Who should be responsible for data breaches?

The US legal system rarely holds third-party IT and cybersecurity providers liable for data breaches, but experts say that could – and perhaps should – change in the near future.