After nearly 20 years of trying and billions of dollars in investment, why are organizations are still struggling with cybersecurity? In fact, the problem seems to be getting worse, not better. Answering this question requires moving beyond a purely technical examination of cybersecurity. It’s true that the technical challenges are very real; we don’t know how to write bug-free code, for example. But if you look at the challenge more broadly, even if we resolved the technical issues, cybersecurity would remain a hard problem for three reasons:
Why Is Cybersecurity So Hard?
After nearly 20 years of trying to solve cybersecurity challenges, and billions of dollars in investment, we are still struggling with keeping our organizations safe – in fact, the problem seems to be getting worse, not better. Clearly, something about the very nature of cybersecurity makes it a truly difficult thing to do. Why is it so hard? There are three main reasons. First, it’s not just a technical problem — it involves aspects of economics, human psychology, and other disciplines. Second, the “rules” of cyberspace are different than in the physical world. Cyberthreats can literally come from anyone, anywhere. And third, cybersecurity law, policy, and practice are not yet fully developed. This will be the key cybersecurity policy task for the next 5 to 10 years.