Facebook's security breach shows that even a large security investment may not help

First, one of the biggest problems businesses face is that many of the cyber security issues they are addressing are backward-facing, depending on the major issues of the past. This leaves the door open to adverse innovators.

Whatever the problem that arouses the most bitter criticism from the public, the greatest attention on the part of regulatory bodies or the greatest concern on the part of its board of directors, In the case of Facebook, its security efforts have been particularly focused on the "new false information" related to elections.

The same is true in all major institutions with a target on the back for criminal aggressors. Cybersecurity managers in the health, logistics and navigation sectors have told CNBC that they devote much of their attention to

In the same vein, cybersecurity experts from several large finance companies told CNBC last year that they put a particularly strong emphasis on creating projects to prevent another. violation like that of Equifax in September 2017 and shareholders. These initiatives typically focus on the public response plan for data breaches and reconsider how these companies are mass-correcting their systems.

Of course, in 2017, Equifax itself focused on something else before its massive violation: Chinese spies, one of the main topics of cyberattacks of 2015 and 2016.

All of these cybernetic issues are important, but it is equally important to give equal importance to the issues of the future. This is because criminals, trolls and other malicious actors are not limited by the annual budget allocation meeting and the quarterly reporting schedule.

Criminals, on the other hand, can rotate strategies on a whim. And in some ways, they are just as aware of what the Facebook CEO might need to do and say to please his shareholders and his board of directors, just like Zuckerberg told him. -even.

"It's a very serious safety problem and we take it very seriously," Zuckerberg said.

There is no doubt that companies can be "serious" about security, but criminals are serious about getting around them. And for that, it may be time to rethink how companies are held accountable for violations and how they should seek to remain safer in the future.