Nations, such as the United States, have advocated for a market-based, voluntary approach to industry cybersecurity as part of the National Strategy to Secure Cyberspace. But this has not worked entirely, because security investments made by industry, as per their corporate needs, are not found to be commensurate with the broader national interest. How will the additional private investments be generated? Is there a case for government incentives, as part of an incentive program to bridge the gap between those security investments already made and those additional ones that are needed to secure critical infrastructure?

Several security surveys point to this need. They reveal a lack of adequate knowledge among executives about security policy and incidents, the latest technological solutions, data leakage, financial loss, and the training that is needed for their employees.

Since cyberspace is relatively new, legal concepts for “standards of care” do not exist. Is there a case for governments to offer incentives to generate collective action? For example, they could provide reduced liability or tax incentives as a trade off for improved security, new regulatory requirements, and compliance mechanisms.12 Governments need to provide incentives for industry to invest in security at a level that is not justified by corporate business plans.
Know more: cyber security problems and solutions