The most obvious example of this is payment card procedures. Retailers have begged the banks and card brands for years to take over card security. Given a choice between Myron's House Of Gravel (one location) and Chase Manhattan, which do you think is better positioned to secure payment card information? But the banks and the brands have the power to refuse, we write in this week's security column on McAfee's blog, so it's the merchants who have to house and protect the data.
Of all the threats that make security executives sweat at night—including terrorism, profit-hungry cyberthieves, careless employees and the so-called disgruntled workers—the most dangerous and the least feared is simple capitalism. Put even more directly, the companies with the greatest ability to impact security generally have the least financial incentives to do so.