Re: The "solution" is simple.
"Make the fines so astronomical as to be a true incentive to mitigate the vulnerabilities and protect their customers."
Er, it's the customers that end up paying the fines in almost any instance of corporate 'punishment'. Is that going to change any behaviours?
Something more effective than corporate fines is long overdue. Maybe personal and individual fines for the responsible directors (in the same way as corporate 'leaders' get personal and individual bonuses because when things go right it's their actions that made it happen, yes?).
Or if they'd rather not pay the personal and inididual fines, just lock them up for a week or two.