Roles and responsibilities of each of the parties need to be clearly defined. At the same time, governments need to establish the appropriate policy and legal structures. Nations, such as the United States, have advocated for a market-based, voluntary approach to industry cybersecurity as part of the National Strategy to Secure Cyberspace. But this has not worked entirely, because security investments made by industry, as per their corporate needs, are not found to be commensurate with the broader national interest. How will the additional private investments be generated? Is there a case for government incentives, as part of an incentive program to bridge the gap between those security investments already made and those additional ones that are needed to secure critical infrastructure?

Several security surveys point to this need. They reveal a lack of adequate knowledge among executives about security policy and incidents, the latest technological solutions, data leakage, financial loss, and the training that is needed for their employees.

Hide Comments | Add Comment