> Avaya. will pay a $1 million civil penalty;
> Check Point will pay a $995,000 civil penalty; and
> Mimecast will pay a $990,000 civil penalty.
With the exception of Mimecast, these are companies that are bringing in billions of dollars in revenue annually. How is this supposed to deter them?
Unisys and Avaya are both security vendors. This absolutely is a bad look for them, as almost every Security RFP asks about internal controls and how a vendor has remediated against these issues, and this is ammunition for any competitor to ask a prospect to re-evaluate purchases from either due to misrepresenting their security procedures.
Furthermore, Unisys only has an operating profit of around $200M a year, so a $4M fine is fairly brutal (that's an entire security team's operating budget for a company at Unisys' size).
Avaya's is smaller still, so that $1M is fairly brutal for them