Hacker News new | ask | show | jobs
by gibba999 1764 days ago
You're assuming perfect market transparency. That's a false assumption.

Company A has good security, which adds $5 in your costs.

Company B has poor security, which doesn't, which will lead to $500 down-the-line from a security breach and identity theft. It charges $2.50 less and otherwise has an identical product.

You have no way to know that. You will go with company B, and you will split the $5 gain, where you save $2.50 and they take $2.50 more in profit.

Company B externalizes costs onto the customer. Company A's customers have higher initial costs, but they wouldn't be defined as 'externalized.'
1 comments
Sebb767 1764 days ago
> You're assuming perfect market transparency. That's a false assumption.

The situation we have here is clearly company B. So we have two options:

- Let the victim (who is or was a customer) pay the $500

- Let the company pay the $500. They need to get that money [0], so they charge their current customers more money.

Either way, the bill goes to the customer. The only difference in the second scenario is that the company needs to increase prices, which will hurt them in the long run and (hopefully) justify the additional expenses in security. But they can't create money out of thin air [1].

> Company A's customers have higher initial costs, but they wouldn't be defined as 'externalized'.

You're right - I was wrong about the definition of externalized.

[0] Technically, they don't - they could go bankrupt. But that would be the first scenario all over again.

[1] Unless we're talking about a bank, of course ;)

link
gibba999 1764 days ago
I say charge company B, but I disagree with your analysis of where the money will come from. Companies charge to maximize future profits.

If company B tries to charge customers an extra $500, they'll be more expensive than company A, and customers will go to company A. They'll exactly go bankrupt. If they could have charged customers $500 extra and kept it, they would have done that from the get-go. The money won't come from customers, at least in a market with any competition.

Where will it come from? Well, the money will ultimately come from company B's investors. There are several mechanisms by which this can happen:

- Company B has a billion dollars in the bank. It spends $500 million on damages. It now has $500 million in the bank, and is worth $500 million less.

- Company B has zero dollars in the bank, but an otherwise solid business. It issues new equity, diluting existing equity, to raise $500 million. Existing shares are worth $500 million less.

- Company B has zero dollars in the bank, and a negative net worth. It files for bankruptcy. A court reorganizes it to pay the debtors (e.g. the customers). Old shares are worth $0, and the company is now owned by its debtors -- it's customers. The shares aren't quite worth $500 each, but customers get as much as possible, and the business keeps chugging along. No one loses their job.

Once investors notice, they'll start to include data security into company valuations. Insurance companies will do likewise. Keeping poor security will decrease profits, and security will improve. On the other hand, I don't think many companies will fold -- in the sense of letting customers and employees down -- based on this.

link