[miohtama]

In a proper capitalistic system, those who build low quality e-commerce services, including hackable ones, should go out of business and replace more competent companies. This includes buying services from bad suppliers.

This Reddit post hints that many shortcuts were taken, security not taken seriously when they should have, and now they reap what they sow.

[skippyboxedhero]

There has been no reaping. MKS shares were largely unimpacted (despite this costing at least £300m). Management have tried to deflect, said this was a highly sophisticated attack, said that other firms had been hacked but just didn't report it, endless amounts of lying.

The reality is that decreasing costs is a far easier lever to pull than increasing revenue so managers will be heavily incentivised to do this if you give them profit-based incentives. This happens every few years with listed companies in the UK now, no-one ever changes their behaviour (retail, in particular, is ground zero for bluffers in the UK, managers are exceptionally bad, and even worse are comp committees that set targets that cannot be achieved without damaging long-term value).

There is no efficient market here. It is as simple as managers understanding the world we now live in, and that is unlikely because all these companies view IT as a cost and their managers are people who rotate through executive roles and politics despite leaving a flaming wreck in their wake. Things will stay the same.

[Aurornis]

> In a proper capitalistic system, those who build low quality e-commerce services, including hackable ones, should go out of business

If the impact is large enough, they do.

This not a case where binary thinking works for most situations, though. The costs associated with the attack will hurt them by damaging their balance sheets a little bit, taking capital away from more productive opportunities, and distracting their employees from more fruitful tasks.

There’s always a public thirst for immediate blood in these situations, but the damage is more subtle and manifests more as opportunity cost than a sudden collapse of the company. The demand for sudden stock market collapse of companies is ironic, given all of the criticisms thrown at companies for putting too much emphasis on short term stock results.

[helloooooooo]

They do. Security is about risk management. It’s all very actuarial. If the damages from an attack are severe enough (ie. a company makes it go bankrupt), that’s capitalism working.

[mattigames]

"proper capitalist system" aka fantasy capitalism, an utopic capitalism that lacks operations/tasks where deceiving is cheaper than doing things correctly, yes I am one of those that don't believe that such thing is compatible with human nature.

[lyu07282]

That's a very naive view of capitalism, there is nothing inherently preventing companies from being negligent in infosec no matter how "proper" that system is. Also wouldn't defunding the ICO make it more proper?

[immibis]

In capitalism-as-explained-by-capitalists, that would happen. In actual capitalism, it would not.

[chrisweekly]

"go out of business and replace more competent companies"

... be replaced by more competent companies