Cybersecurity technology is not as effective as it should be
In a new study 90 percent of participants report that cybersecurity technology is not as effective as it should be when it comes to protecting organizations from cyber risk.
However, the report from Debate Security, an independent organization bringing together industry experts to debate how the cyber market can be improved, shows considerable disagreement on evaluating cybersecurity technology efficacy and performance, with not a single common definition named by respondents.
Outside government, few buyers today use detailed, independent cybersecurity efficacy assessment as part of their cybersecurity procurement process, and not even the largest organizations report having the resources to conduct all the assessments themselves. This may partly explain why 92 percent of participants report a breakdown in the market relationship between buyers and vendors, with many seeing deep-seated information asymmetries.
Many participants believe that coordinated action between all stakeholders can only be achieved through regulation. Some 70 percent of respondents feel that independent, transparent assessment of technology would help solve the market breakdown. Setting standards on technology assessment rather than on technology itself could prevent this from stifling innovation.
"In cybersecurity right now, trust doesn't always sell, and good security doesn't always sell and isn't always easy to buy. That's a real problem," says Ciaran Martin, former CEO of the UK's National Cyber Security Centre and advisory board member at Garrison Technology, one of the founding members of Debate Security. "Why we're in this position is a bit of a mystery. This report helps us understand it. Fixing the problem is harder. But our species has fixed harder problems and we badly need the debate this report calls for, and industry-led action to follow it up."
The full report is available from the Debate Security site.