I honestly think anything we put online is exposed. My bet is that everyone will just write away their liability in their terms and conditions and do the best they can to protect customer data but seriously, nothing is "safe" forever.

Perhaps also worth looking into the companies that make up the HACK ETF :)

I do two things @Macca571

1. Assume the hack happens and consider the exposure. I have no way of assessing whether a firm’s measures are adequate.
2. Adhere to strict maximum concentration rules for any single holding. Maybe a firm I hold gets wiped out, but I won’t.

Also I agree with @tbra97, $HACK is interesting, and I am thinking of picking up some.

My other thought on reflection is that the more this happens the less we will care as an investing community/market.

At first Optus met a "how dare you hold onto our data and let it get leaked" then a Medibank "you should have had better protections in place" and I would guess the next big ones will not be rocked as hard. If CBA has a data hack it could be one of the biggest leaks in the country but I would suspect it will be overlooked by the media and a large portion of the public, at least after a couple of days.

In addition to cybersecurity offerings, there are companies offering insurance to companies in case they get hacked and are demanded a ransom. The problem - hackers hacked the insurer and got a list of their clients as well as information on the level of their clients insurance cover. They demanded a ransom from the insurer.

If a Nation State Actor (NSA) such as China, US, Israel etc want to hack you or even your government it's not a matter of if they can but how long it will take them. That means not even the best defended systems in the world are immune. While a lot of these hacking groups don't have the resources an NSA might, I imagine it's a similar situation - if they're determined enough they'll be able to hack nearly any company.

My understanding is that an even bigger problem is people. Social engineering, phishing emails, employees giving away information over the phone, through socials etc etc tends to be the biggest weak point hackers are exposing. Even with education, this is likely to persist.

I'm not sure if there will ever be a solution to this aside from not paying ransoms or more collaboration between governments to crack down on this and a willingness to punish or extradite their citizens engaging in this illegal activity. Or maybe companies collect/store less of our personal information?