Of course they are going to deny it. They do not want the general public knowing about a data breach within their company
Not true, although some companies will deny any data breaches until faced with the legalities of the situation, most companies will not when faced with media and public relations. This changes when the a PR situation transfers into crisis management at which point your policies regarding those PR situations no longer apply.

When there are small breaches in the security of data, as quoted in the article, most companies will try and save face by applying an isotropy of modeling. Lets look at the quotes I used from the article.

Neiman Marcus spokeswoman Ginger Reeder says no records of sensitive customer information are printed out at the call center. If any such information made it into the trash, "It would be a breach of company policy and an isolated incident," says Reeder.
This is nothing more than good standard PR situational management. If the company has in place policy to prevent such incidents from occurring, quote that policy. Then relate that such situations are rare and a breach of policy while never denying nor admitting the incident occurred.

Convergys spokeswoman Lauri Roderick disputes Mary's account. The Cincinnati-based company has a "strict clean-desk policy" that requires shredding of any sensitive paperwork, she says. And Sprint customer-service calls, she says, were never handled by the 1,200 workers at the Mill Woods facility, one of 14 in Canada. "We're confident there has been no breach in security of our customers' data," Roderick says.
PR situational management in this case is “deny, deny, deny” not a very good policy if you are not 100% positive that a data breach could not have occurred. If they should find security easily breached at this facility you now have a PR nightmare on your hands.

They know it will HURT if not, kill business.
In my experience it all depends on how the company handles the situation. If a company has a great reputation with there customers and the customers are loyal then there is no reason why the company cannot save itself from most situations. It all depends on the situation and how the situation is handled.

90% of companies that have been breached (data migration, data lost etc...) go to the wall within 12-24 months.
Do you have hard data to prove this if so I would like to see it. I have not seen any data that proves companies “go to the wall within 12-24 months”. As I said before it all depends on the situation and how the company handles that situation.