Legal penalties, she notes, have not been swift or severe, leaving corporate counsels with little ammunition to convince top management to devote more resources to cyber security. She adds that companies, particularly during an economic downturn, find it hard to justify an investment in security because it may not generate easily identifiable, short-term returns. Data security, however, has long-term implications because a loss of consumer faith or trade secrets could have major implications for a company.
“No piece of code will ever be truly secure,” Matwyshyn says. “It’s a language used and written by humans and for humans…. The question is not whether there are flaws, but how companies and governments respond.”