Until they are fined 10% of yearly revenue. That's why you need a strong governm...

eadmund · 2024-09-09T18:29:33.000000Z

An alternate, market-based solution would be insurance companies who impose requirements for insurance. That increases the chances of finding an economic balance between security and productivity. A government regulation applies to everyone, even if it no longer makes sense: an insurance company whose requirements are out-dated will be out-competed by others, while an insurance company whose requirements are insufficient will go out of business.

fsflover · 2024-09-09T18:57:09.000000Z

> An alternate, market-based solution would be insurance companies who impose requirements for insurance.

This is exactly why the CrowdStrike disaster happened: https://news.ycombinator.com/item?id=41011065

fmajid · 2024-09-09T19:06:08.000000Z

The market for cybersecurity insurance is collapsing:

https://www.theinformation.com/articles/companies-are-ditchi...

but the OP's arguments also apply to insurance, yet businesses buy insurance every day. The difference is the fines and liability for data breaches are so paltry it is the rational thing to do not to invest in security. This can only change through legislative action. I wouldn't hold my breath.

leonadato · 2024-09-09T18:31:59.000000Z

It's interesting that you mention this. It's part of the follow up article coming soon.

hcfman · 2024-09-10T12:14:18.000000Z

Can we not also have really extreme punishments for government officials that break the law?

acuozzo · 2024-09-10T13:04:29.000000Z

Checks & balances do not work in the absence of empowered incorruptible entities because of collusion. At best, they just slow things down.

hybrid_study · 2024-09-09T17:43:04.000000Z

agree in spirit. better federal laws to hold companies accountable