Comment by siruncledrew

Overall, it’s a good thing to encourage obligations of organizations to be diligent about cyber security.

However, I think comparing cyberspace attacks to meatspace burglaries (in the not-Ocean’s 11 sense) and negligence is an unfair comparison.

It’s like a cat and mouse game in actuality. Even with good defenses, determined attackers could still keep banging at the gates trying to get in. There are also attackers that have a good deal of sophistication and ‘cyber arsenals’ to go after these bigger orgs - including nation-states and large crime rings.

In a meatspace analogy: If someone owned a staffing agency, they might require employee ID badges, set 2FA, and have cameras in a building... but probably have no contingency plans for the Russian government attacking them or criminals with a wrecking ball smashing through the walls.