I guess the easiest way to assess the risk is to look at what happened the last time nearly every adult American with a credit card had all of their SSN/DL/Vital information breached. Well since that never happened, I'm not sure how you can assess it. It's like assessing earthquake risk, wildly inaccurate and not terribly useful, at least once you know you live in a fault zone, no one can tell you how likely the next big one will be. You're either as ready as you can be, or you have some more work to do.
And financially we all just got dumped into the fault zone.