View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

No rewards for cyber security as cybercrime defenders have hands tied by red tape

To succeed against hackers, government and business must emulate the agility of the attackers.

By Tom Ball

A new report by Intel Security has revealed that there is a significant gap between strategy and implementation of cyber security measures, allowing hackers to beat the defenders and capitalise on their malicious actions.

The report shows three key areas in which misaligned incentives are advantageous to cyber criminals. The first is between fluid attackers and bureaucratic defenders; between organisational strategy and real-world implantation; and between executives and implementers who measure success differently.

93 percent of organisations included in the survey claimed to have a strategy for cybersecurity, while only 49 percent had actually implemented the strategy.

The report shows that executives who are structuring and laying out the plans for cybersecurity are lacking synergy with the defenders who are facing the cyber-threats head on.

READ NOW: Cisco adds firewall firepower to its cybersecurity arsenal

The gap between executives and those on the frontlines is a key area outlined in this report, as 60 percent of IT executives believe their cybersecurity strategy is fully implemented, while only 30 percent of IT staff agree.


Executives setting fixed plans of action for cybersecurity appear to be aiding the formidability of attackers, as the report found that bureaucracy and top-down decision making limits the capabilities of those defending.

Content from our partners
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline

The report also shows that attackers who thrive in a fluid, decentralised market are capable of easily side-stepping rigid strategies agreed on by executives that are detached from the action.

The problem unearthed in the report leads to the conclusion that IT staff need to be allowed the freedom to take on the attackers unshackled, while also having their goals incentivised.

Candace Worley, vice president of enterprise solutions for Intel Security said: “The cybercriminal market is primed for success by its very structure, which rapidly rewards innovation and promotes sharing of the best tools”.

“For IT and cyber professionals in government and business to compete with attackers, they need to be as nimble and agile as the criminals they seek to apprehend, and provide incentives that IT staff value.”

Denise Zheng, director and senior fellow, technology policy program at CSIS  said: “How governments and companies address their misaligned incentives will dictate the effectiveness of their cybersecurity programs. It’s not a matter of ‘what’ needs to be done, but rather determining ‘why’ it’s not getting done, and ‘how’ to do it better.”

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.