Sreedhar Kajeepeta recently examined a number of ITSM frameworks to help businesses in his Network Computing article, "The IT Governance Cheat Sheet." As mentioned in the article, an IT failure should launch a predefined remediation process, arguing that we need more control with IT services coming from inside and outside (cloud) assets.
ITSM is only a means to an end, and, to that extent, business objectives and governance must come first...
Keep in mind that ITSM is a mix of optional best practices and enforceable policies. Wherever possible, policy-driven ITSM must be elevated to policy-governed ITSM, so breaches and outages can be averted, rather than merely reported on after the fact.
As a proactive and process-driven program, ITSM can help your company reduce costs through better IT management as well as offering another way to manage the risk of a data breach. Through prevention you can definitely both avoid and minimize the impact of serious issues like data breaches.
The author suggests that not all ITIL processes are "must-haves", and a given company could probably benefit from 10-15 carefully chosen subsets instead of all 26 ITIL processes. If you are new to ITSM, the article gives you a quick 6-point checklist to start an ITSM program.