My favourite talking point to upset so-called security professionals is to highlight just how expensive products are relative to the value that they bring. In todays lesson, the Yahoo breach let 200 million users accounts including their personal email accounts into the open for a number of years. Total penalties ? $50 million.
Yahoo has agreed to pay $50 million in damages and provide two years of free credit-monitoring services to 200 million people whose email addresses and other personal information were stolen as part of the biggest security breach in history.
Thats a heck of lot cheaper than implementing good security, its probably less than one year cost of SecOps head count.
I would also guessing that Yahoo/Altaba/Verizon paid that much in lawyers fees and administration costs to defend
Yahoo to pay $50M, other costs for massive security breach : https://www.apnews.com/2af6d21f80aa4e9483fa32e26f03417c