"Whether they should continue to exist into the future should depend on if the expected positive value of their services in that future exceeds the expected damage from having a big meltdown every once in a while"
I don't think that's right, since it ignores externalities.
You want to create a system where every company is incentivized to make positive security decisions. If your response to a fuckup of unprecedented scale is just "they learned their lesson, they probably won't do that again", then the message these companies receive is that it is okay to neglect proper security procedures, because you get one global economic meltdown for free.
I don't think that's right, since it ignores externalities.
You want to create a system where every company is incentivized to make positive security decisions. If your response to a fuckup of unprecedented scale is just "they learned their lesson, they probably won't do that again", then the message these companies receive is that it is okay to neglect proper security procedures, because you get one global economic meltdown for free.