A second huge problem is that governments ... don't know how to do security. So they just mandate some random measures.
And then the problem is that people follow their measures ... and see this as absolving them of further responsibility. In many cases in the financial world that isn't just laziness: that's actually how the law works.
So much of the regulation burden doesn't just force the whole market into large companies, it actually opens up and legally mandates not security, but security holes.
Can you please provide a single case of high profile security breach that was caused solely by regulation? That must be easy if what you say about regulation opening holes is true.
And then the problem is that people follow their measures ... and see this as absolving them of further responsibility. In many cases in the financial world that isn't just laziness: that's actually how the law works.
So much of the regulation burden doesn't just force the whole market into large companies, it actually opens up and legally mandates not security, but security holes.