Most companies pay lip service to security, but the emphasis is just not there.  There is bluster and maybe even a few conversions soon after an embarrassing security breach, but all too often a scapegoat is found, fired and then it is back to business as usual.

The missing element is real financial cost.  Looks like Massachusetts and hopefully the feds will change that with new laws that make companies that get hacked pay for the cleanup. 

I really like this kind of accountability.  While I don’t think it will be a panacea solving all our problems it will put those to blame for these problems clearly on the hook for paying to clean them up.

Hopefully other states and Congress follow the lead of Massachusetts.