Re: Security investment
Unfortunately the costs of failure are still insufficiently high. Some of the breaches we've seen ought to have brought down the companies. It's not hard to think of a few who ought to be remembered only in MBA courses as case studies in failure. I can only think that C-suite members simply think "There, but for the grace of God, go I" and continue doing business with them.