Companies now commonly collect security metrics from their software development life cycle, implement basic security measures, and define their obligations to protect user data as part of a basic security strategy.
Source: DarkReading
The New Security Basics: 10 Most Common Defensive Actions