[Hilift]

The fines are symbolic. Even if you look at the fine for the hotel data breach in 2018, that was only $52 million (US) and $23 million (UK), total of $75 million. And the Equifax breach? An executive VP of IT sold $584k of shares right after the breach and before the press release. Nothing happened to him, he said he was unaware of the breach. https://www.npr.org/sections/thetwo-way/2017/09/08/549434187...

The SW supply chain attack is one of the most brilliant cyber attacks in recent history. They hit a train load of gold bars, and had a much as 14 months of dwell time with potentially 18,000 customers. Discovery must have been disappointing for the attackers.

If you follow the most important rule, secrecy, you get plausible deniability and small-er fines.