Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Much Does a Reputation For Security Matter Anymore?

Posted by Soulskill on from the eh-i'm-sure-they'll-patch-it-soon dept.

dasButcher writes "We often hear that businesses risk their corporate reputations if they don't have adequate security. It's been a common refrain among those selling security technologies: protect your data or suffer the reputational consequences. But, as Larry Walsh points out, the evidence is against this notion. Even companies that have suffered major security breaches — TJX, Hannaford, etc. — have suffered little lasting damage to their reputation. So, does this mean that reputational concerns are simply bunk?"

4 of 98 comments (clear)

  1. bad news is good news? by An+anonymous+Frank · · Score: 4, Interesting

    Outside of geek circles, people might assume that if a firm has just suffered a security blunder, that they'll sure be addressing the issue seriously, and that they will make sure it doesn't happen again, as opposed to firms that haven't and presume that security is something other people need to worry about.

    Don't know about repeat offenders though.

  2. Size matters by mcrbids · · Score: 5, Interesting

    From what I can see, size matters. The impact of a security breach on the business is inversely proportional to the size of the business. Small companies, big deal. Big companies, Eh - whataya gonna do?

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.
  3. Re:No 9-11. Yet. by AdmiralXyz · · Score: 5, Interesting

    Your statement actually has rather terrifying implications, since after 9/11 we saw a rush of hysterics that created a) illusory security practices like the nonsense we have to put up with at airports and b) several wars in the Middle East that have done anything but make us more safe. I can't help but think that when (not if) there is a break-in like you describe, the government is going to start keeping track of everyone who downloads nmap, etc.

    --
    Dislike the Electoral College? Lobby your state to join the National Popular Vote Interstate Compact.
  4. Re:Duh by hey! · · Score: 3, Interesting

    It's not so much forgiveness, I think, as resignation.

    For the public, worrying about computer security is like worrying about an invisible, odorless poison gas that appears in completely random places. If they knew where the gas would strike, they'd fear those places. If the gas had an odor, they'd learn to fear it. If they knew who was responsible for creating the gas, they'd demand that outfit be shut down.

    But if there's nothing they can do to protect themselves, they'll just ignore it and hope for the best.

    That's what computer security is like for most people. They don't understand it, and they have good reason to suspect that the people who run the companies they deal with don't understand it. If a company gets hit with an embarrassing breach, they might reasonably conclude that its claim to have learned its lesson is just as credible as a different company's claim it hasn't been hit because it already knows better.

    If you want to fix this, there are two ways, neither of them popular. The first is ore regulation of record keeping practices. The second is to establish liability of companies when information it is holding is misused.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.