> the Company has preliminarily estimated expenses to be within the range of approximately $180 million to $400 million relating to remediation costs
Hopefully companies take this as a lesson about bottom dollar outsourcing your CS.
For those amounts, they could afford to have hired regionally local support agents, and paid them well over industry standard...
But do they consider it a CS risk or a business-wide risk? Is there any role at CoinBase that isn’t susceptible to insider risk? I would argue they would treat it as a security department / business risk issue and not a CS-only issue.
Onshoring CS and paying some more for that role may result in a net change of 0 risk (eg. The same possibility of a breach over the same time interval).
Would a lower class (for that region) Alabama man have less the susceptibility to insider risk as a middle class (for that region) Philippino man?
Most likely, the company will focus on better segmentation and better adherence to least permissions for all roles.
Also, your logic is clouded by the fact that you know it happened. In all aspects of security/cybersecurity, risk is incredibly difficult to calculate because you have to accurately know how much a counterfactual would cost in order to accurately choose one option over the other.
>Would a lower class (for that region) Alabama man have less the susceptibility to insider risk as a middle class (for that region) Philippino man?
The american could be facing jail time, depending on the data. The Philippino man, not so much.
The costs will likely be covered by insurance, which is hilariously cheap and also covers events you could never feasibly prepare for.
The global trend is racing to the bottom, so even if they could, every business consultant or MBA would push them to rather put more AI agents instead. Because that's all what matters (to them). Did anybody learn anything out of this? Of course not.