But do they consider it a CS risk or a business-wide risk? Is there any role at CoinBase that isn’t susceptible to insider risk? I would argue they would treat it as a security department / business risk issue and not a CS-only issue.

Onshoring CS and paying some more for that role may result in a net change of 0 risk (eg. The same possibility of a breach over the same time interval).

Would a lower class (for that region) Alabama man have less the susceptibility to insider risk as a middle class (for that region) Philippino man?

Most likely, the company will focus on better segmentation and better adherence to least permissions for all roles.

Also, your logic is clouded by the fact that you know it happened. In all aspects of security/cybersecurity, risk is incredibly difficult to calculate because you have to accurately know how much a counterfactual would cost in order to accurately choose one option over the other.

>Would a lower class (for that region) Alabama man have less the susceptibility to insider risk as a middle class (for that region) Philippino man?

The american could be facing jail time, depending on the data. The Philippino man, not so much.

The global trend is racing to the bottom, so even if they could, every business consultant or MBA would push them to rather put more AI agents instead. Because that's all what matters (to them). Did anybody learn anything out of this? Of course not.

HA! Good one. They won't.

The costs will likely be covered by insurance, which is hilariously cheap and also covers events you could never feasibly prepare for.