> a data leak could literally destroy a company overnight
Source?
I'm sure we "wish" that were true, but data leaks haven't even destroyed companies whose entire existence is predicated on storing data such as Equifax.
That is peanuts for AWS. The OPs point stands: pretty much no engineer or software company suffered serious consequences over their security practices. The worst was some internet drama and slightly lower *profit*.
Ashley Madison tanked from a data break, and there's an ever growing list of cryptocurrency exchanges that were hacked and ended. It may be that for some businesses a data breach is manageable, but that's not always the case, though more importantly that kind of attitude towards the seriousness of data breaches and vulnerabilities is not wise.
Equifax operates in an industry with a strong network effect and the data they lost belonged to the targets of their data collection, who are neither the people who submit credit reporting information to them nor their paying customers.
Other companies can be much more screwed. Suppose your customer list gets leaked, including their contact info and how much they're paying you for which services. First of all they're pissed at you. The next thing that happens is a competitor downloads the data and sends each of your customers a custom email offering their services for 10% less than they're paying you. While they're pissed at you.
But also, suppose you're Equifax and the people who breach your systems, instead of leaking the data, just delete it. Including the backups. Now you're out of business, because you have nothing to sell.
Source?
I'm sure we "wish" that were true, but data leaks haven't even destroyed companies whose entire existence is predicated on storing data such as Equifax.