The free market system has failed to address computer security problems, and incentives are needed to encourage businesses to invest in protection technologies, a panel at the 2011 RSA Conference has concluded.
Bruce Schneier, security expert and chief security officer at BT, said during a keynote session that the free market model has not created sufficient investment in security technology because companies are not going to protect themselves against a risk that is worth more than the company itself.
"There's a delta where a market economy won't get to. There is more security needed than the market will provide. If the risk is more than the value of your company, there's no incentive to fix the problem," he said.
James Lewis, fellow at the Center for Strategic and International Studies, agreed, saying that, while phrases like 'free market failure' are not popular, the message is starting to get through.
Lewis said that the US Senate is already examining this, but that the message is not welcome in other areas of government, which is holding back security.
"I would agree. I think it's a market failure," said Michael Chertoff, former US secretary for the Department of Homeland Security.
"Resiliency is inefficient. It's building in an extra layer of fat to the business. That is very much counter to people in business, who want to strip out excess spending."
Schneier concluded that governments will have to step in with what tools they have to promote security. This could involve financial incentives for companies to improve security, or fines for poor practice.
Spaces are filling up fast
HP ZBook x2 offers 32GB RAM, M.2 SSD with up to 2TB storage and Nvidia Quadro GPU
Laptops should be able to offer true all-day working, and some
CGN has created an "online capability gap" between cyber criminals and law enforcement, says Europol
ISPs use Carrier Grade NAT to share IP addresses amongst multiple users