> these endless data breaches could be reduced if we fixed the incentives, but that's difficult

It’s honestly unclear if the damage from data breaches exceeds the cost of eliminating it. The only case where I see that being clear is in respect of national security.

▲

ponector 5 days ago | parent | next [-]

>> if the damage from data breaches exceeds the cost of eliminating it.

Definitely not. Damage is done to customers but costs to eliminate are on the company. Why should company invest more if there are no meaningful consequences for them?

	▲	JumpCrisscross 5 days ago \| parent [-]
		> Definitely not. Damage is done to customers What is the evidence for this? The cost of identity fraud clocks in around $20bn a year [1]. A good fraction of that cost gets picked up (and thus managed) by financial institutions and merchants. I’m sceptical we could harden our nation’s systems for a few billion a year. [1] https://javelinstrategy.com/research/2024-identity-fraud-stu...

▲

AlotOfReading 5 days ago | parent | prev [-]

The more important point is that the people who would have to pay to avoid data breaches (companies) are not the ones who suffer when they happen (the public). It's the same problem as industrial pollution.