Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
idealloc_haris 6 hours ago

I think that's definitely true to a degree, but I think the think more companies are worried about is the reputational damage from the terrible press. Look at Solarwinds (not a data breach, but similar press around it). It erased hundreds of millions in shareholder value and the company was taken private at pennies on the dollar in the aftermath. There's real risk there.

kjs3 2 hours ago | parent | next [-]

If only.

For every Solarwinds, there are hundreds of breaches that never get more that a cursory reporting (if that). And Solarwinds is still in business (and some would call "taken private at pennies on the dollar" as a feature not a bug, but I digress), as are vastly more consequential examples (Equifax, anyone?).

Yes...reputational damage is a thing, but in my experience (sitting in the decision making meetings, as a participant, many, many times in my career) it's a second-tier player at the end of the day. This is especially true of data breaches...I cannot count the number of times (in the last decade particularly) where the decision point was "What reputation damage? Everyone and their mother has had a data breach. No one cares.". I don't think they're wrong.

This, like many issues of security and risk, is the consequence of the vast majority of the customers not caring. How many users dropped Facebook in 2019, or LinkedIn in 2021 (or 2012)? How many swore off Ticketmaster? Marriott? Adobe? eBay? And that's just ungodly massive breaches. So why would the average business give a steaming crap?

In my dark little heart of hearts I sometimes think "what would it take for the average person to actually care", and then I realize what that looks like, and I don't sleep well for a couple of nights. Cheers!

jeffwask 42 minutes ago | parent [-]

Solarwinds YOY Revenue is up $100 million since then so even Solarwinds didn't take that big of a hit.

dpoloncsak 4 hours ago | parent | prev [-]

I think it's better to compare data breaches to data breaches, like when Adobe got breached. Or Oracle. Or Rockstar.

Nothing happened in the grand-scheme of things. Even after Oracle lied and pulled some shady tactics to downplay what happened.

A few years ago Crowdstrike took down the entire set of corporate computers and everyone still uses Falcon. There is simply no accountability anymore