This is regulated. And there are penalties for violating those regulations. But it’s just not enough. Even a class action lawsuit won’t help the victims. Most of that money goes to lawyers.
Honestly, I don’t expect any of it to change until the penalties are so severe that major companies go under. Aka a corporate death penalty (which the US used to have). But even then, good software security is extremely hard. Almost everyone screws up something.
This is regulated. And there are penalties for violating those regulations. But it’s just not enough. Even a class action lawsuit won’t help the victims. Most of that money goes to lawyers.
Honestly, I don’t expect any of it to change until the penalties are so severe that major companies go under. Aka a corporate death penalty (which the US used to have). But even then, good software security is extremely hard. Almost everyone screws up something.