Tilting the Playing Field:
How Misaligned Incentives Work Against Cybersecurity

 

Cybercriminals have long had the advantage, continually finding new ways to steal data, break services, and disrupt the legitimate flow of information. They are not necessarily better. They benefit because of a mismatch between the incentives of attackers and defenders.

To better understand this misalignment of incentives, the Center for Strategic and International Studies surveyed 800 cybersecurity professionals from five major industry sectors in nine countries.

The report identified three key incentive misalignments between:

  • Corporate structures and the free flow of criminal markets.
  • Strategy and implementation.
  • Senior executives and those in implementation roles.
The report concludes that cybercriminals benefit from greater speed and focus, driven by direct rewards for being faster, newer, and nimbler. Incentives for defenders aren’t typically geared for speed and focus. But incentives can be changed. Just as companies have experimented with their business models to become more competitive, so too can they take lessons from the attackers.

Read Report Read Executive Summary