The free market system has failed to address computer security problems, and incentives are needed to encourage businesses to invest in protection technologies, a panel at the 2011 RSA Conference has concluded.
Bruce Schneier, security expert and chief security officer at BT, said during a keynote session that the free market model has not created sufficient investment in security technology because companies are not going to protect themselves against a risk that is worth more than the company itself.
"There's a delta where a market economy won't get to. There is more security needed than the market will provide. If the risk is more than the value of your company, there's no incentive to fix the problem," he said.
James Lewis, fellow at the Center for Strategic and International Studies, agreed, saying that, while phrases like 'free market failure' are not popular, the message is starting to get through.
Lewis said that the US Senate is already examining this, but that the message is not welcome in other areas of government, which is holding back security.
"I would agree. I think it's a market failure," said Michael Chertoff, former US secretary for the Department of Homeland Security.
"Resiliency is inefficient. It's building in an extra layer of fat to the business. That is very much counter to people in business, who want to strip out excess spending."
Schneier concluded that governments will have to step in with what tools they have to promote security. This could involve financial incentives for companies to improve security, or fines for poor practice.
NatWest outage comes a day after Barclays' IT systems shut out customers and staff
The ICO is concerned with AggregateIQ's retention and processing of data used in the Brexit referendum
Map selection, quick menus for grenades and healing items and automatic reload coming in PUBG update #22
Could be used for everything from search-and-rescue robots to wearable tech