Last week, we learned that researchers had discovered two major flaws in microprocessors of nearly all the world’s computers. The revelation came on the heels of a distressing series of major hacks: In 2017, Yahoo revealed that all of its three billion accounts were compromised, WannaCry ransomware shut down hospitals across the globe, and an Equifax breach affected approximately 145.5 million consumers in the United States. The latest news about the computer security problems — whose names, “Spectre” and “Meltdown,” appropriately convey their seriousness — is just the latest evidence that true digital security remains out of our reach.
But when these vulnerabilities are exposed and damaging attacks occur, there are few lasting repercussions. Almost without fail, stock prices bounce back, customers return, executives keep their jobs or exit with golden parachutes, and government mostly looks the other way. After the news of Equifax’s massive breach, for example, the company’s stock dropped roughly 35 percent. But it’s already recovered nearly half of its lost market value, and Fortune reported that the former chief executive officer Richard Smith retired with as much as $90 million in compensation. Resilience is one of the hallmarks of stable, mature markets, but something isn’t right here.
The tepid consequences are part of a growing problem. From a corporate governance and accountability perspective, cybersecurity today is being treated like accounting was before the fallout from the Enron scandal inspired the Sarbanes-Oxley Act’s increased standards for corporate disclosures. With the privacy and personal data of hundreds of millions of people at risk, and especially now with the increasing ubiquity of connected devices in our lives, the security of digital assets is too important for that kind of treatment. We need to bolster a culture of responsibility around cybersecurity, combining stronger and more uniform corporate governance with a clearer government commitment to enact better defensive policies.
A complex hack may not be a C.E.O.’s fault, but it is absolutely his or her responsibility. Investors and consumers need to demand more from the executives to whom they entrust their digital lives. The same holds true for government. Protection of the welfare and livelihood of its citizens is a foundational principle of government, and yet for more than a decade there has been very little consequence for nation-states and state-affiliated groups who’ve pilfered the intellectual property, and violated the personal privacy, of citizens and companies around the world.
Recente reacties