No company is wholly protected from the risk of a data breach. In fact, the risk of such violations has grown as more data comes online. One statistic says it all: More electronic records were breached in 2008 than in the prior four years combined. What is less understood are the reasons behind these data breaches. This paper looks at the three most common causes of data breaches -- well-meaning insiders, targeted external attacks, and malicious insiders. It offers a broad overview of how to stop them as well as specific recommendations for preventive action.