Many people wear seatbelts because they could get fined if they don't, rather than because wearing them might save their life, security consultant Dr. Anton Chuvakin observed during his keynote speech at the Hack In The Box security convention in Amsterdam in early July. It's an interesting observation, and one that has interesting implications for server security.
Chuvakin points out that before governments made seatbelts compulsory, seatbelt use was low even though most people understood the benefits of wearing them. It was only when seatbelt laws were passed that usage went up significantly.

There's a parallel here with the server security measures that many organizations take to protect customer data, he said. Most companies understand poor server security potentially is harmful to their business, but it's often the threat of breaching compliance regulations rather than potential harm to their business that prompts them to take any sort of action. "To me that's weird and illogical on many levels," said Chuvakin. "Why would we secure our networks because some regulation tells us to do it and not because some hacker might break in and steal things?"

The link for this article located at ServerWatch is no longer available.