Cybercriminals have long had the advantage, continually finding new ways to steal data, break services, and disrupt the legitimate flow of information. They are not necessarily better. They benefit because of a mismatch between the incentives of attackers and defenders.
To better understand this misalignment of incentives, the Center for Strategic and International Studies surveyed 800 cybersecurity professionals from five major industry sectors in nine countries.
The report identified three key incentive misalignments between:
- Corporate structures and the free flow of criminal markets.
- Strategy and implementation.
- Senior executives and those in implementation roles.
The report concludes that cybercriminals benefit from greater speed and focus, driven by direct rewards for being faster, newer, and nimbler. Incentives for defenders aren’t typically geared for speed and focus. But incentives can be changed. Just as companies have experimented with their business models to become more competitive, so too can they take lessons from the attackers.
Get an overview of key findings from the report, "Tilting the Playing Field: How Misaligned Incentives Work Against Cybersecurity."
This book from McAfee executives explains how misaligned incentives help fast-moving black hats control the nature and timing of assaults, while white hats play a perpetual game of catch-up.
Get additional insights into how the security industry must adapt to the increasing pace of cybercrime innovation.