Comment by bunderbunder

2 days ago

It's also a sort of moral hazard problem.

If you, the person in charge of these decisions, allow an incumbent policy - even a bad one - to stand, then if something goes wrong you can blame the policy. If you change the policy, though, then you're at risk of being held personally responsible if something goes wrong. Even if the change isn't related to the problem.

It's not just cybersecurity. I have a family member who was a medical director, and ran up against it whenever he wanted to update hospital policies and standards of care to reflect new findings. Legal would throw a shitfit about it every time. With the way tort law in the US works, the solution to the trolley problem is always "don't throw the switch" because as soon as you touch it you're involved and can be held responsible for what happens.

3 comments

bunderbunder

zaptheimpaler 2 days ago

I love the analogy to the trolley problem. It sounds like this logic would literally hold up in a real-life trolley problem in regards to the law.

leoc 2 days ago

"No-one ever got fired for buying IBM" etc.

ToucanLoucan 2 days ago

I mean that was true about Boeing, right up until it wasn't.