As someone who designs enterprise software for a living I find it strange now little detailed analysis available in the public domain there seems to be regarding major cyber attacks and security breaches. I do wonder how companies are supposed to learn from other's mistakes when the information is so rarely available?

There was an excellent analysis* of the recent BA credit card leak which prompted a great deal of internal debate into the level of exposure and risk, however this was conducted by a third-party analyst and not an official investigation.

https://www.riskiq.com/blog/labs/magecart-british-airways-breach/

However, this is rare and there have been several high-profile breaches which do not seem to have been so thoroughly investigated and the results published.

When an airliner crashes there is a forensic level investigation and the results are shared with the wider industry. At the end of the day it is in everyone's best interests, as not only do companies face financial losses compensating their customers, they also risk damage to brand reputation and ultimately fines from regulators.

What are people's opinions on the IT industry adopt a similar black box thinking approach to reporting the causes of security breaches.