Ask HN: Should IT Adopt “Black Box Thinking” in Relation to Cyber Attacks?
There was an excellent analysis* of the recent BA credit card leak which prompted a great deal of internal debate into the level of exposure and risk, however this was conducted by a third-party analyst and not an official investigation.
https://www.riskiq.com/blog/labs/magecart-british-airways-breach/
However, this is rare and there have been several high-profile breaches which do not seem to have been so thoroughly investigated and the results published.
When an airliner crashes there is a forensic level investigation and the results are shared with the wider industry. At the end of the day it is in everyone's best interests, as not only do companies face financial losses compensating their customers, they also risk damage to brand reputation and ultimately fines from regulators.
What are people's opinions on the IT industry adopt a similar black box thinking approach to reporting the causes of security breaches.