Comment by immibis
3 days ago
In a free market, you don't - you start your own company that doesn't waste half of everyone's time on security, and do stuff twice as efficiently, for half the price and outcompete the other one.
Then you get outcompeted by a company with no security at all, which is twice as efficient as you until they get hacked.
Good security, the stuff that actually stops you from getting hacked, shouldn’t be considered wasteful. And eliminating good security shouldn’t be considered an improvement in efficiency.
Ideally we should use the word “waste” to narrowly point at activities that are entirely pointless. Like requiring password rotation every 7 days.
There is no incentive to do so when the shareholders are only interested in the next quarterly earnings report.