Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Much Does a Reputation For Security Matter Anymore?

Posted by Soulskill on from the eh-i'm-sure-they'll-patch-it-soon dept.

dasButcher writes "We often hear that businesses risk their corporate reputations if they don't have adequate security. It's been a common refrain among those selling security technologies: protect your data or suffer the reputational consequences. But, as Larry Walsh points out, the evidence is against this notion. Even companies that have suffered major security breaches — TJX, Hannaford, etc. — have suffered little lasting damage to their reputation. So, does this mean that reputational concerns are simply bunk?"

5 of 98 comments (clear)

  1. It only matters if you're affected by BadAnalogyGuy · · Score: 5, Insightful

    Once your identity is stolen, it doesn't matter what precautions the leaking company took or what their reputation is.

    And if your identity hasn't been stolen yet, it might be better to go with a company that has suffered an attack because they likely won't make the same mistake twice.

    Reputations are just rationalizations. Real security is not measurable by reputation.

  2. No security available anywhere by Anonymous Coward · · Score: 5, Insightful

    Essentially, no business properly secures their data. This means there are no alternatives, so there can be no repercussions from failure to enact proper security. People may moan and complain, but it isn't that they chose a company with poor security, it's that the industry just does business without security. For instance, no one will go without banking, and no bank is known for properly securing their data. Thus, clients can't create loss of profits for businesses with a poor security reputation.

    Additionally, most consumers don't consider security as a main part of what they get from a service, thus not making it a major part of their decision. People don't look at banks (example) for how securely they store passwords, but instead for the interest rates provided. Again, until some start doing it right, none will be forced to.

  3. Size matters by mcrbids · · Score: 5, Interesting

    From what I can see, size matters. The impact of a security breach on the business is inversely proportional to the size of the business. Small companies, big deal. Big companies, Eh - whataya gonna do?

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.
  4. No 9-11. Yet. by Hasai · · Score: 5, Insightful

    The problem is there hasn't been the digital equivalent of a 9-11 yet. Once someone breaks into one of the major banks and zeroes the accounts of several million Americans, then you'll see a reaction. Too late. As usual.

    --

    Regards;

    Hasai

    1. Re:No 9-11. Yet. by AdmiralXyz · · Score: 5, Interesting

      Your statement actually has rather terrifying implications, since after 9/11 we saw a rush of hysterics that created a) illusory security practices like the nonsense we have to put up with at airports and b) several wars in the Middle East that have done anything but make us more safe. I can't help but think that when (not if) there is a break-in like you describe, the government is going to start keeping track of everyone who downloads nmap, etc.

      --
      Dislike the Electoral College? Lobby your state to join the National Popular Vote Interstate Compact.