Re: [INSERT-NAME-HERE] operates to highest standards, but attacks are increasingly sophisticated...
"More whistleblowers"
"I would, but I dont want to lose my job"
This is why there are no whistleblowers.
Jobsworths are why nothing gets highlighted.
Bug bounties are all fine and well, but they also need to work inwardly. As far as I am aware there are no internal bug bounties.
That said, I am generally anti bug bounty because I find them insulting.
Cyber security needs to be proactive not reactive.
Simply invest in a good cyber security expert.
If you never get fined, he saved you millions of pounds. Therefore is worth a lot of money. Considerably more than a miserable bug bounty.
Ideally you should have a minimum of two cyber security experts. One to constantly test an one to constantly improve.
If one is the wrecking ball and the other is the concrete bunker you have a more objective approach.
Each needs to be paid handsomely because if it comes to a head and something does go wrong the cyber guys need the means to access proper legal protection.
As it stands being a cyber security expert can leave you exposed and as a result makes it a very risky career prospect.
Simply finding the wrong type of bug can ruin your career.