What's the incentive for companies to care? They get hacked and leak everyone's data all over the place and we all just kinda shrug and say "that sucks". Sometimes bigger companies get in trouble for some millions, an insignificant amount to them.
Look at what happened last week with Netflix. It didn't involve user data, but they got hacked and their stuff leaked and then what? Everyone just shrugged. No big deal. I mean probably some people are getting yelled at internally, but otherwise the situation is clear: we pretend to care about this, but we don't care about it.
Imagine being a security advocate in an organization in this environment. You get to convince business people to spend money so that something doesn't happen, which even if it does happen, will result in embarrassing headlines for a day. Not exactly a convincing case!
Look at what happened last week with Netflix. It didn't involve user data, but they got hacked and their stuff leaked and then what? Everyone just shrugged. No big deal. I mean probably some people are getting yelled at internally, but otherwise the situation is clear: we pretend to care about this, but we don't care about it.
Imagine being a security advocate in an organization in this environment. You get to convince business people to spend money so that something doesn't happen, which even if it does happen, will result in embarrassing headlines for a day. Not exactly a convincing case!