[scurvy]

> Security is incredibly complex and minor/subtle mistakes can destroy companies

For better or for worse, that's not the case. These days, security mistakes just end up in 2 years of free credit monitoring. Ironic case in point, Equifax.

I'm not saying you shouldn't take security seriously. But it's not fair to say that insecurity could destroy your company. Mainly, most end users just really don't care (or have a choice).

[spenczar5]

It depends on the company. What you say is true for a consumer website, but much less true for a SaaS product which depends on customer trust. For example, imagine an AWS or Salesforce or Github security breach that released very private business data.

[scurvy]

Of the 3 mentioned, I doubt they'd lose more than 5% of revenues.