• groet@infosec.pub
    link
    fedilink
    English
    arrow-up
    8
    ·
    5 months ago

    Fines as a percentage of income is a good idea for individuals but I dont think it works for coorperations.

    A more reasonable approach is:

    • 100% of the money they earned/saved by comiting the crime
    • 100% of all damages caused to other people/cost to clean up results of the crime (includes the cost of investigation and prosecution)
    • a fine that represents the likelihood of getting caught. (If the crime earns me 1mil, the fine is 50mil but I only have a 1% chance to get caught, statistically I should commit the crime as many times as possible because I will end up wining in the end)
    • (optionally) a fine based on the crime. This one might be based on the size of the company. This is the “punishment” part. It probably should be payed by the individuals responsible and not the company.

    This third point is the important one. Cooperations comit crimes because they are reasonable monetary investments. If the expected fines are always higher than the expected earnings, crimes become a bad investment.