No Incentives = No Improvement in Cybersecurity

The State of Cybersecurity: Implications for 2015 (An ISACA and RSA Conference Survey) is now available.

It won’t take you long to conclude that the state of cybersecurity for 2015 and any year thereafter, is going to be about the same.

I say that because out of twenty-five (25) questions, only two (2) dealt with motivations and those were questions about motives for attacks (questions 9 and 10).

Changing the cybersecurity landscape, in favor of becoming more, not less secure will require:

  1. Discussion of positive incentives for greater security, more secure code, etc.
  2. Creation of positive incentives by government and industry for greater security, etc.
  3. Increases in security driven by sufficient incentives to produce greater security.

Think of security as a requirement. If you aren’t willing to pay for a requirement, why should anyone write software that meets that requirement?

Or to put it differently, you don’t have a right to be secure, but you should have the opportunity.

Comments are closed.