Actually, you're making my point for me. Banks don't typically hire physical pen testers at all, and yet our reaction to a bank robbery is not, "Well, that's just what you get for not taking security seriously." Nor is that our reaction when a gas station gets held up.
In a perfect world, everyone can be trusted, and we don't need locks on our doors or passwords on our phones. In a dystopia, everyone has to carry a gun or have a bodyguard to leave their fortified homes, and a quarter of GDP goes towards security measures. We're somewhere in the middle, but things like this push us a little further down the road to more sunk costs in security measures.
A locksmith might make a killing after a local crime wave, but they should understand that crime is bad for the neighborhood regardless. Cyber crime raises demand for white hat services, but what's good for white hats is not necessarily good for society at large.
Companies should be liable for negligence depending on the kind of hack. If they were hacked through use of an old package - defined by regulations - then they should be liable.
If it was a zero-day or something newer - defined by regulations - then the company is not liable.
Your analogies are cute but I want new laws, further making your analogies moot.
In a perfect world, everyone can be trusted, and we don't need locks on our doors or passwords on our phones. In a dystopia, everyone has to carry a gun or have a bodyguard to leave their fortified homes, and a quarter of GDP goes towards security measures. We're somewhere in the middle, but things like this push us a little further down the road to more sunk costs in security measures.
A locksmith might make a killing after a local crime wave, but they should understand that crime is bad for the neighborhood regardless. Cyber crime raises demand for white hat services, but what's good for white hats is not necessarily good for society at large.