Working for the public interest
In the last months and years the volume and intensity of cybersecurity problems has increased. Along with it, new rules inside companies and new rules enforced by local, state, and federal government agencies have attempted to increase safety by encouraging, requiring, mandating “more” cybersecurity efforts.
Wikipedia tells us that after repeated public fire tragedies, insurance companies in London formed private fire brigades. Insurance brigades would only fight fires at buildings the company insured.
In the United States, local governments outlawed some kinds of roof technology to try and reduce fire risk, while private fire brigades formed and competed to protect buildings (paid by insurance companies).
Today, AIG Cyber Insurance promotes cyber security devices from private companies (/via Daniel Miessler’s Unsupervised Learning).
My own firm sells services to individual private companies who can afford to try and protect their assets against cyber threats.
Isn’t it time that we make cybersecurity a matter of public safety rather than a burden for individual companies?
I predict this will play out with the large cloud providers being the only affordable place for small businesses and individuals to operate web systems, similar to living in a town with a fire department.
Running in the cloud, small businesses will inherit the controls provided by the big vendors and mandated by well-intentioned governments, controls that are burdensome enough they would otherwise be too expensive for a small company to bear.
Should governments do more to help? If fire protection was sold the way cybersecurity services are sold today, would that feel right?