The free market system has failed to address computer security problems, and incentives are needed to encourage businesses to invest in protection technologies, a panel at the 2011 RSA Conference has concluded.
Bruce Schneier, security expert and chief security officer at BT, said during a keynote session that the free market model has not created sufficient investment in security technology because companies are not going to protect themselves against a risk that is worth more than the company itself.
"There's a delta where a market economy won't get to. There is more security needed than the market will provide. If the risk is more than the value of your company, there's no incentive to fix the problem," he said.
James Lewis, fellow at the Center for Strategic and International Studies, agreed, saying that, while phrases like 'free market failure' are not popular, the message is starting to get through.
Lewis said that the US Senate is already examining this, but that the message is not welcome in other areas of government, which is holding back security.
"I would agree. I think it's a market failure," said Michael Chertoff, former US secretary for the Department of Homeland Security.
"Resiliency is inefficient. It's building in an extra layer of fat to the business. That is very much counter to people in business, who want to strip out excess spending."
Schneier concluded that governments will have to step in with what tools they have to promote security. This could involve financial incentives for companies to improve security, or fines for poor practice.
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away