If there are two carriers, one just lost all your customer data and then got fined and has high prices, and then there’s another, which didn’t and has no penalties and lower prices because of it, who do you choose?

Even if only a percentage decide to go with the one who didn’t get fined, it’s still correcting to some degree as shareholder worth goes down and boards of directors ask on behalf of those shareholders and probably start asking for Replacements ceo and ciso, since clearly this negligence has hurt even the investor.

Or just not fine like the US nothing changes, directors happy. In fact, what a waste of money it was to do cyber security at all since it has no financial or market impact. Raises for the CEO and ciso.