Fingers crossed that the machines or the network may go flat. It may sound strange, but security is a 24/7 task and companies that do not take this seriously can be quite flat. Or ransomware, and then pay again. How often does it have to be in the news before people start to take these kinds of threats seriously? Who doesn’t want to listen …
I understand the emotion, I also feel it regularly, but it is also an impossible situation that we have all fallen into. We have become extremely dependent on software, but we lack the methods to make it sound, reliable and secure, and that is why software development is extremely expensive. In addition, it is extremely difficult to assess the quality of software. You need a solid IT background and access to the source code to be able to make a sensible judgment. It is practically impossible for an “ordinary” (non-IT) company.
Really good does not exist, a little good is very expensive. Most organizations could put their entire budget in IT and not yet be really secure. However, it is not possible without IT. IT adds so much value that you can no longer compete without it. For example, everyone is more or less forced to accept brackish IT.
We are taking small steps forward because the law (and insurers) are making more and more demands. This raises the lower limit for everyone, and you can invest without losing market share to a competitor who would not invest in improvement if he were not forced to do so.
However, most software is still written for markets larger than ours in which such considerations play a smaller role. We will have to improve the quality of software worldwide.