> these endless data breaches could be reduced if we fixed the incentives, but that's difficult
It’s honestly unclear if the damage from data breaches exceeds the cost of eliminating it. The only case where I see that being clear is in respect of national security.
>> if the damage from data breaches exceeds the cost of eliminating it.
Definitely not. Damage is done to customers but costs to eliminate are on the company. Why should company invest more if there are no meaningful consequences for them?
The cost of identity fraud clocks in around $20bn a year [1]. A good fraction of that cost gets picked up (and thus managed) by financial institutions and merchants.
I’m sceptical we could harden our nation’s systems for a few billion a year.
The more important point is that the people who would have to pay to avoid data breaches (companies) are not the ones who suffer when they happen (the public). It's the same problem as industrial pollution.
It’s honestly unclear if the damage from data breaches exceeds the cost of eliminating it. The only case where I see that being clear is in respect of national security.