The DrZeroTrust Show - podcast episode cover

The DrZeroTrust Show

DrZeroTrust
Oct 25, 202423 minSeason 4Ep. 43
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

In this conversation, I discuss the ineffectiveness of compliance violations and fines in changing corporate behavior regarding cybersecurity. I present data showing that fines are often negligible compared to company revenues, making them merely a cost of doing business. I argue for a reevaluation of negligence in cybersecurity and emphasizes the need for accountability, suggesting that without significant consequences, organizations will continue to prioritize profit over security.

Takeaways

Compliance violations are often seen as a cost of doing business.

Fines do not significantly impact large corporations' revenues.

Cyber insurance can offset the costs of compliance violations.

Statistically, companies often see stock price increases after breaches.

The current compliance framework does not enforce real change.

Negligence in cybersecurity needs a clearer legal definition.

Fines for violations should be more substantial to deter negligence.

Government organizations often escape penalties for breaches.

The data suggests a need for a shift in accountability measures.

Compliance does not equate to actual security improvements.





For the best experience, listen in Metacast app for iOS or Android