> I think hackers should get $0 from the victim, possibly get caught by police
The problem is, a lot of bad actors in cyberspace aren't individuals any more - Russia, China, Iran and North Korea have groups backed or outright created by the governments. There is no way to hold them accountable, three of these countries have nuclear weapons and one is only a few weeks away from building one should they decide to go for it [1]. Other cybercriminals like scam callcenters in India and Turkey have been found to bribe local governments to turn a blind eye or to warn against enforcement by federal authorities.
The only way to hold them accountable is to cut the countries off from the global communications networks so they can't do any more damage until they show credible efforts and successes in being better netizens, but we don't want to do that for a variety of "realpolitik" reasons either.
> and I think companies that get hacked should have to sit with their actions and DO BETTER for their customers.
EU GDPR has made some effort there, but in the end all software has security-critical bugs and there is only so much one can do to prevent getting hacked.
The difference is that - Stuxnet aside - Western nations (including Israel) do not run cyber extortion schemes against random individuals and companies.
They do run intel campaigns against targets or sell the tools to run such campaigns, but so does every somewhat developed nation in this world. Intelligence operations are older than the Bible, they have been a part of civilizations ever since civilizations existed as a concept.
The problem is, a lot of bad actors in cyberspace aren't individuals any more - Russia, China, Iran and North Korea have groups backed or outright created by the governments. There is no way to hold them accountable, three of these countries have nuclear weapons and one is only a few weeks away from building one should they decide to go for it [1]. Other cybercriminals like scam callcenters in India and Turkey have been found to bribe local governments to turn a blind eye or to warn against enforcement by federal authorities.
The only way to hold them accountable is to cut the countries off from the global communications networks so they can't do any more damage until they show credible efforts and successes in being better netizens, but we don't want to do that for a variety of "realpolitik" reasons either.
> and I think companies that get hacked should have to sit with their actions and DO BETTER for their customers.
EU GDPR has made some effort there, but in the end all software has security-critical bugs and there is only so much one can do to prevent getting hacked.
[1] https://www.reuters.com/world/middle-east/explainer-how-clos...