Reply to post: Re: Hack me if you can

Cyber insurance model is broken, consider banning ransomware payments, says think tank

Drew Scriver

Re: Hack me if you can

Just yesterday I was explaining to our children the difference between "legal/illegal" and "right/wrong". One of the key differences is found in the repercussions, or "getting in trouble".

Most companies (and people, for that matter) are primarily concerned with "getting in trouble". Losing money is an example of getting in trouble, as are legal penalties.

Insurance shields companies from financial trouble, and the lack of personal culpability for executives shields from legal penalties.

Years ago the Commonwealth of Massachusetts attempted to pass a bill that would hold executives personally responsible (potentially jailing them) if negligence resulted in loss of customer PII. The bill failed, but I'm afraid that such a law is about the only instrument that would cause companies to take security as seriously as they need to.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon