Reply to post: Re: "Except it would had cost money to do so. Money not spent = profit."

Equifax how-it-was-mega-hacked damning dossier lands, in all of its infuriating glory

Fred Flintstone Gold badge

Re: "Except it would had cost money to do so. Money not spent = profit."

The root cause?

Absolutely .

IMHO it ought to be the basis of any fine: make the fine many, many times more than the expense of doing it properly, of course retrospectively applied and aggregated. It's the only way I can see this become a concern for those taking the decision as it hits them in their pocket.

Further, make security audits mandatory as well as their publication for big organisations after, say, a 3 month period to fix the problems found, with an extra 3 month wait extension only available via a rigorous exception process to filter out the usual excuses.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021