Yep. And if staying in business means keeping your website secure, well, isn’t that the goal?
I think part of the problem is that hacker movies make people think hacking is inevitable. Like you can’t actually protect your site and your data from the average punk on roller skates, so why bother? But that’s not true at all. Gmail has - as far as we know - never been breached by anything short of a nation state attacker. And I’m sure a lot of people have tried. You just need to actually care about security and follow best practices (like doing audits / red team and keep up to date with security patches). But most companies only seem interested in properly investing in security if it’s an existential threat.
I think part of the problem is that hacker movies make people think hacking is inevitable. Like you can’t actually protect your site and your data from the average punk on roller skates, so why bother? But that’s not true at all. Gmail has - as far as we know - never been breached by anything short of a nation state attacker. And I’m sure a lot of people have tried. You just need to actually care about security and follow best practices (like doing audits / red team and keep up to date with security patches). But most companies only seem interested in properly investing in security if it’s an existential threat.