“Massive Data Leaks Keep Happening Because Big Companies Can Afford to Lose Your Data”
Erik Sherman, Motherboard, November 15, 2018
Large corporations spend about 0.1% of the money they take in on computer and network security and another small fraction on insurance against data breaches. They won't spend more, because data breaches (a) don't occur that often and (b) aren't very expensive.
Executives focus on things that make a big difference to the company. Breach and protection costs are so small that they get little attention. Insurance is likely to be on the same scale or less. When management doesn't see something as an important financial priority, it doesn't get done.
What interests me most is observation (b). Data breaches aren't expensive to corporations because most of the consequent costs are borne by the corporation's customers and by innocent bystanders. I think that it should be possible to sue corporations when data breaches reveal that have been irresponsible data custodians.