Last week, Americans woke up to news of yet another mass breach of their personal data. The consumer credit reporting agency Equifax revealed that as many as 143 million Americans’ Social Security numbers, dates of birth, names and addresses may have been stolen from its files — just the kind of information that allows for identity theft and other cybercrimes.

I don’t know about you, but I’ve lost count of the number of times in recent years that I’ve been informed by a corporation of such a breach. “We regret to inform you ….” I don’t doubt that companies regret these things, but I don’t think they care that much either. To them it means just a few days of bad press and at most a fine that amounts to a minuscule portion of their profits. With penalties like that, why would companies bother to make things better?

There are technical factors that explain why cybersecurity is so weak, but the underlying reason is political, and it’s pretty simple: Big corporations have poured large amounts of money into our political system, helping to create a regulatory environment in which consumers shoulder more and more of the risk, and companies less and less.

This is a general feature of our lopsided world, but software businesses (and the technology sides of other companies) have acquired perhaps the greatest degree of impunity. Information technology arrived on the scene only recently, so it has faced fewer of the kinds of regulations that consumers and citizens, in more progressive eras, managed to impose on other industries.