Originally Posted by
adrianlondon
I like to think that a fine is designed to help persuade a company to change its behaviour. If BA needs to put their prices up to stop 380,000 people having their data stolen then so be it.
Cybersecurity breaches occur in part because the victim company calculates the cost of recovery to be less onerous than the price of stringent, regularly updated protective measures. (Companies today discount any threat of permanent brand damage from a cyber failure, as numerous precedent cases attest that consumers forget all about them soon enough.) A serious fine would force reappraisal of that cynical calculus.