Ticking boxes helps with security, but it tends to be easy to tick the box and yet mitigate much of the actual benefits. When this is cheaper, some companies will chose it, and snake-oil-salesmen will help them do that.
You need some kind of incentive that derives directly from the end goal (less breaches), rather than some derivative (better standards compliance). Auditors certainly have their place, but we need more than them.
edit:
Also, you probably meant 'onus' rather than 'honus'.
You need some kind of incentive that derives directly from the end goal (less breaches), rather than some derivative (better standards compliance). Auditors certainly have their place, but we need more than them.
edit: Also, you probably meant 'onus' rather than 'honus'.