As opposed to needing to dip their toes in “illegal” conduct and making their income streams unsound or too risky in terms of legal liabillity by doing ransom demands

  • Sanctus@lemmy.world
    link
    fedilink
    English
    arrow-up
    14
    ·
    3 days ago

    Most companies dont give a shit about security except for 6-8 months after a recent hack.

    • cheese_greater@lemmy.worldOP
      link
      fedilink
      arrow-up
      2
      ·
      3 days ago

      But why would that not fall under their specific fiduciary duties to attend to?

      They use fiduciary responsibillity as a legal and ethical defense to ward off disrupting their most harmful efforts, how can that not be moreso relevant towards defending their cyber stuffs?

      • slazer2au@lemmy.world
        link
        fedilink
        English
        arrow-up
        11
        ·
        2 days ago

        Because you are not thinking like a board member.

        You have an IT system that has been in place since before you were hired. Let’s be generous and say it was developed in the 90s and running on an AS400. All costs are accounted for and is costing $400k a month, the platform is working as intended and staff are adequately trained. The platform is rock solid and you don’t recall the last time a catastrophic failure happened.

        Your IT underling comes to you one day and says we need to change this business critical and it will cost $1.2 million as a Capex with an ongoing opex of $600K a month. it will take 4 years to develop, another 6 months to migrate the data between systems and take another 4 months to train staff back to a basic level.

        How in the world do you pitch that to your fellow board members?

      • xmunk@sh.itjust.works
        link
        fedilink
        arrow-up
        9
        ·
        3 days ago

        You’d be amazed the kinds of excuses companies can come up with to avoid doing something they don’t want to do.

      • Sanctus@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        edit-2
        3 days ago

        Dude is out here thinking corporations are lawful. Cyber security costs money, money that they pocket otherwise.