As long as the penalties for data breach are a slap on the wrist and buying everyone one year of credit monitoring, no one will.
> As long as the penalties for data breach are a slap on the wrist and buying everyone one year of credit monitoring, no one will.
And, of course, that one year is totally useless when one is subject to multiple breaches per year. Throw in the fact that so many breaches aren't even with a company that affected individuals have a direct relationship with, and it becomes virtually impossible to fix this.
At this point, I'd be in favor of making any company that handles personal data pay in advance for the monitoring, and get refunded when they prove that that OR THEIR PROVIDERS haven't had a data breach.
I think that's definitely true to a degree, but I think the think more companies are worried about is the reputational damage from the terrible press. Look at Solarwinds (not a data breach, but similar press around it). It erased hundreds of millions in shareholder value and the company was taken private at pennies on the dollar in the aftermath. There's real risk there.
I think it's better to compare data breaches to data breaches, like when Adobe got breached. Or Oracle. Or Rockstar.
Nothing happened in the grand-scheme of things. Even after Oracle lied and pulled some shady tactics to downplay what happened.
A few years ago Crowdstrike took down the entire set of corporate computers and everyone still uses Falcon. There is simply no accountability anymore
As long as the penalties for data breach are a slap on the wrist and buying everyone one year of credit monitoring, no one will.
> As long as the penalties for data breach are a slap on the wrist and buying everyone one year of credit monitoring, no one will.
And, of course, that one year is totally useless when one is subject to multiple breaches per year. Throw in the fact that so many breaches aren't even with a company that affected individuals have a direct relationship with, and it becomes virtually impossible to fix this.
At this point, I'd be in favor of making any company that handles personal data pay in advance for the monitoring, and get refunded when they prove that that OR THEIR PROVIDERS haven't had a data breach.
I think that's definitely true to a degree, but I think the think more companies are worried about is the reputational damage from the terrible press. Look at Solarwinds (not a data breach, but similar press around it). It erased hundreds of millions in shareholder value and the company was taken private at pennies on the dollar in the aftermath. There's real risk there.
I think it's better to compare data breaches to data breaches, like when Adobe got breached. Or Oracle. Or Rockstar.
Nothing happened in the grand-scheme of things. Even after Oracle lied and pulled some shady tactics to downplay what happened.
A few years ago Crowdstrike took down the entire set of corporate computers and everyone still uses Falcon. There is simply no accountability anymore