Over at the New School, Alex Hutton adds some visualization and commentary on yesterday's Heartland Revisited post. There is a lot of behavior that most people in infosec have witnessed to back up Alex's comment:
First, its my personal pet hypothesis that “reputation” only really matters in B2B cases where there are individuals who are responsible for choosing the breached vendor. Nobody wants to be the guy that “hired those screwups”, and if you are, you pretty much automatically have to consider firing them.
Then to today in John Kay's column Bonds Designed to Leave Savers Bemused in the FT we get this comment:
The most probable outcome is that the bonds yield a high fixed return, though for an unpredictable length of time. They carry a small risk of no return at all and a smaller risk of significant loss of capital. The problem of modelling the risk is far beyond the capacity not only of the average investor, but of the vast majority of the financial advisers who sell them.
...
In a world of complex products and equally complex production processes, consumers are protected from unsafe cars and toxic foods by a combination of regulatory action and supplier concern for reputation. Public agencies prohibit the sale of dangerous cars and food, and companies such as Ford Motor, Nestlé and Tesco do not want to sell them. But neither reputation nor regulation seems to achieve these results for retail financial services.
Kay's entire article is well worth reading, the parallels that infosec faces are one for one. Especially the closer.
If we take Alex's comments that reputation can play a role in B2B relationships, what is the answer for consumer facing?
Comments