That's excellent. I commend it, but the reality is that we keep hearing.... For instance, on Equifax, I've read that the breach happened because of poor cyber-hygiene practices. We've heard from our previous witness that the regulations and standards that companies are applying are really outdated, and that there's really no motivation for them to be updating those standards regularly so that they're up to date on the current threats they might be facing.
How do we incentivize these companies to take those types of measures if we don't have penalties and regulations in place?