Re: Hack me if you can
Just yesterday I was explaining to our children the difference between "legal/illegal" and "right/wrong". One of the key differences is found in the repercussions, or "getting in trouble".
Most companies (and people, for that matter) are primarily concerned with "getting in trouble". Losing money is an example of getting in trouble, as are legal penalties.
Insurance shields companies from financial trouble, and the lack of personal culpability for executives shields from legal penalties.
Years ago the Commonwealth of Massachusetts attempted to pass a bill that would hold executives personally responsible (potentially jailing them) if negligence resulted in loss of customer PII. The bill failed, but I'm afraid that such a law is about the only instrument that would cause companies to take security as seriously as they need to.