Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I never get why stocks drop on security breaches.

It means they learned something, and they are now stronger as a company and are less likely to have the same security breach happen again. Seems like a time to buy if you ask me.



In this case it's because it's a security company, so in theory it's reputationally bad for them and could impact customer renewals and new sales.


not to mention lawsuits and fines


Since this is a general comment, here are some general responses.

> It means they learned something,

That’s debatable.

> and they are now stronger as a company

Really not sure we can assume this unless the company is transparent, quickly apologetic and clearly says what it will do.

> and are less likely to have the same security breach happen again

If there’s one thing I’ve seen in the industry, companies change because their people change and policies change and external pressures change. There is absolutely no way to be over optimistic and believe that things won’t get far worse in the future.

Information security doesn’t get a lot of long term attention. There’s too much fatigue by constant breaches and leaks that companies do the minimum PR to let it slide in a few days or weeks. Even any government hearings will be met with PR statements and sentences that nobody actually believes.


Smart response.

To add to your thinking

Stronger: How much stronger? How do you measure? How do you test?

Less Likely: How much less likely? And could it instead make them more likely to see attacks since they've been exposed.

It doesn't take much to lose sight of proper controls, processes, etc. Something simple like team turnover can cause something to be missed.

Also, re: transparency, it's going to be interesting to see how companies handle the SEC's new rule regarding material cybersecurity issues.

Clorox, as an example, has released multiple 8Ks recently as they continue to work through their August incident.

https://www.sec.gov/news/press-release/2023-139


You would hope they learned something. This isn't always the case.

Also, they are a company that others rely on for security. In this case they failed to do their job.

It's pretty similar to the LastPass hack. Do you still trust them?


> It's pretty similar to the LastPass hack. Do you still trust them?

I didn't trust them before (and never used them) but I might trust them more now.

Do you trust first-time plumbers or veteran plumbers that have f-ed up a couple times and learned a few things?


Perhaps. It doesn't say anything about their likelihood of having yet another breach. After all, this isn't the first.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: