Corporate liability and insurance against computer intrusion are likely to be the main drivers in network security this year, according to an internet security expert.
Speaking at the RSA conference in San Jose, Bruce Schneier, chief technology officer at internet security company Counterpane, told delegates that network security problems will not be solved until companies can be held liable for their software and computer systems.
He maintained that insurance companies should start to offer intrusion insurance, because the real problems of network security are not technical.
"Technology is not going to solve this," explained Schneier. "Fundamentally, security is a business problem. It's a people problem."
He outlined how many software companies viewed security as a trade-off. More secure products have far fewer features and cost more to produce. But while that annoys customers, the alternative is to produce less secure software that could result in a bad press or regulatory pressure.
Security would only start to affect developers if they were held liable for software flaws, insisted Schneier. "Software should not be exempt from normal product liability," he said. "If no one is accountable for a problem, no one will do anything about it."
Computer security will be helped by insurance companies because they will look for a way to standardise models based on customers' risks. This will lead them to determine which products are more secure. In turn this will allow companies using more secure products to save money.
"Insurance companies are going to want better products and services," concluded Schneier.
Tesco wrangling with FCA over size of fine
Equinox's Dave Millett explores how phone, mobile and broadband could be affected by a no-deal Brexit
Dust storm on Titan only the third Solar System body where such storms have been observed
New technique could enable quantum computers to scale-up to millions of qubits