I was talking with one of my vendors today. He wanted me to submit some financial information so we could “Do More Together”. I explained that I was uncomfortable sending in financial information unsecured and would rather just give him some specifics. His response was to quote the size of his company and that they have X amount in sales and because of those two factors it was safe to send it in. Okay then. I must have overacted. No large company has ever been hacked. Lowes Home Improvement, TJX, Heartland, DOD, City of Charlotte, etc. these were just mom and pop shops working out of their garage off of a dial up modem.
Until people, and companies, understand security is not about how much you spend but how it is implemented they will never achieve security. Policy and processes make you secure, not your 1065.