Washington Bureau Chief Allan Holmes\u2019s \u201cMid-Market Companies Increasingly Attacked by Online Crooks\u201d is a creepy story about how the bad guys increasingly are targeting resource-strapped mid-market companies for their hacks and scams. In other words, the view from the security window is growing darker for every enterprise, big, small and in-between.\n\n\nThis won\u2019t come as a surprise to anyone who pays even the slightest attention to security issues. When has there ever been any good news? When have you ever read that the forces of evil are on the run, that the good guys are gaining the upper hand, that the Internet is becoming a more, not less, secure place to do business? Holmes points out that the situation is particularly dire in the mid-market where, citing our 2006 \u201cGlobal State of Information Security\u201d survey (www.cio.com\/091506), he notes that \u201cabout 43 percent of mid-market companies have annual security budgets below $100,000,\u201d which ain\u2019t, all things considered, a lot. His story goes on to offer tips on what mid-market CIOs can do to shore up security given their limited budgets.But the truth, as evidenced by January\u2019s revelation that big-market retailer TJX was hacked, is that the security situation is dire everywhere. As Holmes reports in CIO\u2019s \u201cInformation Collective\u201d blog (blogs.cio.com), \u201cmore than 100 million identities have been stolen or exposed since February 2005.\u201d So is there any good news on the horizon, any indication that this endless parade of breaches can be halted or even slowed?Ironically, the TJX hack is the good news. Several Massachusetts banks have been able to link fraudulent credit card purchases directly to the TJX breach\u2014the first time this has happened. And why is that good? Because once losses can be linked to specific breaches, lawsuits can be filed claiming damages. And once lawsuits are filed, the ROI of investing in security suddenly becomes blindingly obvious. It\u2019s like in the NBA. In order for a team to improve, first it has to get really bad so that it gets a shot at a game-changing draft pick. In order for security to improve, business has to suffer. Several years ago, CSO Senior Editor Scott Berinato wrote a story, \u201cFinally, a Real Return on Security Spending\u201d (www.cio.com\/021502), in which he suggested that \u201cthe insurance industry in all likelihood will be the engine that drives the technology of security. Software vendors will be forced to fix the holes in their products in order to benefit from lower premiums.\u201dAs long as a business feels it\u2019s done all it can by advising customers (as TJX did) to check their credit card statements, nothing will change.But a punch in the wallet: Now that ought to focus an enterprise\u2019s attention.