Kind of sad really. The argument made by the Sony execs prior to the breach was that the cost of security makes it easier to just pay for the breaches than pay to secure the infrastructure properly. The settlement reinforces this. The financial penalties need to act as a deterrent.
The financial penalties need to be on director's bonuses, and proper liability for negligence - as in jail time. The fines hurt the employees and shareholders, but then they get routinely short-changed. Real accountability and liability for directors won'd happen in the current scheme of things.
Damballa revealed the secrets behind the Destover malware that infected the Sony Pictures http://securityaffairs.co/wordpress/42194/malware/destover-malware-analysis.html