Dale Meyerrose of Harris Corp. was reported to have said that finding a way to motivate private companies to invest in security is a challenge, particularly in these frugal times. Art Corviello of RSA was quoted as saying that “… [some] companies … view any encumbrances [due to security measures] as a tax and will be negative and cynical for whatever reason.”
From my many years in the financial services sector, which is among the most highly regulated of all sectors and leads in security efforts, I learned that companies will not generally implement more security than they absolutely have to. Government mandates are a major impetus for installing security measures that executives and practitioners often do not consider to be the best bang for the buck. Conversely, those measures that are thought to be absolutely critical to the ongoing success of the business by senior management, customers, business partners and other stakeholders are encouraged and supported.
While I have always been a strong supporter of laissez-faire economics, there are certain circumstances in which such a system does not work optimally without some form of intervention. Implementing security measures that benefit the critical infrastructure is such a circumstance. In order to motivate companies to take broader responsibility for cyber security, it is necessary, I believe, to either provide incentives, such as tax deductions or rebates, or mandate actions through laws and regulations. Without these measures, it is unlikely that companies will respond in the interests of everyone rather than only in their own.
Popularity: 4%
