industry regulations in regards to their information technology. These regulations are in place to help keep you, your clients, and your customers' information safe and out of the hands of cybercriminals. They might be seen as a burden to meet, but they are designed to help and protect data from human errors.
In most cases, businesses do not safely protect Personally Identifiable Information (PII). With many newly enacted laws, you might be responsible for any damages and fines caused by the theft of the data for not taking your best effort to protect the data.
Besides trying to meet compliance, you should also have procedures set in place for if you do have an incident, detailing what responses need to be taken. Maintaining IT Compliance and proper Policies will reduce the risk of your data from cybercriminals, but listing procedures will minimize damange and keep your business from facing serious consequences in the face of cyber disaster.