Three Strikes Cyber Security Regulation
Something the industry lacks is a “three strikes” law or regulation for cyber security.
This sort of approach provides an incentive to protect consumer information from enterprises that are not implementing security best practices to protect consumer information.
When consumers provide personal or financial information to a company, they are not giving it to just a single company. They are typically providing that information to the entire ecosystem of businesses with which that company works (this is typically buried in website terms of service or end user license agreement somewhere). I feel sorry for the consumers, but not the companies, when breaches occur. Companies are typically not following industry best practices around early breach detection, proactive threat detection and implementing proper prescriptive solutions in the first place and should be held accountable for figuring out how to avoid multiple data breaches.
Early breach detection solutions help to safeguard consumer information and help organizations detect breaches in real-time so they can prevent data loss and avoid the prospect of multiple data breaches.