I say charge company B, but I disagree with your analysis of where the money will come from. Companies charge to maximize future profits.
If company B tries to charge customers an extra $500, they'll be more expensive than company A, and customers will go to company A. They'll exactly go bankrupt. If they could have charged customers $500 extra and kept it, they would have done that from the get-go. The money won't come from customers, at least in a market with any competition.
Where will it come from? Well, the money will ultimately come from company B's investors. There are several mechanisms by which this can happen:
- Company B has a billion dollars in the bank. It spends $500 million on damages. It now has $500 million in the bank, and is worth $500 million less.
- Company B has zero dollars in the bank, but an otherwise solid business. It issues new equity, diluting existing equity, to raise $500 million. Existing shares are worth $500 million less.
- Company B has zero dollars in the bank, and a negative net worth. It files for bankruptcy. A court reorganizes it to pay the debtors (e.g. the customers). Old shares are worth $0, and the company is now owned by its debtors -- it's customers. The shares aren't quite worth $500 each, but customers get as much as possible, and the business keeps chugging along. No one loses their job.
Once investors notice, they'll start to include data security into company valuations. Insurance companies will do likewise. Keeping poor security will decrease profits, and security will improve. On the other hand, I don't think many companies will fold -- in the sense of letting customers and employees down -- based on this.
If company B tries to charge customers an extra $500, they'll be more expensive than company A, and customers will go to company A. They'll exactly go bankrupt. If they could have charged customers $500 extra and kept it, they would have done that from the get-go. The money won't come from customers, at least in a market with any competition.
Where will it come from? Well, the money will ultimately come from company B's investors. There are several mechanisms by which this can happen:
- Company B has a billion dollars in the bank. It spends $500 million on damages. It now has $500 million in the bank, and is worth $500 million less.
- Company B has zero dollars in the bank, but an otherwise solid business. It issues new equity, diluting existing equity, to raise $500 million. Existing shares are worth $500 million less.
- Company B has zero dollars in the bank, and a negative net worth. It files for bankruptcy. A court reorganizes it to pay the debtors (e.g. the customers). Old shares are worth $0, and the company is now owned by its debtors -- it's customers. The shares aren't quite worth $500 each, but customers get as much as possible, and the business keeps chugging along. No one loses their job.
Once investors notice, they'll start to include data security into company valuations. Insurance companies will do likewise. Keeping poor security will decrease profits, and security will improve. On the other hand, I don't think many companies will fold -- in the sense of letting customers and employees down -- based on this.