This project is a document (Microsoft Word, Apple Pages, or Google Docs) of at least 6 pages.

When look at recent history, it seems like there's one organization after another with data breaches, hacked systems, loss of control to a blackmailer and more and more systems requiring complex passwords, two factor authentication, do the captcha, and other mechanisms thrown up to protect what that application does. But the evidence is that enterprises are losing the battle with criminals and activists. Still, protecting people and their data costs money and time. How far should a company go in trying to completely eliminate all attacks? Is this truly a case (to quote a terrorist) where "we have to win every time; we only have to win once" or should the public expect to be kept safe from harms? And in a world where just about every device is on the Internet and where much corporate data is housed and processed at service providers rather than your own facilities how far do your responsibilities extend? This is an opinion piece: apply what been learning, take a position, and argue for it.