GCHQ Boss: ‘Cyber Security Market is Failing Us’

The international cybersecurity market is not working as it should, with demand for important info sharing schemes, risk reviews accreditations and the like still too low, according to the head of GCHQ.

Speaking at the IA15 conference in London yesterday—organized by the spy agency’s infosecurity arm, CESG—Robert Hannigan argued that it’s time to “take a hard look” at the free market.

There’s been good progress since this time last year, when GCHQ set out a series of measures in response to firms demanding more guidance on how to protect themselves, he claimed.

“Over 1,200 companies are now registered as meeting the requirements of Cyber Essentials. Information sharing partnerships are flourishing in some sectors. Cyber risk reviews are helping transform others,” Hannigan explained.

“But standards are not yet as high as they need to be. Take up of the schemes is not as high as it should be. So something is not quite right here. The global cybersecurity market is not developing as it needs to: demand is patchy and it is not yet generating supply. That much is clear.”

He argued that the “normal drivers of change,” such as regulation, incentivisation, insurance cover and legal liability are still “immature.”

“And what’s also clear is that we cannot as a country allow this situation to continue,” Hannigan added.

“So we need, as a government and industry dialogue, to work out: how to make the market work better; and how to foster a national ecosystem that promotes cybersecurity and the skills we need automatically.”

Greg Aligiannis, senior director of security at Echoworx, claimed that the global market for cybersecurity is not developing as it should in part because firms don’t appreciate the importance of educating users when rolling out new technologies.

"The ‘it will not happen to me’ mindset is too common at the moment, and user awareness of security threats is still far too low,” he added.

“The best security solutions to deal with today's cyber attacks are those that prioritize the user experience during the development stage but also automatically encrypt sensitive information to take the user out of the equation. This has to become more widespread.”

What’s Hot on Infosecurity Magazine?