From experience I know how awful it is once you have been compromised - but it’s like anything in life, businesses will do what needs doing so they can remain in business, particularly in the financial sector. The govt doesn’t need central planning for it.
I would welcome the govt actually being proactive to go after the foreign sources constantly trying to crack US govt and private sector IT. Surely the US govt could compromise and destroy some hack equipment operations in Nigeria or Russia? Why just take it, why not go out and destroy it - all day every day - lessening the burden on private business to meet a govt. mandate?
‘businesses will do what needs doing so they can remain in business, particularly in the financial sector. The govt doesn’t need central planning for it.”
I run a security business and am really torn on this. Most business will not do what needs to be done. They will ignore the problem vs spending money to fix it. I’ve had banks tell me they’ll accept the risk of a data breach after they did a cost analysis and figured it would cost them less than fixing the problem. I’ve had CEO’s tell me they don’t want to know what their problems are because then they are responsible to fix them.
Of course govt agencies don’t follow the rules in place for them either. They are pathetic in most cases.
The best example of what works is PCI (for credit cards), where the industry got together and made a solution that seems to be making things better. its not perfect but it kept the govt out of the mix.