Please consider updating your browser. Some parts of the website may not function as intended.

The Cyber Security Industry Has Failed

The cyber security industry has failed. Are you still reading this? If so, you’ve probably seen the evidence. It’s clearly visible all around us and is overwhelming.

If you agree that the cyber security industry was founded on the fundamental objective of preventing information technology (IT) systems from breaches and data theft, then you must surely agree that it has failed. If you don’t agree, then you are not paying attention (and you’ve most likely stopped reading this).

The Cyber Security Industry Accounts for 30% of the Top 10 List of Global Risks

Look at it this way, it has been over 35 years since the first virus was identified back in 1986 and just two years ago the World Economic Forum added; cyber-attacks, data fraud and information theft to their Top 10 List of long terms risks considered; most likely to occur, most impactful should they occur and most concerning for businesses globally. Not good.

So, after more than 3 decades of practice, 30% of the Top 10 list of global risks are now attributed to the cyber security industry – the risks our industry was (and still is) professionally responsible for addressing. Our industry has failed. Need more evidence? Keep reading.

Information Security Regulations Identify the Failure

The first sign of our failure was the onset of legislation and regulation like the Health Insurance Portability and Accountability Act (HIPAA), the European Union’s Cybersecurity Directive, and Security of Network and Information Systems (NIS Directive), the General Data Protection Regulation (GDPR) and the United Kingdom Data Protection Act 2019. Let’s face it, when the government gets involved, it’s because the industry has failed. Like the massive safety regulations mandated on the energy, automotive and airline industries back in the 1970s. The Government always shows up at the party when it’s gotten out of hand.

The increase in this type of legislation and regulation is a direct corollary to our failure to protect our systems and the data we process, store, and transmit to them.

Cyber Security Breaches Prove the Failure

But the indisputable proof must be the breach statistics. Our industry currently recognises that there are:

  • 18,525,816 records compromised every day
  • 771,909 records compromised every hour
  • 12,865 records compromised every minute
  • 214 records compromised every second

Look at those numbers. We are losing over 18 million records every day. The number of personal records lost by companies that should know how to protect them is staggering: Yahoo – 3 billion, Aadhaar – 1.4 billion, First American Corporation – 885 million, LinkedIn – 700 million, Facebook – 533 million.

Records-lost
We have lost over 14 billion records just in the last 7 years alone and that’s just those reported from countries with mandatory disclosure legislation. That’s more than twice the number of people walking on the face of this planet. How is this possible?

Blame and Guilt of the Failure

The biggest failure in the cyber security industry today is – you. It’s me. It’s us. We are all collectively, the underlying cause for all the failures in our industry. As consumers, we are the reason that the cyber security industry does not work. We buy products that don’t work and do not hold our vendors accountable. Because they don’t work, our systems are breached, and our response is to buy more products. We get trapped in a Circle of Failure doomed to repeat our mistakes rather than demand more from our vendors.

Circle of Failure

Quite simply, the cyber security industry has failed us because we have failed it. We have failed to apply the same standard of excellence that we demand in all other areas of our lives to our industry.

When we buy a product or service from any other industry, we expect it to work. If it didn’t live up to our expectations, we would demand our money back. Why is this not the practice in the cyber security industry? If we buy an anti-malware software solution and we then get ransomware, why don’t we hold the vendor accountable for the inferior quality of their product?  Until we do, we are the root cause of the failures of our industry. Are you still reading this?

Want to Learn More?

Read the rest of the story in our ‘THE CIRCLE OF FAILURE: Why the Cyber Security Industry Doesn’t Work’ paper. You’ll discover more about the root causes of the failures and how you can make a change in the industry. It also contains vendor checklists to hold your service providers accountable for the services you buy from them. You’ll get tips on what requirements to look for and the important questions to ask providers. Demand more, get more.

Risk Crew