Hacker News new | past | comments | ask | show | jobs | submit login

When I started my career I'd always hear old greybeards talk about "oh this one time.. some certain thing happened, and everyone learnt a lesson" and I feel like I just witnessed one of those come into existence



Don’t be surprised if companies would rather roll the dice than pay whatever it costs to prevent the problem.

$4 million once times the risk of getting hit vs. the up-front and ongoing costs of dealing with an overly paranoid IT guy.

Tough call.


But it's not like the problem is solved now. They still need to secure their systems, especially now that criminals know that this company is willing to pay out.


It's more than $4m though. The company was at real risk of imploding and going out of business. I guess that scared the CEO more than the $4m penalty.


How many times would you need to do a security audit before this paid for itself?


A company of this size? Just 10 or 20 times I'm guessing, which really doesn't seem like a high multiple. This is why laws are required to correct the incentives here.


Not just the audits, but the work to follow through on the audits, too. And follow through correctly.


Depends if it really does end up being one time or not, I'd say




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: