Regulations like the Sarbanes-Oxley Act have proven less effective than legislators might have initially hoped they would be at improving overall data security because businesses have focused on meeting the terms of the guidelines versus boosting their overarching protection schemes, Fusco and other panelists agreed.

However, some industry-driven security requirements, such as the PCI (payment card industry) standard forwarded by credit card issuers, have had the desired effect, experts said.

Well-written guidelines can help make the difficult task of convincing senior executives to increase their IT security budgets easier, alleviating one of the most significant challenges of the entire data protection process, according to Steve Peltzman, chief information officer at the Museum of Modern Art in New York.

"We had to spend a lot of time and money on [PCI], but now I'm thankful for it because I don't have to go through the same routine of convincing everyone that this effort is important," Peltzman said. "The credit card companies got together and made it more expensive for us not to deal with [data protection], which is a good example of industry coming together to create a standard that's actually good."

In a seemingly-rare occurrence, the security experts agreed that the creation of an additional, worldwide data protection standard -- as proposed to the assembled group by FishNet's Fusco -- could prove useful in furthering their efforts to secure attention and funding for their data protection strategies.

For global companies in particular, establishing such a global guideline could be effective, they said.

"The international difference in data protection priorities is an issue. If it could be resolved to where we could get universal classification and more people building innovative solutions, that could be a big benefit," said Erich Mueller, security analyst for Allstate Insurance.

BearingPoint's Robinson agreed that such a standard could provide much needed support for security pros.

"Anything that can advance the understanding and foster the culture of security in the executive suite is a positive. We've all been trying to do things like this for ourselves for years," Robinson said. "A standard that can help shorten the education cycle and get us where we need to be is something that I would support."