The cost benefit calculation also includes the odds of being hacked. Enormous numbers of organizations are at risk but most survive by security by obscurity. Most are content to hope to remain obscure.
Especially since the cost of actual security is very high. You have to build it into every aspect of the system. It makes development cost an order of magnitude more and constrains usability... and you'll still never really be certain
When you take employees into account the cost becomes almost insurmountable. Keeping bank style security means tightly limiting access, making even simple operations more work.
That's not an excuse. That's a warning. We are at grave risk, and we need to completely reconsider how almost every piece of software is written. Competence is hard and expensive.
Especially since the cost of actual security is very high. You have to build it into every aspect of the system. It makes development cost an order of magnitude more and constrains usability... and you'll still never really be certain
When you take employees into account the cost becomes almost insurmountable. Keeping bank style security means tightly limiting access, making even simple operations more work.
That's not an excuse. That's a warning. We are at grave risk, and we need to completely reconsider how almost every piece of software is written. Competence is hard and expensive.