Originally Posted by
stimpy
True. It makes you wonder why Marriott didn't do a thorough security audit before the merger? They could have spent $1m on an audit and saved much more in fines that may arise from this breach.
I find that BODs and C-suite types are more willing to gamble on spending bigger bucks per outside finance players for hire and for sales activities than on cutting back a little there and on themselves so as to instead spend more on in-house IT or even outsourced IT-related purposes.
Companies with retail customers of sorts haven't yet gotten around to really caring all that much about the privacy of all of their customers, and the companies seem to still have a sort of willingness to take the lumps from IT-related failures and arising data breaches rather than splurging to avoid it going wrong at all. Maybe the GPDR-related fines will change that game, but even in Europe GDPR compliance is still a work in progress and it seems that GDPR is sort of another fad of the day for professional service firms/types to make more money while delivering very little that is concrete other than some forms for people to fill out or more fine print to read/skim/skip.