Well, now that I can find it, I can comment on this Information Week article, “Omnipotent Hacker Myth Lets Business Off The Hook“, which says:
If you don’t know much about computer security, you might come away from the past few months with the idea that criminal hackers are gods. Breathless news coverage has portrayed LulzSec and its ilk as capable of striking down mighty (though mortal) targets at whim, including law enforcement, three-letter government agencies, and major corporations. And if the hackers are omnipotent, companies can take even less responsibility for protecting customer information than they already do. After all, how are mere mortals expected to defend themselves against thunderbolts hurled by Zeus?
In the past, one compelling argument for vigorous information security was to protect a business’ reputation. The reasoning: Companies that fail to safeguard customer data will suffer brand damage and lose customer trust, leading to lost sales and profits. While such losses have always been difficult to quantify, executives could understand at a gut level that exposing thousands of customer records to criminals makes the company look incompetent or even negligent.
But this argument is showing cracks. First, there’s not a lot of evidence that a security breach has a lasting effect on a brand.
Correct me if I’m wrong, but you could make the same argument about software quality: that software companies, especially the small or mid-sized companies, don’t do software testing or adequate testing because their peers don’t do enough, so users and customers are growing inured to the bugs, timeouts, and failures.
The key difference, though, is that when this article talks about brands, it talks about TJ Maxx, DSW Shoes, OfficeMax, and so on. That is, customers build loyalty to something else about the company aside from the software: store locations, appreciation for its lines of product, convenience, price, and so on.
For technology companies, the software is the brand. The customer/user does not have any loyalty to your company aside from what your software does. And if what your software does is break, your users will break–to the next piece of software that might suit their needs and does not have the record in their minds of failure.
Case in point: Are you finding your Facebook streams starting to thin as your acquaintances move to Google+? QED.